Malicious PDF — malware analysis report

Static analysis result for SHA-256 df192420a2d59ec6…

MALICIOUS

PDF

42.8 KB Created: 2019-04-28 10:30:23 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 0c50f5726296628d5526d48bd5ae5249 SHA-1: 48f57102ceca56c9bcdb858cd59e41e3bf20bea4 SHA-256: df192420a2d59ec61745e76fabccb5a83cbd11749702133500f3bde0ba0089ce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com, likely for SEO manipulation or to host malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fertile-minds-long-island-inventors-innovators.pdf
    • http://www.gorillawalker.com/against-medical-fascism-in-the-usa-a-documentary-kindle-edition.pdf
    • http://www.gorillawalker.com/power-electronics-converters-applications-and-design.pdf
    • http://www.gorillawalker.com/hydraulics-and-hydrology-bridge-highway-and-city-road-bridge-engineering.pdf
    • http://www.gorillawalker.com/j-ai-vaincu-l-impuissance-et-je-revis-french-edition.pdf
    • http://www.gorillawalker.com/felipe-the-flamingo.pdf
    • http://www.gorillawalker.com/trombone-concerto-for-solo-trombone-and-concert-band-conductor-score.pdf
    • http://www.gorillawalker.com/i-can-t-have-bannock-but-the-beaver-has-a.pdf
    • http://www.gorillawalker.com/barack-obama-s-seal-scroll-life-revolution-theory-seal-barack.pdf
    • http://www.gorillawalker.com/blood-type-diet-journal-the-blokehead-journals.pdf
    • http://www.gorillawalker.com/the-littlest-cowboy-the-texas-brands-volume-1.pdf
    • http://www.gorillawalker.com/arpack-user-s-guide-solution-of-large-scale-eigenvalue-problems.pdf
    • http://www.gorillawalker.com/the-greatest-course-that-never-was-the-secret-of-augusta.pdf
    • http://www.gorillawalker.com/small-animal-practice-internal-medicine-and-the-geriatric-patienta-the.pdf
    • http://www.gorillawalker.com/imagining-bodies-merleau-ponty-s-philosophy-of-imagination.pdf
    • http://www.gorillawalker.com/i-spy-spectacular-a-book-of-picture-riddles.pdf
    • http://www.gorillawalker.com/the-new-global-mission-the-gospel-from-everywhere-to-everyone.pdf
    • http://www.gorillawalker.com/the-summoning-darkest-powers.pdf
    • http://www.gorillawalker.com/a-lesson-plan-for-woodturning-step-by-step-instructions-for.pdf
    • http://www.gorillawalker.com/con-la-otra-mano-serie-igualitos-nueve-pececitos-igualitos-nine.pdf
    • http://www.gorillawalker.com/women-and-workplace-discrimination-overcoming-barriers-to-gender-equality.pdf
    • http://www.gorillawalker.com/arnsparger-s-coaching-defensive-football.pdf
    • http://www.gorillawalker.com/entertainment-law-on-a-global-stage-american-casebook-series.pdf
    • http://www.gorillawalker.com/showa-1939-1944-a-history-of-japan-showa-a-history.pdf
    • http://www.gorillawalker.com/the-moral-sense-free-press-paperbacks.pdf
    • http://www.gorillawalker.com/drawing-mentor-7-10-sketching-the-land-water-and-sky.pdf
    • http://www.gorillawalker.com/stroke-sourcebook-basic-consumer-health-information-about-stroke-health-reference.pdf
    • http://www.gorillawalker.com/easy-origami-reading-rainbow-books.pdf
    • http://www.gorillawalker.com/othello-oxford-school-shakespeare-oxford-school-shakespeare-series.pdf
    • http://www.gorillawalker.com/tiffany-hot-sexy-band-48-german-edition.pdf
    • http://www.gorillawalker.com/recent-lifeline-seismic-risk-studies-technical-council-on-lifeline-earthquake.pdf
    • http://www.gorillawalker.com/lippincott-s-illustrated-q-a-review-of-biochemistry.pdf
    • http://www.gorillawalker.com/stories-in-tracks-sign-reading-the-clues-that-animals-leave.pdf
    • http://www.gorillawalker.com/zombies-stained-glass-coloring-book-dover-stained-glass-coloring-book.pdf
    • http://www.gorillawalker.com/the-daily-show-with-jon-stewart-presents-america-the-audiobook.pdf
    • http://www.gorillawalker.com/earthquake-processes-physical-modelling-numerical-simulation-and-data-analysis-part.pdf
    • http://www.gorillawalker.com/cheap-the-real-cost-of-the-global-trend-for-bargains.pdf
    • http://www.gorillawalker.com/demon-love-spell-vol-4.pdf
    • http://www.gorillawalker.com/pike-national-forest-trail-information-for-any-age-group-and.pdf
    • http://www.gorillawalker.com/tang-dynasty-stories.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.