Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5f4f93fb7e5afb7…

MALICIOUS

PDF

43.7 KB Created: 2018-11-30 20:31:35 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 4d1dbe5df0c137c39063b1cbbefe59a9 SHA-1: a0b2a084edce3403e5c9d086742f685293e9ed6c SHA-256: c5f4f93fb7e5afb7c231061e4553d3522d0c4ae716a11e7d398472c882e15f0b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm or distribution mechanism. The embedded URLs point to various PDF documents hosted on gorillawalker.com, indicating a potential SEO poisoning or traffic redirection scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-global-manufacturing-revolution-product-process-business-integration-and-reconfigurable.pdf
    • http://www.gorillawalker.com/the-readers-advisory-guide-to-genre-blends-kindle-edition.pdf
    • http://www.gorillawalker.com/quentin-crisp-the-profession-of-being-a-biography.pdf
    • http://www.gorillawalker.com/abhimanyu.pdf
    • http://www.gorillawalker.com/an-introduction-to-crystallography.pdf
    • http://www.gorillawalker.com/200-best-jobs-for-college-graduates.pdf
    • http://www.gorillawalker.com/slouching-towards-bethlehem-essays-fsg-classics.pdf
    • http://www.gorillawalker.com/elegant-and-graceful-remember-games-artistic-gymnastics-champion-zhong-ling.pdf
    • http://www.gorillawalker.com/divorce-the-real-truth-and-hidden-dangers.pdf
    • http://www.gorillawalker.com/the-female-of-the-species-tales-of-mystery-and-suspense.pdf
    • http://www.gorillawalker.com/day-trips-from-raleigh-durham-3rd-getaway-ideas-for-the.pdf
    • http://www.gorillawalker.com/understanding-foucault.pdf
    • http://www.gorillawalker.com/windows-vista-the-definitive-guide.pdf
    • http://www.gorillawalker.com/oracle-in-doubt-a-val-ferrel-novel-book-1.pdf
    • http://www.gorillawalker.com/developmental-disorders-a-neuropsychological-approach.pdf
    • http://www.gorillawalker.com/journey-into-barbary-travels-across-morocco.pdf
    • http://www.gorillawalker.com/danger-caffeine-drug-awareness-library.pdf
    • http://www.gorillawalker.com/pasta-tecnica.pdf
    • http://www.gorillawalker.com/mercy-watson-thinks-like-a-teacher-classroom-set.pdf
    • http://www.gorillawalker.com/purely-primitive-hooked-rugs-from-wool-yarn-and-homespun-scraps.pdf
    • http://www.gorillawalker.com/the-actor-and-his-text.pdf
    • http://www.gorillawalker.com/tracing-your-ancestors-in-barbados-a-practical-guide.pdf
    • http://www.gorillawalker.com/my-weirder-school-7-miss-kraft-is-daft.pdf
    • http://www.gorillawalker.com/rock-record-pb-no-7-directory-of-album-discographies-and.pdf
    • http://www.gorillawalker.com/tools-of-the-imagination-drawing-tools-and-technologies-from-the.pdf
    • http://www.gorillawalker.com/aeons-the-search-for-the-beginning-of-time-text-only.pdf
    • http://www.gorillawalker.com/fiber-menace-the-truth-about-the-leading-role-of-fiber.pdf
    • http://www.gorillawalker.com/stensvaag-s-materials-on-environmental-law-american-casebook-series-english.pdf
    • http://www.gorillawalker.com/foster-care-law-a-primer.pdf
    • http://www.gorillawalker.com/bach-and-the-riddle-of-the-number-alphabet.pdf
    • http://www.gorillawalker.com/the-compleat-acupuncturist-a-guide-to-constitutional-and-conditional-pulse.pdf
    • http://www.gorillawalker.com/celtic-mysteries-in-new-england.pdf
    • http://www.gorillawalker.com/quest-for-golden-downs.pdf
    • http://www.gorillawalker.com/medusa-the-shipwreck-the-scandal-the-masterpiece.pdf
    • http://www.gorillawalker.com/coaching-the-wishbone-offense-kindle-edition.pdf
    • http://www.gorillawalker.com/the-ultimate-massage-chair-buyer-s-guide-how-to-select.pdf
    • http://www.gorillawalker.com/oxford-grammar-for-schools-1-teacher-s-book-and-audio.pdf
    • http://www.gorillawalker.com/on-being-a-doctor-2-voices-of-physicians-and-patients.pdf
    • http://www.gorillawalker.com/darwin-on-trial.pdf
    • http://www.gorillawalker.com/communicating-with-the-arabs-a-handbook-for-the-business-executive.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.