Malicious PDF — malware analysis report

Static analysis result for SHA-256 d60160f856e90832…

MALICIOUS

PDF

41.8 KB Created: 2019-03-18 18:23:21 +03:00 Authoring application: PDF CoDe 2015.5473 (c) 2002-2015 European Commission
MD5: 48e6008fea0497aaf4593a9ea0604afc SHA-1: 6fc94c4bee8729fb3c8dd0c816ac8d0241f8e3bf SHA-256: d60160f856e9083296a070456394bceedc78a259d0eeacea7e3b219bf9b78a1a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links identified. The ML classifier also strongly indicated maliciousness. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a content-farming or link-distribution scheme. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9110

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-ponds-of-nantucket-university-of-massachusetts-at-boston-nantucket.pdf
    • http://www.gorillawalker.com/basic-principles-for-construction-3rd-edition-residential-construction-academy.pdf
    • http://www.gorillawalker.com/the-nature-of-software-development-keep-it-simple-make-it.pdf
    • http://www.gorillawalker.com/manual-of-typography.pdf
    • http://www.gorillawalker.com/anhedonia-kindle-edition.pdf
    • http://www.gorillawalker.com/john-gill-s-exposition-on-the-entire-bible-book-of.pdf
    • http://www.gorillawalker.com/controversies-in-monetary-economics-ideas-issues-and-policy.pdf
    • http://www.gorillawalker.com/little-bat-finger-puppet-book-little-finger-puppet-board-books.pdf
    • http://www.gorillawalker.com/game-changers-book-1-audio.pdf
    • http://www.gorillawalker.com/abba.pdf
    • http://www.gorillawalker.com/jeremiah-1-hermeneia-hermeneia-a-critical-historical-commentary-on-the.pdf
    • http://www.gorillawalker.com/the-people-that-time-forgot-caspak-trilogy.pdf
    • http://www.gorillawalker.com/sex-lies-and-the-ceo-chicago-sons.pdf
    • http://www.gorillawalker.com/the-total-deer-hunter-manual-field-stream-301-hunting-skills.pdf
    • http://www.gorillawalker.com/century-of-civil-rights.pdf
    • http://www.gorillawalker.com/john-of-the-cross-seasons-of-prayer.pdf
    • http://www.gorillawalker.com/on-body-and-soul-contemporary-armor-to-amulets.pdf
    • http://www.gorillawalker.com/methods-of-mathematical-economics-linear-and-nonlinear-programming-fixed-point.pdf
    • http://www.gorillawalker.com/puddle-s-abc-toot-puddle.pdf
    • http://www.gorillawalker.com/fellowships-webster-s-specialty-crossword-puzzles-volume-3-the-expert.pdf
    • http://www.gorillawalker.com/fencing-is-my-life.pdf
    • http://www.gorillawalker.com/corporate-governance-theory-and-practice-palgrave-finance.pdf
    • http://www.gorillawalker.com/universal-story-poems-and-stories-of-love-and-more-love.pdf
    • http://www.gorillawalker.com/the-book-of-obama-from-hope-and-change-to-the.pdf
    • http://www.gorillawalker.com/hvac-guide-to-air-handling-system-design-quick-book.pdf
    • http://www.gorillawalker.com/antigone-op-55-bassoon-1-part-qty-2-a5246.pdf
    • http://www.gorillawalker.com/the-exalted-christ.pdf
    • http://www.gorillawalker.com/novel-violence-a-narratography-of-victorian-fiction.pdf
    • http://www.gorillawalker.com/ha-estallado-la-paz-spanish-edition.pdf
    • http://www.gorillawalker.com/lonely-planet-thalande-thailande-lonely-planet-travel-guides-french-edition.pdf
    • http://www.gorillawalker.com/arpeggio-studies-in-two-octaves-for-the-cello.pdf
    • http://www.gorillawalker.com/the-future-of-gay-rights-in-america.pdf
    • http://www.gorillawalker.com/hardcourt-comeback-fred-bowen-sports-stories.pdf
    • http://www.gorillawalker.com/the-witness-of-poetry-the-charles-eliot-norton-lectures.pdf
    • http://www.gorillawalker.com/orthodoxy-and-catholicism-what-are-the-differences.pdf
    • http://www.gorillawalker.com/what-will-baby-be-like-preparing-a-sibling-for-the.pdf
    • http://www.gorillawalker.com/the-philosophy-of-creativity-new-essays.pdf
    • http://www.gorillawalker.com/2016-montana-wildlife-wall-calendar.pdf
    • http://www.gorillawalker.com/the-perfect-human-diet-the-simple-doctor-proven-solution-for.pdf
    • http://www.gorillawalker.com/the-wandering-scholar.pdf
    • http://www.gorillawalker.com/a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.