Malicious PDF — malware analysis report

Static analysis result for SHA-256 ccef962779aac778…

MALICIOUS

PDF

43.5 KB Created: 2019-04-04 15:11:43 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: f34e48dafb3953c70f6782918e283ad4 SHA-1: 93fc8880d8d720daae96722f4378d449ee02e93a SHA-256: ccef962779aac778a4231ba4c22bab1a0938fdb1bbb1bf13d6f1776d42565edf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of external links, suggesting a link farm or SEO poisoning attempt. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external PDF links, predominantly pointing to the 'gorillawalker.com' domain. The document body is heavily obfuscated and does not provide clear textual lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/high-adventure-being-an-account-of-the-adventures-of-a.pdf
    • http://www.gorillawalker.com/classic-decorative-details.pdf
    • http://www.gorillawalker.com/mapa-de-carreteras-1-340-000-road-maps-1-340.pdf
    • http://www.gorillawalker.com/canes-decade-of-dominance.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-ventriloquism-idiot-s-guides.pdf
    • http://www.gorillawalker.com/a-milf-affair-5-while-my-husband-sleeps-kindle-edition.pdf
    • http://www.gorillawalker.com/building-a-greenland-kayak.pdf
    • http://www.gorillawalker.com/my-life-as-a-quant-reflections-on-physics-and-finance.pdf
    • http://www.gorillawalker.com/a-distinctive-image-marketing-for-driving-instructors-and-the-driving.pdf
    • http://www.gorillawalker.com/neurotrophic-factors-handbook-of-experimental-pharmacology-vol-134.pdf
    • http://www.gorillawalker.com/what-in-hell-is-happening-a-different-perspective-of-hell.pdf
    • http://www.gorillawalker.com/vietnam-journal-graphic-novels.pdf
    • http://www.gorillawalker.com/emigrants-and-exiles-ireland-and-the-irish-exodus-to-north.pdf
    • http://www.gorillawalker.com/germans-and-japs-in-south-america-being-a-record-of.pdf
    • http://www.gorillawalker.com/short-history-of-wales-illustrated.pdf
    • http://www.gorillawalker.com/the-glorious-christmas-songbook-classic-illustrated.pdf
    • http://www.gorillawalker.com/a-well-dressed-gentleman-s-pocket-guide.pdf
    • http://www.gorillawalker.com/african-american-male-writing-and-dif-a-polycentric-approach-to.pdf
    • http://www.gorillawalker.com/pesticide-formulations-and-application-systems-23rd-volume-v-23.pdf
    • http://www.gorillawalker.com/multicultural-atlas.pdf
    • http://www.gorillawalker.com/engineering-graphics-8th-edition.pdf
    • http://www.gorillawalker.com/piaf-legend.pdf
    • http://www.gorillawalker.com/through-good-times-and-bad-prayers-for-a-lifetime-together.pdf
    • http://www.gorillawalker.com/dynamic-optimal-capital-structure-and-technical-change-an-article-from.pdf
    • http://www.gorillawalker.com/distant-mental-influence-its-contributions-to-science-healing-and-human.pdf
    • http://www.gorillawalker.com/the-pig-and-i.pdf
    • http://www.gorillawalker.com/the-penguin-atlas-of-women-in-the-world-completely-revised.pdf
    • http://www.gorillawalker.com/the-execution-squad-fraud-bum-beefed.pdf
    • http://www.gorillawalker.com/invitation-to-the-old-testament-participant-book-a-short-term.pdf
    • http://www.gorillawalker.com/the-shemitah-solution-how-to-position-yourself-in-the-year.pdf
    • http://www.gorillawalker.com/organic-chemistry-hybrid-edition-with-owl-24-months-printed-access.pdf
    • http://www.gorillawalker.com/the-new-deal-and-the-triumph-of-liberalism-political-development.pdf
    • http://www.gorillawalker.com/geronimo-stilton-spacemice-1-alien-escape.pdf
    • http://www.gorillawalker.com/legends-of-rock-roll-rod-stewart.pdf
    • http://www.gorillawalker.com/caminar-y-carrera-suave-fitness-de-hoy-today-s-fitness.pdf
    • http://www.gorillawalker.com/moon-river-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/100-of-the-best-vegan-dinner-dishes.pdf
    • http://www.gorillawalker.com/unsupervised-learning-foundations-of-neural-computation-computational-neuroscience.pdf
    • http://www.gorillawalker.com/elihu-root-collection-of-united-states-documents-relating-to-the.pdf
    • http://www.gorillawalker.com/color-entry-watercolor-still-life-painting.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.