Malicious PDF — malware analysis report

Static analysis result for SHA-256 d25f62903f2e1cdb…

MALICIOUS

PDF

41.6 KB Created: 2018-11-14 08:20:58 +03:00 Authoring application: - (via XEP 4.4 build 20050610)
MD5: 41ab0b5237b3699410ac19c1f5b4e29a SHA-1: 61991a1a023175dc7c4b045d46c54f02da66ece0 SHA-256: d25f62903f2e1cdb78dc416400d54e4b5ee194d19912d5d7eeddcf98865b21cc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to PDF files on the domain www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/six-promenades-dans-les-bois-ldp-bib-essais-french-edition.pdf
    • http://www.gorillawalker.com/anthology-of-neo-latin-poetry.pdf
    • http://www.gorillawalker.com/1-is-a-whole-number.pdf
    • http://www.gorillawalker.com/the-fire-and-the-light-a-novel-of-the-cathars.pdf
    • http://www.gorillawalker.com/pure-english-and-english-edition.pdf
    • http://www.gorillawalker.com/black-friday-the-eyemouth-fishing-disaster-of-1881.pdf
    • http://www.gorillawalker.com/woman-of-the-river-bilingual-edition-pitt-poetry-english-and.pdf
    • http://www.gorillawalker.com/the-serpent-s-shadow-elemental-masters-book-1.pdf
    • http://www.gorillawalker.com/tragedia-kindle-edition.pdf
    • http://www.gorillawalker.com/inclusive-learning-center-book.pdf
    • http://www.gorillawalker.com/the-simple-dollar-how-one-man-wiped-out-his-debts.pdf
    • http://www.gorillawalker.com/the-world-almanac-2012-trivia-game.pdf
    • http://www.gorillawalker.com/impervious-the-ascension-series-book-1.pdf
    • http://www.gorillawalker.com/blackstone-valley-rhode-island-pocket-map-american-map.pdf
    • http://www.gorillawalker.com/developmental-language-skills-elements-of-language-3rd-course-grade-9.pdf
    • http://www.gorillawalker.com/handbook-of-metathesis-3-volume-set.pdf
    • http://www.gorillawalker.com/how-to-remove-all-negative-items-from-your-credit-report.pdf
    • http://www.gorillawalker.com/prime-movers-the-makers-of-modern-dance-in-america-2nd.pdf
    • http://www.gorillawalker.com/engine-logbook.pdf
    • http://www.gorillawalker.com/the-handbook-of-techniques-for-theatre-designers.pdf
    • http://www.gorillawalker.com/travels-of-cosmo-the-third-grand-duke-of-tuscany-through.pdf
    • http://www.gorillawalker.com/poetry-and-prayer-the-power-of-the-word-ii.pdf
    • http://www.gorillawalker.com/special-operations-wolf-squadron.pdf
    • http://www.gorillawalker.com/natural-area-tourism-ecology-impacts-and-management-aspects-of-tourism.pdf
    • http://www.gorillawalker.com/the-gender-reader-2nd-edition.pdf
    • http://www.gorillawalker.com/strategy-an-introduction-to-game-theory-2nd-edition.pdf
    • http://www.gorillawalker.com/dake-bible-cover-large-burgundy-rag-book.pdf
    • http://www.gorillawalker.com/paths-of-pravritti-and-nivritti-the.pdf
    • http://www.gorillawalker.com/follow-me-i-know-where-i-m-going.pdf
    • http://www.gorillawalker.com/bernard-de-mandeville-s-tropology-of-paradoxes-morals-politics-economics.pdf
    • http://www.gorillawalker.com/temporomandibular-joint-dysfunction-a-physician-s-guide-to-diagnosis-and.pdf
    • http://www.gorillawalker.com/learning-in-places-the-informal-education-reader-counterpoints-studies-in.pdf
    • http://www.gorillawalker.com/affluenza-when-too-much-is-never-enough.pdf
    • http://www.gorillawalker.com/corfe-castle.pdf
    • http://www.gorillawalker.com/mla-made-easy-citation-basics-for-beginners.pdf
    • http://www.gorillawalker.com/foodstyle-fundamentals-techniques-solutions-in-russian-fudstilistika-osnovi-priemi-resheniya.pdf
    • http://www.gorillawalker.com/diet-therapy-research-trends.pdf
    • http://www.gorillawalker.com/dications-as-high-energy-species-graduate-training-in-chemical-physics.pdf
    • http://www.gorillawalker.com/forgetful-little-fireman-colouring-book-little-stories.pdf
    • http://www.gorillawalker.com/just-for-fun-swing-jazz-for-ukulele-12-swing-era.pdf
    • http://www.gorillawalker.com/inclusive
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.