Malicious PDF — malware analysis report

Static analysis result for SHA-256 da5cc927f728620e…

MALICIOUS

PDF

32.3 KB Created: 2020-01-26 19:00:23 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 1dbd32fb4465a3285be4a520f67f7e58 SHA-1: bee8f179f558268e69482fde046b1a4b59089cd1 SHA-256: da5cc927f728620e749a27918a453030607eb2d20904255d9727b82761ef42db
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to other PDFs from the domain www.gorillawalker.com points to a coordinated effort to distribute content, potentially malicious, through a link-aggregation strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lessons-in-truth-a-course-of-twelve-lessons-in-practical.pdf
    • http://www.gorillawalker.com/french-for-le-snob-adding-panache-to-your-everyday-conversations.pdf
    • http://www.gorillawalker.com/pine-river-and-lone-peak-an-anthology-of-three-choson.pdf
    • http://www.gorillawalker.com/the-quarterback-killer-s-cookbook.pdf
    • http://www.gorillawalker.com/saddle-up-untold-stories-about-vietnam-from-an-army-infantryman.pdf
    • http://www.gorillawalker.com/iraq-road-map.pdf
    • http://www.gorillawalker.com/cuando-el-homosexual-pide-ayuda-una-gu-a-para-los.pdf
    • http://www.gorillawalker.com/nourished-the-art-of-eating-and-living-well-volume-1.pdf
    • http://www.gorillawalker.com/color-atlas-of-physiology-basic-sciences-thieme.pdf
    • http://www.gorillawalker.com/rescuing-science-from-politics-regulation-and-the-distortion-of-scientific.pdf
    • http://www.gorillawalker.com/sociology-in-our-times.pdf
    • http://www.gorillawalker.com/afterlife-communication-16-proven-methods-85-true-accounts.pdf
    • http://www.gorillawalker.com/portrait-of-an-athlete.pdf
    • http://www.gorillawalker.com/wine-basics-for-dummies.pdf
    • http://www.gorillawalker.com/the-bankrupt-bookseller.pdf
    • http://www.gorillawalker.com/lady-macdonald-s-chocolate-book.pdf
    • http://www.gorillawalker.com/fashion-marketing-merchandising-examview-assessment-suite.pdf
    • http://www.gorillawalker.com/theoretical-sensitivity-advances-in-the-methodology-of-grounded-theory.pdf
    • http://www.gorillawalker.com/exploring-stars-in-the-milky-way-space-math-2012-kindle.pdf
    • http://www.gorillawalker.com/noon-at-five-o-clock-the-short-stories-of-arthur.pdf
    • http://www.gorillawalker.com/from-cowtown-to-wowtown-fort-worth-texas-brief-article-an.pdf
    • http://www.gorillawalker.com/chineasy-notebooks.pdf
    • http://www.gorillawalker.com/how-should-we-then-live-the-rise-and-decline-of.pdf
    • http://www.gorillawalker.com/pance-flashcard-study-system-pance-test-practice-questions-exam-review.pdf
    • http://www.gorillawalker.com/jazzy-blues-calendar-book-2014-art-quilts.pdf
    • http://www.gorillawalker.com/ver-begin.pdf
    • http://www.gorillawalker.com/vagabonds-new-zealand-playscripts.pdf
    • http://www.gorillawalker.com/the-search-for-hidden-sacred-knowledge-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fate-of-destiny-fates-book-1.pdf
    • http://www.gorillawalker.com/aids-and-stis-a-global-perspective.pdf
    • http://www.gorillawalker.com/fpga-simulation-a-complete-step-by-step-guide.pdf
    • http://www.gorillawalker.com/around-the-world-in-80-men-boxed-set-31-35.pdf
    • http://www.gorillawalker.com/rite-of-passage-how-to-teach-your-son-about-sex.pdf
    • http://www.gorillawalker.com/1-3-john-reformed-expository-commentary.pdf
    • http://www.gorillawalker.com/how-can-i-keep-from-singing-satb-vocal-score.pdf
    • http://www.gorillawalker.com/the-identity-of-the-constitutional-subject-selfhood-citizenship-culture-and.pdf
    • http://www.gorillawalker.com/john-calvin-s-american-legacy.pdf
    • http://www.gorillawalker.com/asvab-afqt-for-dummies-text-only-edition-unstated-edition-by.pdf
    • http://www.gorillawalker.com/perfect-italian.pdf
    • http://www.gorillawalker.com/an-opening-repertoire-for-the-attacking-player-batsford-chess-library.pdf
    • http://www.gorillawalker.com/portrait
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.