Malicious PDF — malware analysis report

Static analysis result for SHA-256 c6bfb20550b02e2d…

MALICIOUS

PDF

43.5 KB Created: 2018-12-08 04:03:06 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: 41f1ce80e68fabc4c0b81cf635d1ad52 SHA-1: 69bd2116b30ef4db7593b43f8aafeb1930d88d66 SHA-256: c6bfb20550b02e2ded17f6941cefa64e101a2f24cf11ebca250845102ac775f2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com, likely to distribute further malware or engage in SEO abuse. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shadowrun-19-just-compensation.pdf
    • http://www.gorillawalker.com/baby-challenge-hbk-pregnancy-pb.pdf
    • http://www.gorillawalker.com/animation-design-and-production-of-the-new-curriculum-reform-of.pdf
    • http://www.gorillawalker.com/lucid-dreaming-gateway-to-the-inner-self-by-robert-waggoner.pdf
    • http://www.gorillawalker.com/learned-secrets-erotic-chaos.pdf
    • http://www.gorillawalker.com/the-big-book-of-mediterranean-recipes-more-than-500-recipes.pdf
    • http://www.gorillawalker.com/the-code-of-canon-law-a-text-and-commentary-study.pdf
    • http://www.gorillawalker.com/wolves-wall-calendar-2015.pdf
    • http://www.gorillawalker.com/viva-mexico-a-traveller-s-account-of-life-in-mexico.pdf
    • http://www.gorillawalker.com/rosamunde-d797-entr-acte-and-ballet-music-study-score-edition.pdf
    • http://www.gorillawalker.com/storming-the-heavens-soldiers-emperors-and-civilians-in-the-roman.pdf
    • http://www.gorillawalker.com/flip-side-plays-with-attitude.pdf
    • http://www.gorillawalker.com/mems-vibratory-gyroscopes-structural-approaches-to-improve-robustness-mems-reference.pdf
    • http://www.gorillawalker.com/manual-de-feng-shui-guia-practica-del-antiguo-arte-de.pdf
    • http://www.gorillawalker.com/steck-vaughn-gain-essentials-student-edition-efl-levels-1-2.pdf
    • http://www.gorillawalker.com/exoplanets-and-alien-solar-systems.pdf
    • http://www.gorillawalker.com/a-day-at-versailles.pdf
    • http://www.gorillawalker.com/ulysses-s-grant-the-unlikely-hero-eminent-lives.pdf
    • http://www.gorillawalker.com/notes-on-the-settlement-and-indian-wars-of-the-western.pdf
    • http://www.gorillawalker.com/dreams-from-my-father-a-story-of-race-and-inheritance.pdf
    • http://www.gorillawalker.com/k-stenmusik-in-s-darabien-die-lieder-und-t-nze.pdf
    • http://www.gorillawalker.com/the-technology-costs-of-accreditation-information-technology-and-the-behavioral.pdf
    • http://www.gorillawalker.com/revealed-a-house-of-night-novel-house-of-night-novels.pdf
    • http://www.gorillawalker.com/applied-physics-for-radiation-oncology-1st-first-edition.pdf
    • http://www.gorillawalker.com/the-dance-in-art-a-book-of-dances-poems-paintings.pdf
    • http://www.gorillawalker.com/stocking-the-vegetarian-pantry-book-how-to-stock-your-pantry.pdf
    • http://www.gorillawalker.com/fifty-years-among-the-new-words-a-dictionary-of-neologisms.pdf
    • http://www.gorillawalker.com/paul-thurlby-s-wildlife.pdf
    • http://www.gorillawalker.com/la-resolucion-de-problemas-matematicos-the-resolution-of-mathematical-problems.pdf
    • http://www.gorillawalker.com/kinesiology-scientific-basis-of-human-motion-11th-edition.pdf
    • http://www.gorillawalker.com/rolling-dreams-portraits-of-the-northwest-s-railroad-heritage.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-cakes-cookies-37-apricot.pdf
    • http://www.gorillawalker.com/mam-come-sano-spanish-edition.pdf
    • http://www.gorillawalker.com/urban-health-global-perspectives.pdf
    • http://www.gorillawalker.com/the-eta-cohen-violin-method-2012-book-1.pdf
    • http://www.gorillawalker.com/virtual-assistant-the-series-become-a-highly-successful-sought-after.pdf
    • http://www.gorillawalker.com/on-being-the-church-revisioning-baptist-identity-studies-in-baptist.pdf
    • http://www.gorillawalker.com/blutrote-k-sse-eine-erotische-vampir-novelle-german-edition.pdf
    • http://www.gorillawalker.com/how-to-change-the-oil-in-your-twin-cam-harley.pdf
    • http://www.gorillawalker.com/lobo-oscuro-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.