Malicious PDF — malware analysis report

Static analysis result for SHA-256 bfb39245e81ad956…

MALICIOUS

PDF

38.9 KB Created: 2018-11-14 21:07:32 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Adobe PDF Library 11.0)
MD5: abd7791913a4f10157e90b026077d563 SHA-1: 3d638292b3bbe4105a05dd4bf12834c1628412a4 SHA-256: bfb39245e81ad956657651f4b46dc4bc13948165098ef3942dd507443bc88478
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm. The primary heuristic identified this as a PDF_SEO_LINK_FARM, suggesting the document's purpose is to drive traffic to a collection of other PDF files hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8901

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/settings-of-silver-an-introduction-to-judaism.pdf
    • http://www.gorillawalker.com/music-and-dance-in-california-compiled-by-william-j-perlman.pdf
    • http://www.gorillawalker.com/surgeon-u-s-a.pdf
    • http://www.gorillawalker.com/denoting-webster-s-specialty-crossword-puzzles-volume-1-the-essentials.pdf
    • http://www.gorillawalker.com/the-emergence-of-states-in-a-tribal-society-oman-under.pdf
    • http://www.gorillawalker.com/crunchtime-torts-print-ebook-bonus-pack-torts-studydesk-bonus-pack.pdf
    • http://www.gorillawalker.com/flower-energy-mandalas-photographic-light-mandalas-from-flowers-calvendo-faith.pdf
    • http://www.gorillawalker.com/blubberland-the-dangers-of-happiness.pdf
    • http://www.gorillawalker.com/beatrice-et-benedict-vocal-score-a-comic-opera-in-two.pdf
    • http://www.gorillawalker.com/bees-like-flowers-mummy-nature-volume-2.pdf
    • http://www.gorillawalker.com/my-spelling-workbook-a-teacher-s-guide.pdf
    • http://www.gorillawalker.com/queen-paperwhite-edition-realms-of-the-infinite-book-2.pdf
    • http://www.gorillawalker.com/advanced-exercise-endocrinology-advanced-exercise-physiology.pdf
    • http://www.gorillawalker.com/having-the-energy-go-green.pdf
    • http://www.gorillawalker.com/the-queen-s-nose.pdf
    • http://www.gorillawalker.com/time-and-mind-interdisciplinary-issues-the-study-of-time-vi.pdf
    • http://www.gorillawalker.com/wholly-communion.pdf
    • http://www.gorillawalker.com/clinic-v-3.pdf
    • http://www.gorillawalker.com/divorce-in-virginia-the-legal-process-your-rights-and-what.pdf
    • http://www.gorillawalker.com/succession-wills-and-probate.pdf
    • http://www.gorillawalker.com/tipbook-electric-guitar-and-bass-guitar-the-best-guide-to.pdf
    • http://www.gorillawalker.com/challenges-to-research-universities.pdf
    • http://www.gorillawalker.com/molecular-pharmacology-vol-1.pdf
    • http://www.gorillawalker.com/the-printed-elvis-the-complete-guide-to-books-about-the.pdf
    • http://www.gorillawalker.com/harley-davidson-sportster-performance-handbook-motorbooks-workshop.pdf
    • http://www.gorillawalker.com/johnny-cash-american-iii-solitary-man-piano-vocal-guitar-artist.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-bible-and-its-reception-athena-blessing.pdf
    • http://www.gorillawalker.com/study-and-master-life-sciences-grade-10-teacher-s-guide.pdf
    • http://www.gorillawalker.com/all-new-low-carb-lifestyle-september-october-2004-vol-1.pdf
    • http://www.gorillawalker.com/state-local-politics-institutions-reform-the-essentials-paperback-common.pdf
    • http://www.gorillawalker.com/chronic-condition-why-health-reform-fails.pdf
    • http://www.gorillawalker.com/slow-cooker-soups-and-stews-easy-simple-and-delicious-beef.pdf
    • http://www.gorillawalker.com/history-and-the-enlightenment.pdf
    • http://www.gorillawalker.com/up-your-score-the-underground-guide-to-the-sat.pdf
    • http://www.gorillawalker.com/inside-the-vatican.pdf
    • http://www.gorillawalker.com/derek-agons-slays-a-dragon.pdf
    • http://www.gorillawalker.com/electronic-commerce-ebusiness.pdf
    • http://www.gorillawalker.com/ideology-an-introduction.pdf
    • http://www.gorillawalker.com/lbj-from-mastermind-to-147-the-colossus-148.pdf
    • http://www.gorillawalker.com/lifelong-motor-development-fourth-edition.pdf
    • http://www.gorillawalker.com/flower-energy-mandalas-photographic-light-mandal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.