Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4138a11102675d0…

MALICIOUS

PDF

33.6 KB Created: 2019-12-14 02:00:12 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: d5d7846c4cd64400d617a02ab9c0cc05 SHA-1: 66f35849e664a951d382eef5dc494e1ada842ac5 SHA-256: c4138a11102675d0ad28a2995f9e77e32b0601674775c42657d034ea0b17ff83
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a mechanism to direct users to potentially malicious content hosted elsewhere. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dialogues-with-dostoevsky-the-overwhelming-questions.pdf
    • http://www.gorillawalker.com/managing-business-process-flows-3rd-edition.pdf
    • http://www.gorillawalker.com/an-enquiry-into-the-asian-growth-model.pdf
    • http://www.gorillawalker.com/state-and-regional-associations-of-the-united-states-1998-10th.pdf
    • http://www.gorillawalker.com/fast-track-test-guides-for-aviation-maintenance-airframe.pdf
    • http://www.gorillawalker.com/a-pathway-through-parks.pdf
    • http://www.gorillawalker.com/return-to-the-sea-the-life-and-evolutionary-times-of.pdf
    • http://www.gorillawalker.com/principles-of-neuropsychopharmacology-wh-freeman-1997.pdf
    • http://www.gorillawalker.com/living-to-be-a-hundred-kindle-edition.pdf
    • http://www.gorillawalker.com/eldercare-911-the-caregiver-s-complete-handbook-for-making-decisions.pdf
    • http://www.gorillawalker.com/shot-at-and-missed-recollections-of-a-world-war-ii.pdf
    • http://www.gorillawalker.com/spousal-immigration-doing-it-right.pdf
    • http://www.gorillawalker.com/official-harry-potter-calendar-2005-calendar.pdf
    • http://www.gorillawalker.com/mastering-inventions-patents-markets-money-your-personal-trainer-for-relentless.pdf
    • http://www.gorillawalker.com/law-of-medical-malpractice-oceana-s-legal-almanac-law-for.pdf
    • http://www.gorillawalker.com/holt-elements-of-language-introductory-course-grade-6-tennessee-edition.pdf
    • http://www.gorillawalker.com/revival-of-the-secret-place.pdf
    • http://www.gorillawalker.com/the-man-from-clear-lake-earth-day-founder-senator-gaylord.pdf
    • http://www.gorillawalker.com/break-the-one-armed-bandits.pdf
    • http://www.gorillawalker.com/graph-theory-and-its-applications-second-edition-discrete-mathematics-and.pdf
    • http://www.gorillawalker.com/tail-of-the-dragon-the-chronicles-of-dragon-series-2.pdf
    • http://www.gorillawalker.com/berlitz-pocket-guides-south-africa.pdf
    • http://www.gorillawalker.com/messenger-by-moonlight.pdf
    • http://www.gorillawalker.com/big-dam-foolishness-the-problem-of-modern-flood-control-and.pdf
    • http://www.gorillawalker.com/scars-that-run-deep-sometimes-the-nightmares-don-t-end.pdf
    • http://www.gorillawalker.com/the-elliott-wave-writings-of-a-j-frost-and-richard.pdf
    • http://www.gorillawalker.com/starting-out-rook-endgames.pdf
    • http://www.gorillawalker.com/keats-and-kahn-s-roentgen-atlas-of-skeletal-maturation.pdf
    • http://www.gorillawalker.com/sequitur-to-cape-horn-in-comfort-and-style.pdf
    • http://www.gorillawalker.com/marilyn-b-cole-ms-otr-l-faota-s-group-dynamics.pdf
    • http://www.gorillawalker.com/dumbing-down-the-courts-how-politics-keeps-the-smartest-judges.pdf
    • http://www.gorillawalker.com/the-law-in-plain-english-for-doctors-dentists-and-other.pdf
    • http://www.gorillawalker.com/double-down-game-change-2012.pdf
    • http://www.gorillawalker.com/women-islam-and-international-law-within-the-context-of-the.pdf
    • http://www.gorillawalker.com/the-forgotten-books-of-eden-complete-edition.pdf
    • http://www.gorillawalker.com/european-film-policies-in-eu-and-international-law-culture-and.pdf
    • http://www.gorillawalker.com/in-vitro-synergic-efficacy-of-the-combination-of-nystatin-with.pdf
    • http://www.gorillawalker.com/stress-and-fish.pdf
    • http://www.gorillawalker.com/apache-cordova-api-cookbook-mobile-programming-kindle-edition.pdf
    • http://www.gorillawalker.com/tasting-and-touring-michigan-s-home-grown-food.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.