Malicious PDF — malware analysis report

Static analysis result for SHA-256 d80b67dd2fa5f8e5…

MALICIOUS

PDF

42.3 KB Created: 2019-03-17 04:21:30 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: d836479629d6fb4978e2994ed90d573e SHA-1: 316f7c7441ddd604917d691c84b407070cb5e8e1 SHA-256: d80b67dd2fa5f8e5d6a551200fedde5936b6e0e151e86a919767c86dacde0a6d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be directing users to a link farm hosted on www.gorillawalker.com, likely for SEO manipulation or to serve further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/marrow.pdf
    • http://www.gorillawalker.com/southern-mountain-classics-16-old-time-instrumentals.pdf
    • http://www.gorillawalker.com/cosmic-book.pdf
    • http://www.gorillawalker.com/what-s-wrong-with-grandma-a-family-s-experience-with.pdf
    • http://www.gorillawalker.com/the-magic-umbrella-and-other-stories-for-telling.pdf
    • http://www.gorillawalker.com/brabant-tijdens-de-regering-van-hertog-jan-iii-1312-1356.pdf
    • http://www.gorillawalker.com/the-american-popular-ballad-of-the-golden-era-1924-1950.pdf
    • http://www.gorillawalker.com/multiple-myeloma-state-of-the-art.pdf
    • http://www.gorillawalker.com/the-journey-and-the-calm-book-v-embracing-the-light.pdf
    • http://www.gorillawalker.com/d-b-country-report-vietnam-download-pdf-digital.pdf
    • http://www.gorillawalker.com/jesus-on-church-structure-kindle-edition.pdf
    • http://www.gorillawalker.com/dawn-of-the-morning-grace-livingston-hill-43.pdf
    • http://www.gorillawalker.com/upside-of-adversity-from-the-pit-to-greatness.pdf
    • http://www.gorillawalker.com/along-the-divide-photographs-of-the-dan-ryan-expressway-center.pdf
    • http://www.gorillawalker.com/british-royal-yachts-a-complete-illustrated-history.pdf
    • http://www.gorillawalker.com/eyewitness-travel-phrase-book-italian.pdf
    • http://www.gorillawalker.com/computer-confluence-exploring-tomorrow-s-technology-5th-edition-illustrated.pdf
    • http://www.gorillawalker.com/measuring-for-the-art-show-addition-on-the-open-number.pdf
    • http://www.gorillawalker.com/sonic-saga-series-4-house-of-cards.pdf
    • http://www.gorillawalker.com/with-clough.pdf
    • http://www.gorillawalker.com/elementos-fundamentales-para-la-critica-de-la-economia-politica-grundrisse.pdf
    • http://www.gorillawalker.com/japan-changing-face-of.pdf
    • http://www.gorillawalker.com/ferns-and-fern-allies-of-guatemala.pdf
    • http://www.gorillawalker.com/colorado-springs-rand-mcnally-folded-map-cities.pdf
    • http://www.gorillawalker.com/model-making-for-the-stage-a-practical-guide.pdf
    • http://www.gorillawalker.com/der-engel-kalender-2015.pdf
    • http://www.gorillawalker.com/how-to-start-a-home-bakery-business.pdf
    • http://www.gorillawalker.com/the-keeper-of-lime-rock-the-remarkable-true-story-of.pdf
    • http://www.gorillawalker.com/alma-grande-e-nobil-core-k-578-full-score-qty.pdf
    • http://www.gorillawalker.com/the-baby-signing-book-includes-450-asl-signs-for-babies.pdf
    • http://www.gorillawalker.com/thirty-three-dances-signature.pdf
    • http://www.gorillawalker.com/film-posters-of-the-50s-the-essential-movies-of-the.pdf
    • http://www.gorillawalker.com/little-girl-gone.pdf
    • http://www.gorillawalker.com/apparition-everlee-and-lee-kindle-edition.pdf
    • http://www.gorillawalker.com/should-i-stay-or-go-how-controlled-separation-cs-can.pdf
    • http://www.gorillawalker.com/wrestling-demons.pdf
    • http://www.gorillawalker.com/macrohistory-essays-in-sociology-of-the-long-run.pdf
    • http://www.gorillawalker.com/antologia-de-la-poesia-hispanoamericana-actual-la-creacion-literaria-spanish.pdf
    • http://www.gorillawalker.com/elegance-a-complete-guide-for-every-women-who-wants-to.pdf
    • http://www.gorillawalker.com/mexico-in-1827-volume-1-of-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.