Malicious PDF — malware analysis report

Static analysis result for SHA-256 dfa386d2032628c6…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 08:53:32 +03:00 Authoring application: - (via Mac OS X 10.6.7 Quartz PDFContext)
MD5: dd63bd82e1c1eff00d6a2297c7c15494 SHA-1: f94fe014c046b1ac158bae03103ef573fc68a0b4 SHA-256: dfa386d2032628c627d4988b7859b427bb9dcec370f41e8b6af3d61f04be5be0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external PDF links, with the first being http://www.gorillawalker.com/the-cinematic-theater.pdf. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to redirect users to malicious content hosted on the linked domains. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-cinematic-theater.pdf
    • http://www.gorillawalker.com/animal-societies-how-animals-behave.pdf
    • http://www.gorillawalker.com/kept-by-the-centaurs.pdf
    • http://www.gorillawalker.com/public-speaking-challenges-and-choices.pdf
    • http://www.gorillawalker.com/cuanta-tierra-necesita-un-hombre-ilustrados-spanish-edition.pdf
    • http://www.gorillawalker.com/defining-memory-local-museums-and-the-construction-of-history-in.pdf
    • http://www.gorillawalker.com/daily-warm-ups-math-grade-7.pdf
    • http://www.gorillawalker.com/summary-honda-motor-tetsuo-sakiya-kindle-edition.pdf
    • http://www.gorillawalker.com/sound-gareth-stevens-vital-science-physical-science.pdf
    • http://www.gorillawalker.com/foundations-of-education-vol-1-2nd-edition.pdf
    • http://www.gorillawalker.com/simon-cowell-the-man-who-changed-the-world.pdf
    • http://www.gorillawalker.com/the-brave-new-service-strategy-aligning-customer-relationships-market-strategies.pdf
    • http://www.gorillawalker.com/frommer-s-washington-d-c-2002-frommer-s-complete-guides.pdf
    • http://www.gorillawalker.com/a-career-in-clinical-psychology-from-training-to-employment.pdf
    • http://www.gorillawalker.com/multicultural-america.pdf
    • http://www.gorillawalker.com/jolly-phonics-starter-kit-with-dvd.pdf
    • http://www.gorillawalker.com/adan-y-eva-sexo-alquimico-spanish-edition.pdf
    • http://www.gorillawalker.com/the-kingdom-blueprint.pdf
    • http://www.gorillawalker.com/semiconductor-lasers-and-heterojunction-leds-quantum-electronics-principles-and-applications.pdf
    • http://www.gorillawalker.com/lingua-latina-pars-i-familia-romana-pt-1.pdf
    • http://www.gorillawalker.com/abc-pronunciary-american-english-pronunciation-dictionary-learn-to-speak-english.pdf
    • http://www.gorillawalker.com/clinical-pharmacology-8th-edition-english-chinese-edition.pdf
    • http://www.gorillawalker.com/beyond-pasta-beyond-series.pdf
    • http://www.gorillawalker.com/does-socrates-have-a-method-rethinking-the-elenchus-in-plato.pdf
    • http://www.gorillawalker.com/the-unexpected-legacy-of-divorce-a-25-year-landmark-study.pdf
    • http://www.gorillawalker.com/magnetohydrodynamics-fluid-mechanics-and-its-applications.pdf
    • http://www.gorillawalker.com/adolescencia-c.pdf
    • http://www.gorillawalker.com/river-training-techniques-fundamentals.pdf
    • http://www.gorillawalker.com/laudato-si-on-care-for-our-common-home.pdf
    • http://www.gorillawalker.com/animal-tracking-basics.pdf
    • http://www.gorillawalker.com/bobbed-hair-and-bathtub-gin.pdf
    • http://www.gorillawalker.com/appalachian-crossing-the-pocahontas-roads.pdf
    • http://www.gorillawalker.com/the-puritan-dilemma-the-story-of-john-winthrop.pdf
    • http://www.gorillawalker.com/currents-of-thought-in-american-social-psychology.pdf
    • http://www.gorillawalker.com/using-technology-to-unlock-musical-creativity.pdf
    • http://www.gorillawalker.com/soul-reading-japanese-edition.pdf
    • http://www.gorillawalker.com/das-grosse-gewinnerbuch-mit-den-besten-strategien-fur-lotterien-roulette.pdf
    • http://www.gorillawalker.com/payment-systems-examples-explanations-3rd-07-by-brook-james-paperback.pdf
    • http://www.gorillawalker.com/disasters-collective-behavior-and-social-organization.pdf
    • http://www.gorillawalker.com/an-introduction-to-surface-analysis-by-xps-and-aes.pdf
    • http://www.gorillawalker.com/summary-honda
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.