Malicious PDF — malware analysis report

Static analysis result for SHA-256 d277f91540f04165…

MALICIOUS

PDF

45.0 KB Created: 2018-12-15 08:52:34 +03:00 Authoring application: - (via Acrobat Distiller 10.1.10 (Windows))
MD5: 1e37865336832ee9afd0996e7fa048fd SHA-1: d667eb0dac4fd0a9facfad843ef01675a6ce2a8f SHA-256: d277f91540f041655343da302ef257eb8549e0dbcb3422a4414587b3e5648ca3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to a specific set of resources. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8640

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-lupane-legacy-joshua-denham-and-devon-kerr-book-1.pdf
    • http://www.gorillawalker.com/firefly-island.pdf
    • http://www.gorillawalker.com/progressive-neuroblastoma-innovation-and-novel-therapeutic-strategies-pediatric-and-adolescent.pdf
    • http://www.gorillawalker.com/applied-combinatorics-with-problem-solving.pdf
    • http://www.gorillawalker.com/sword-salve-confronting-new-wars-and-humanitarian-crises-new-millennium.pdf
    • http://www.gorillawalker.com/essex-privies.pdf
    • http://www.gorillawalker.com/plumbing-trainee-guide-level-4.pdf
    • http://www.gorillawalker.com/doctrinal-sermons-on-the-catechism-of-the-catholic-church.pdf
    • http://www.gorillawalker.com/ghost-towns-of-the-santa-cruz-mountains.pdf
    • http://www.gorillawalker.com/talk-dirty-german-beyond-schmutz-the-curses-slang-and-street.pdf
    • http://www.gorillawalker.com/the-platinum-rainbow-how-to-succeed-in-the-music-business.pdf
    • http://www.gorillawalker.com/crazy-zany-cartoon-characters-drawing-book-kit-includes-everything-you.pdf
    • http://www.gorillawalker.com/the-neocon-conspiracy.pdf
    • http://www.gorillawalker.com/the-pink-fog-a-crossdressing-romp.pdf
    • http://www.gorillawalker.com/dragonsblood-dragonriders-of-pern-series.pdf
    • http://www.gorillawalker.com/science-and-empire-essays-in-indian-context.pdf
    • http://www.gorillawalker.com/tetracyclines-in-biology-chemistry-and-medicine.pdf
    • http://www.gorillawalker.com/banking-law-of-new-york-chapter-2-of-consoldiated-laws.pdf
    • http://www.gorillawalker.com/the-ultrametabolism-cookbook-200-delicious-recipes-that-will-turn-on.pdf
    • http://www.gorillawalker.com/savage-sharks-killer-nature.pdf
    • http://www.gorillawalker.com/claiming-addison-69-bottles-1-kindle-edition.pdf
    • http://www.gorillawalker.com/solar-technology-the-earthscan-expert-guide-to-using-solar-energy.pdf
    • http://www.gorillawalker.com/hagan-s-infectious-diseases-of-domestic-animals.pdf
    • http://www.gorillawalker.com/national-geographic-trails-illustrated-harriman-bear-mtn-sterling-forest-state.pdf
    • http://www.gorillawalker.com/the-principles-of-historical-geology-from-the-regional-point-of.pdf
    • http://www.gorillawalker.com/vampire-baby.pdf
    • http://www.gorillawalker.com/a-yellow-watermelon.pdf
    • http://www.gorillawalker.com/ancient-coin-collecting-iii-the-roman-world-politics-and-propaganda.pdf
    • http://www.gorillawalker.com/mothers-of-invention-women-of-the-slaveholding-south-in-the.pdf
    • http://www.gorillawalker.com/electricity-its-history-and-development-bibliolife-reproduction-series.pdf
    • http://www.gorillawalker.com/thread-of-suspicion-love-inspired-lp-suspense-the-justice-agency.pdf
    • http://www.gorillawalker.com/blessed-relief-what-christians-can-learn-from-buddhists-about-suffering.pdf
    • http://www.gorillawalker.com/sails-on-the-horizon-a-novel-of-the-napoleonic-wars.pdf
    • http://www.gorillawalker.com/daniel-s-fire-a-quidell-brothers-novel.pdf
    • http://www.gorillawalker.com/who-do-you-think-you-are-15-methods-for-analyzing.pdf
    • http://www.gorillawalker.com/ten-years-serpentine-gallery-pavilions.pdf
    • http://www.gorillawalker.com/hunger-speaks-a-memoir-told-in-poetry-a-celebration-of.pdf
    • http://www.gorillawalker.com/red-sky-morning-the-andrew-code.pdf
    • http://www.gorillawalker.com/jane-s-underwater-warfare-systems-2010-2011.pdf
    • http://www.gorillawalker.com/doom-helix.pdf
    • http://www.gorillawalker.com/doctrinal-sermons-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.