Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5fcf37a717a9ec0…

MALICIOUS

PDF

44.8 KB Created: 2019-04-06 00:52:03 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 051c6eae837d18599306d1570b93280b SHA-1: 76246f7fe54e006d3aa1c49b30b85469c16e450a SHA-256: d5fcf37a717a9ec0e6d7e414515abca403e8585b4dca1a277c3760440f27870e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This is indicative of a link farm or SEO manipulation tactic, which can be used to distribute malicious content or drive traffic to malicious sites. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/celtic-songs-and-slow-airs-for-mountain-dulcimer.pdf
    • http://www.gorillawalker.com/a-brief-history-of-india.pdf
    • http://www.gorillawalker.com/the-politician-s-heart-the-growing-strong-series-book-volume.pdf
    • http://www.gorillawalker.com/como-pintar-al-acrilico-painting-with-acrylics-aprender-creando-paso.pdf
    • http://www.gorillawalker.com/bbc-walking-with-prehistoric-beasts-sticker-book.pdf
    • http://www.gorillawalker.com/a-warm-sea-dreaming-of-sailing-and-making-it-happen.pdf
    • http://www.gorillawalker.com/resorts-28-the-world-s-most-beautiful-destinations-resorts-magazine.pdf
    • http://www.gorillawalker.com/alfgar-the-dane-or-the-second-chronicle-of-aescendune-a.pdf
    • http://www.gorillawalker.com/subconscious-meanderings-surreal-visionary-and-semi-strange-drawings-and-mixed.pdf
    • http://www.gorillawalker.com/the-food-of-morocco-a-journey-for-food-lovers-cookery.pdf
    • http://www.gorillawalker.com/defiant-courage-a-wwii-epic-of-escape-and-endurance-kindle.pdf
    • http://www.gorillawalker.com/travel-africa-spring-2000-chimfunshi-lamu-uganda-fish-river-ghana.pdf
    • http://www.gorillawalker.com/a-guide-for-using-a-single-shard-in-the-classroom.pdf
    • http://www.gorillawalker.com/introduction-to-manipulating-data-programmatically-in-microsoft-excel-with-vba.pdf
    • http://www.gorillawalker.com/teased-the-vip-room-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/classic-kata-of-shorinji-ryu-okinawan-karate-forms-of-richard.pdf
    • http://www.gorillawalker.com/justice-in-grey-a-history-of-the-judicial-system-of.pdf
    • http://www.gorillawalker.com/7-steps-to-freedom-ii-how-to-escape-the-american.pdf
    • http://www.gorillawalker.com/electricity-amazing-science.pdf
    • http://www.gorillawalker.com/jump-into-jazz-primer-for-beginning-jazz-dance.pdf
    • http://www.gorillawalker.com/his-favorite-vol-4.pdf
    • http://www.gorillawalker.com/flood-tide-dirk-pitt-no-14.pdf
    • http://www.gorillawalker.com/sql-queries-joes-2-pros-sql-query-techniques-for-microsoft.pdf
    • http://www.gorillawalker.com/far-aim-2011-federal-aviation-regulations-aeronautical-information-manual-far.pdf
    • http://www.gorillawalker.com/color-mixing-system-for-oil-colors.pdf
    • http://www.gorillawalker.com/by-asgard-press-wisconsin-badgers-2015-vintage-football-calendar-calendar.pdf
    • http://www.gorillawalker.com/lsc-devry-online-hsm410-vitalsource-ebook-for-understanding-health-policy.pdf
    • http://www.gorillawalker.com/adalyn-s-dreams-a-naked-blonder-in-the-forest-kindle.pdf
    • http://www.gorillawalker.com/natural-gas-information-2002-with-2001-data.pdf
    • http://www.gorillawalker.com/heavy-metal-magazine-july-1983-vol-vii-no-4.pdf
    • http://www.gorillawalker.com/alcohol-gender-and-drinking-problems-perspectives-from-low-and-middle.pdf
    • http://www.gorillawalker.com/definitive-voicexml.pdf
    • http://www.gorillawalker.com/the-temporary-bride-the-brides-of-holland-springs-book-2.pdf
    • http://www.gorillawalker.com/everyday-spelling-2008-student-edition-consumable-grade-3.pdf
    • http://www.gorillawalker.com/lee-hammond-s-big-book-of-acrylic-painting-fast-easy.pdf
    • http://www.gorillawalker.com/a-perfect-moral-storm-the-ethical-tragedy-of-climate-change.pdf
    • http://www.gorillawalker.com/2012-coffee-wall-calendar-english-german-french-italian-spanish-and.pdf
    • http://www.gorillawalker.com/structuring-drama-work-100-key-conventions-for-theatre-and-drama.pdf
    • http://www.gorillawalker.com/mantis-force-encyclopedia-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/bach-e-major-prelude-from-the-partita-no-3-for.pdf
    • http://www.gorillawalker.com/resorts-28-the-world-s-most-beautiful-destinations-resorts-magaz
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.