Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8b88f4de8bcfe0d…

MALICIOUS

PDF

42.5 KB Created: 2018-12-02 10:55:17 +03:00 Authoring application: - (via pdfTeX-1.0b-pdfcrypt)
MD5: 3c1b20ba4b549056abeb12002de7234d SHA-1: a962c38ae27f807007e9e7d9dbbe029c2c665feb SHA-256: b8b88f4de8bcfe0daedc27325be9ed4812d6d3a63a9e3e575dffd0db3e658772
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and unreadable, but the presence of numerous links suggests a content-driven lure or a link farm designed to direct users to potentially malicious content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/b-b-cyprus-laminated-road-map.pdf
    • http://www.gorillawalker.com/the-battle-that-shook-europe-poltava-and-the-birth-of.pdf
    • http://www.gorillawalker.com/applied-social-research-a-tool-for-the-human-services.pdf
    • http://www.gorillawalker.com/new-haven-a-guide-to-architecture-and-urban-design-15.pdf
    • http://www.gorillawalker.com/automotive-air-conditioning-handbook.pdf
    • http://www.gorillawalker.com/skary-childrin-and-the-carousel-of-sorrow.pdf
    • http://www.gorillawalker.com/exercise-physiology-foundations-of-exercise-science.pdf
    • http://www.gorillawalker.com/do-kamo-la-persona-y-el-mito-en-el-mundo.pdf
    • http://www.gorillawalker.com/the-secret-to-long-life-in-your-dna-the-beljanski.pdf
    • http://www.gorillawalker.com/israel-palastina-heiliges-land-1-150-000-by-freytag-berndt.pdf
    • http://www.gorillawalker.com/z-the-z-saga-book-1.pdf
    • http://www.gorillawalker.com/changing-course-wrecked-and-ruined.pdf
    • http://www.gorillawalker.com/warman-s-lunch-boxes-field-guide-values-and-identification-warman.pdf
    • http://www.gorillawalker.com/i-want-to-believe-official-guide-to-the-x-files.pdf
    • http://www.gorillawalker.com/designing-with-succulents.pdf
    • http://www.gorillawalker.com/supernatural-short-stories-of-robert-lewis-stevenson.pdf
    • http://www.gorillawalker.com/the-papers-of-james-monroe-a-documentary-history-of-the.pdf
    • http://www.gorillawalker.com/airline-industry-strategies-operations-and-safety-transportation-infrastructure-roads-bridges.pdf
    • http://www.gorillawalker.com/jump-into-science-honeybees.pdf
    • http://www.gorillawalker.com/zambia-business-intelligence-report.pdf
    • http://www.gorillawalker.com/small-town-siren-texas-sirens-1-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/he-was-a-midwestern-boy-on-his-own.pdf
    • http://www.gorillawalker.com/chasing-rainbows-with-just-us-two-2.pdf
    • http://www.gorillawalker.com/individuation-in-fairy-tales.pdf
    • http://www.gorillawalker.com/nirvana-bleach-transcribed-scores.pdf
    • http://www.gorillawalker.com/how-to-grow-longer-healthier-natural-hair-whilst-wearing-weaves.pdf
    • http://www.gorillawalker.com/microsoft-office-2013-essential-shelly-cashman.pdf
    • http://www.gorillawalker.com/fortunate-sun-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/vocabulary-teacher-s-edition-level-a.pdf
    • http://www.gorillawalker.com/city-in-embers-collector-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/maitrayani-samhita-i-ii-ubersetzung-der-prosapartien-mit-kommentar-zur.pdf
    • http://www.gorillawalker.com/house-of-hilton-from-conrad-to-paris-a-drama-of.pdf
    • http://www.gorillawalker.com/the-new-art-of-autobiography-an-essay-on-the-life.pdf
    • http://www.gorillawalker.com/101-tax-saving-ideas-5th-edition.pdf
    • http://www.gorillawalker.com/noma-hiroshi-shimao-toshio-nihon-bungaku-kenkyu-shiryo-sosho-japanese.pdf
    • http://www.gorillawalker.com/recent-advances-in-astronomy.pdf
    • http://www.gorillawalker.com/the-righteousness-of-god-a-lexical-examination-of-the-covenant.pdf
    • http://www.gorillawalker.com/top-secret-restaurant-recipes-3-the-secret-formulas-for-duplicating.pdf
    • http://www.gorillawalker.com/regression-analysis-a-constructive-critique-advanced-quantitative-techniques-in-the.pdf
    • http://www.gorillawalker.com/oxford-slavonic-papers-new-series-volume-xxxi-1998.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.