Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8fb5228be9ae16d…

MALICIOUS

PDF

41.3 KB Created: 2018-11-30 20:24:49 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 04e3117d1cc72c2d08bbe4890a4685ed SHA-1: b58d785a9ee0b1d77b1524cb941cc8e0dc895e31 SHA-256: d8fb5228be9ae16d25c14735e3208455cc7a2c63e7cce51b6ce9d53c6ab9ecdc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file contains a large number of embedded links pointing to external PDF documents, primarily hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/supplement-to-the-standardized-quantity-recipe-file-for-quality-and.pdf
    • http://www.gorillawalker.com/u-s-nuclear-weapons-changes-in-policy-and-force-structure.pdf
    • http://www.gorillawalker.com/the-woman-s-dictionary-of-symbols-and-sacred-objects.pdf
    • http://www.gorillawalker.com/the-calcium-factor-the-scientific-secret-of-health-and-youth.pdf
    • http://www.gorillawalker.com/witness-to-his-generation-selected-writings-of-john-strietelmeier.pdf
    • http://www.gorillawalker.com/an-acre-of-green-grass-review-of-modern-bengali-literature.pdf
    • http://www.gorillawalker.com/quack-tales-of-medical-fraud-from-the-museum-of-questionable.pdf
    • http://www.gorillawalker.com/korean-martial-arts-handbook.pdf
    • http://www.gorillawalker.com/yogi-bear-s-guide-to-plants-yogi-bear-s-guide.pdf
    • http://www.gorillawalker.com/the-dark-truth-pandora-chronicles-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/il-castello-interiore-i-doni-dello-spirito-santo-vol-1.pdf
    • http://www.gorillawalker.com/principles-of-figure-drawing-1st.pdf
    • http://www.gorillawalker.com/dreams-of-1990.pdf
    • http://www.gorillawalker.com/my-little-movie-memories-book.pdf
    • http://www.gorillawalker.com/100-questions-answers-about-lung-cancer-100-questions-and-answers.pdf
    • http://www.gorillawalker.com/tommy-gabrini-2-a-place-in-his-heart.pdf
    • http://www.gorillawalker.com/diabetes-today-the-absolutely-most-delicious-diabetic-mexican-recipes-cookbook.pdf
    • http://www.gorillawalker.com/conceptos-fundamentales-de-terapia-ocupacional-spanish-edition.pdf
    • http://www.gorillawalker.com/welding-guidelines-with-aircraft-supplement-amp-training-series.pdf
    • http://www.gorillawalker.com/universal-method-for-saxophone.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-modern-principles-of-business-law-contracts-the.pdf
    • http://www.gorillawalker.com/ravenloft-campaign-setting-core-rulebook-d20-3-0-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/the-return-of-the-bunny-suicides.pdf
    • http://www.gorillawalker.com/flight-attendant-career-exploration.pdf
    • http://www.gorillawalker.com/trends-and-issues-in-global-tourism-2010.pdf
    • http://www.gorillawalker.com/making-ends-meet-for-better-or-for-worse-3rd-treasury.pdf
    • http://www.gorillawalker.com/butter-my-butt-and-call-me-a-biscuit-and-other.pdf
    • http://www.gorillawalker.com/the-yoruba-diaspora-in-the-atlantic-world.pdf
    • http://www.gorillawalker.com/advances-in-the-treatment-of-radiation-injuries-advances-in-the.pdf
    • http://www.gorillawalker.com/the-set-up.pdf
    • http://www.gorillawalker.com/dolley-madison-salva-la-historia-historia-grafica-graphic-history-graphic.pdf
    • http://www.gorillawalker.com/spanked-mail-order-bride-domestic-discipline-western-romance.pdf
    • http://www.gorillawalker.com/star-wars-aftermath.pdf
    • http://www.gorillawalker.com/letters-from-ireland-choral-suite-satb.pdf
    • http://www.gorillawalker.com/1999-vehicle-electronic-systems-european-conference-proceedings-conference-proceedings-9.pdf
    • http://www.gorillawalker.com/augustine-manichaeism-and-the-good-patristic-studies.pdf
    • http://www.gorillawalker.com/rotating-disc-electrode-studies-in-soviet-science-physical-sciences.pdf
    • http://www.gorillawalker.com/modern-molecular-biology-approaches-for-unbiased-discovery-in-cancer-research.pdf
    • http://www.gorillawalker.com/pequenas-historias-animales-del-mundo-pequenas-historias-short-stories-spanish.pdf
    • http://www.gorillawalker.com/testsoup-s-guide-for-the-air-force-pdg-for-nco.pdf
    • http://www.gorillawalker.com/the-calcium-factor-the-scientific-secret-of-health-and
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.