Malicious PDF — malware analysis report

Static analysis result for SHA-256 bfb5075444d40d7b…

MALICIOUS

PDF

43.0 KB Created: 2018-12-14 21:05:17 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: b006c17b710af6ec87f9769363994ade SHA-1: db32ef4936849b081a17a6e8ad5d5c1e4f0ca847 SHA-256: bfb5075444d40d7b66c6f583eba8e382039987eac223554a5ce1e77c32065eab
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to a specific set of resources. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/citas-y-frases-celebres-selecta-coleccion-de-citas-con-el.pdf
    • http://www.gorillawalker.com/classic-american-children-s-illustrators-30-postcards.pdf
    • http://www.gorillawalker.com/journal-of-qualitative-research-in-sports-studies-vol-5-issue.pdf
    • http://www.gorillawalker.com/patchwork-bible-cover.pdf
    • http://www.gorillawalker.com/you-must-punish-yourself-for-being-autistic-and-other-lies.pdf
    • http://www.gorillawalker.com/mel-bay-s-bluegrass-banjo.pdf
    • http://www.gorillawalker.com/beyond-the-cold-war-new-dimensions-in-international-relations.pdf
    • http://www.gorillawalker.com/financial-services-enforcement-and-compliance-leading-lawyers-on-outlining-recent.pdf
    • http://www.gorillawalker.com/the-barbecue-america-cookbook-america-s-best-recipes-from-coast.pdf
    • http://www.gorillawalker.com/dev-plus-norm-entwurfe-der-reihe-deutsche-einheitsverfahren-zur-wasser.pdf
    • http://www.gorillawalker.com/dyslexia-a-practical-guide-for-teachers-and-parents.pdf
    • http://www.gorillawalker.com/french-kiss-stephen-harper-s-blind-date-with-quebec.pdf
    • http://www.gorillawalker.com/financ-yr-mba-st.pdf
    • http://www.gorillawalker.com/johnny-mathis-deluxe-collection.pdf
    • http://www.gorillawalker.com/bundle-algebra-and-trigonometry-8th-enhanced-webassign-homework-with-ebook.pdf
    • http://www.gorillawalker.com/weekend-in-the-well-hung-woods-futanari-erotica.pdf
    • http://www.gorillawalker.com/the-guide-to-the-circular-economy-doshorts-paperback.pdf
    • http://www.gorillawalker.com/letters-from-camp-wilderness.pdf
    • http://www.gorillawalker.com/tough-girl-lesbian-fighter-erotica.pdf
    • http://www.gorillawalker.com/all-wallows-eve-a-blood-kin-vampires-book-bite-1.pdf
    • http://www.gorillawalker.com/the-mandate-of-heaven-and-the-great-ming-code-asian.pdf
    • http://www.gorillawalker.com/the-other-sister-sister-series-volume-1.pdf
    • http://www.gorillawalker.com/engineering-dynamics-labs-with-solidworks-motion-2014.pdf
    • http://www.gorillawalker.com/hold-me-twist-me-3.pdf
    • http://www.gorillawalker.com/postmodernism-a-very-short-introduction.pdf
    • http://www.gorillawalker.com/casting-shadows-babylon-5-the-passing-of-the-techno-mages.pdf
    • http://www.gorillawalker.com/wie-man-mit-einem-lachs-verreist-und-andere-n-tzliche.pdf
    • http://www.gorillawalker.com/hellmachine-warriors-of-the-cross-book-1.pdf
    • http://www.gorillawalker.com/college-access-opportunity-guide.pdf
    • http://www.gorillawalker.com/low-carb-intermittent-fasting-recipes-and-low-carb-freezer-recipes.pdf
    • http://www.gorillawalker.com/law-gender-and-injustice-a-legal-history-of-u-s.pdf
    • http://www.gorillawalker.com/babylon-destroyed-or-the-history-of-the-empire-of-assyria.pdf
    • http://www.gorillawalker.com/portfolio-theory-and-capital-markets-the-original-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-casino-operations-management-from-a-compliance-perspective.pdf
    • http://www.gorillawalker.com/nuer-prophets-a-history-of-prophecy-from-the-upper-nile.pdf
    • http://www.gorillawalker.com/bound-by-blood-part-8.pdf
    • http://www.gorillawalker.com/talk-dirty-to-me-an-intimate-philosophy-of-sex.pdf
    • http://www.gorillawalker.com/super-dinosaur-6.pdf
    • http://www.gorillawalker.com/physical-examination-for-surgeons-an-aid-to-the-mrcs-osce.pdf
    • http://www.gorillawalker.com/50-state-quarters-collector-s-folder-1999-2008-denver-philadelphia.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.