Malicious PDF — malware analysis report

Static analysis result for SHA-256 dcefc4d3ead889a9…

MALICIOUS

PDF

44.6 KB Created: 2019-04-28 03:57:46 +03:00 Authoring application: FPDF 1.53
MD5: ba00e46d9c630dd1a1bf8ccf791c5488 SHA-1: 645820e4b74247dac0f468c8400e5648f17b2d39 SHA-256: dcefc4d3ead889a974c76fcefdd2b9f16493471aed1fdc2e6f0ec26e3c9996af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/one-maine-christmas-eve.pdf
    • http://www.gorillawalker.com/learning-online-what-research-tells-us-about-whether-when-and.pdf
    • http://www.gorillawalker.com/leukemia-enhanced-edition-learn-what-is-cause-risk-factors-symptoms.pdf
    • http://www.gorillawalker.com/a-decade-of-hope-stories-of-grief-and-endurance-from.pdf
    • http://www.gorillawalker.com/the-pure-theory-of-international-trade.pdf
    • http://www.gorillawalker.com/francisco-berra-la-historia-prohibida-spanish-edition.pdf
    • http://www.gorillawalker.com/the-most-radical-gesture-the-situationist-international-in-a-postmodern.pdf
    • http://www.gorillawalker.com/wheater-s-basic-pathology-a-text-atlas-and-review-of.pdf
    • http://www.gorillawalker.com/the-hill-brody-law.pdf
    • http://www.gorillawalker.com/dementias-biological-bases-and-clinical-approach-to-treatment.pdf
    • http://www.gorillawalker.com/tabletop-radios-volume-4-the-complete-price-guide-to-antique.pdf
    • http://www.gorillawalker.com/petrochemical-america.pdf
    • http://www.gorillawalker.com/electric-and-hybrid-vehicle-technology-s-p-society-of-automotive.pdf
    • http://www.gorillawalker.com/bagombo-snuff-box-uncollected-short-fiction.pdf
    • http://www.gorillawalker.com/racial-justice-and-the-catholic-church.pdf
    • http://www.gorillawalker.com/marriage-disputes-in-medieval-england.pdf
    • http://www.gorillawalker.com/fiction-horror-trapped-in-the-hill-horror-thriller-suspense-mystery.pdf
    • http://www.gorillawalker.com/blue-book-of-gun-values-seventh-edition.pdf
    • http://www.gorillawalker.com/a-magician-i-want-to-be.pdf
    • http://www.gorillawalker.com/office-assistant-passbooks-career-examination-series.pdf
    • http://www.gorillawalker.com/italian-all-in-one-for-dummies.pdf
    • http://www.gorillawalker.com/significant-changes-to-the-florida-building-code-residential-2007-edition.pdf
    • http://www.gorillawalker.com/finishing-touches-a-guide-to-being-poised-polished-and-beautifully.pdf
    • http://www.gorillawalker.com/korea-and-east-asia-the-story-of-a-phoenix.pdf
    • http://www.gorillawalker.com/scribbling-the-cat-travels-with-an-african-soldier-kindle-edition.pdf
    • http://www.gorillawalker.com/dictadura-mediatica-en-venezuela-mediation-dictatorship-in-venenzuela-periodismo-en.pdf
    • http://www.gorillawalker.com/the-orchestra-violin-fun-book.pdf
    • http://www.gorillawalker.com/know-your-rights-answers-to-texans-everyday-legal-questions.pdf
    • http://www.gorillawalker.com/our-world-road-to-extinction-brain-waves.pdf
    • http://www.gorillawalker.com/lesbian-erotica-lesbian-submission.pdf
    • http://www.gorillawalker.com/a-guide-to-dinosaurs.pdf
    • http://www.gorillawalker.com/principles-of-aerostatics-the-theory-of-lighter-than-air-flight.pdf
    • http://www.gorillawalker.com/civic-duty-the-women-of-west-point-kindle-edition.pdf
    • http://www.gorillawalker.com/ese-sexo-que-no-es-uno-this-sex-which-is.pdf
    • http://www.gorillawalker.com/poems-of-life-poetry.pdf
    • http://www.gorillawalker.com/how-to-measure-training-results-a-practical-guide-to-tracking.pdf
    • http://www.gorillawalker.com/carving-totem-poles-masks.pdf
    • http://www.gorillawalker.com/using-managed-metadata-in-sharepoint-2013.pdf
    • http://www.gorillawalker.com/day-trips-from-portland-oregon-getaway-ideas-for-the-local.pdf
    • http://www.gorillawalker.com/the-global-casino-fifth-edition-an-introduction-to-environmental-issues.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.