Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd3775ea5944312d…

MALICIOUS

PDF

41.8 KB Created: 2018-12-07 18:28:04 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: c4520d79e22d91750ff7f71cf88a2cfe SHA-1: 8acd52c8c45e9c5445b16072daf224669e3d0ccd SHA-256: bd3775ea5944312d0adfa992396061360b24a639700c3d5f7bea8e1fc68ea5a5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/steel-trapp-the-challenge.pdf
    • http://www.gorillawalker.com/atmospheric-science-at-nasa-a-history-new-series-in-nasa.pdf
    • http://www.gorillawalker.com/summary-made-to-stick-chip-and-dan-heath-why-some.pdf
    • http://www.gorillawalker.com/ibadan-the-penkelemes-years-a-memoir-1945-67.pdf
    • http://www.gorillawalker.com/austria-ghid-turistic.pdf
    • http://www.gorillawalker.com/ethiopia-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/bible-heroes-one-sentence-storybooks.pdf
    • http://www.gorillawalker.com/radiation-oncology-a-question-based-review-2nd-edition.pdf
    • http://www.gorillawalker.com/save-a-horse.pdf
    • http://www.gorillawalker.com/the-place-to-be-washington-cbs-and-the-glory-days.pdf
    • http://www.gorillawalker.com/music-for-our-master-1-piano-book-1-learning-hymns.pdf
    • http://www.gorillawalker.com/cuba-business-and-investment-opportunities-yearbook.pdf
    • http://www.gorillawalker.com/the-european-company-law-action-plan-revisited-reassessment-of-the.pdf
    • http://www.gorillawalker.com/introduction-to-fluid-mechanics-fourth-edition.pdf
    • http://www.gorillawalker.com/the-celestial-tradition-a-study-of-ezra-pound-s-the.pdf
    • http://www.gorillawalker.com/geriatric-neurology.pdf
    • http://www.gorillawalker.com/origin-of-man-gen-nin-ron.pdf
    • http://www.gorillawalker.com/environmental-management-for-aquaculture-aquaculture-series.pdf
    • http://www.gorillawalker.com/california-coastal-invertebrates-mac-s-guides.pdf
    • http://www.gorillawalker.com/from-green-fields-to-golden-sands-a-bike-ride-to.pdf
    • http://www.gorillawalker.com/creating-a-total-rewards-strategy-a-toolkit-for-designing-business.pdf
    • http://www.gorillawalker.com/math-2012-common-core-reteaching-and-practice-workbook-grade-4.pdf
    • http://www.gorillawalker.com/the-sultana-explosion-and-sinking-anatomy-of-catastrophe-book-14.pdf
    • http://www.gorillawalker.com/the-blood-of-his-servants-the-true-story-of-one.pdf
    • http://www.gorillawalker.com/mba-en-diez-dias-spanish-edition.pdf
    • http://www.gorillawalker.com/lose-pounds-the-easy-way-a-complete-diet-weight-loss.pdf
    • http://www.gorillawalker.com/special-inorganic-cements-modern-concrete-technology.pdf
    • http://www.gorillawalker.com/shaggy-muses-the-dogs-who-inspired-virginia-woolf-emily-dickinson.pdf
    • http://www.gorillawalker.com/law-of-obligations-legal-remedies.pdf
    • http://www.gorillawalker.com/the-manufacture-of-liquors-and-preserves.pdf
    • http://www.gorillawalker.com/escape-from-lucien-amulet-6.pdf
    • http://www.gorillawalker.com/sex-difference-in-christian-theology.pdf
    • http://www.gorillawalker.com/the-growth-of-a-superpower-america-from-1945-to-today.pdf
    • http://www.gorillawalker.com/maine-outdoor-adventure-guide.pdf
    • http://www.gorillawalker.com/rand-mcnally-streets-of-tucson.pdf
    • http://www.gorillawalker.com/broken-jesus-shattered-bride.pdf
    • http://www.gorillawalker.com/time-rites-and-festivals-in-bali.pdf
    • http://www.gorillawalker.com/bad-men.pdf
    • http://www.gorillawalker.com/python-learn-python-with-ultimate-zero-to-hero-programming-crash.pdf
    • http://www.gorillawalker.com/true-crime-ultimate-collection-the-stories-of-real-murders-mysteries.pdf
    • http://www.gorillawalker.com/ethiopia-travel-guide-sightseeing-hotel-restaurant-shop
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.