Malicious PDF — malware analysis report

Static analysis result for SHA-256 e142a5297048b22d…

MALICIOUS

PDF

45.7 KB Created: 2018-11-14 11:22:43 +03:00 Authoring application: Adobe InDesign CS2_J (4.0.5) (via Adobe PDF Library 7.0)
MD5: b2a3b019cc77b2c5e13490476e0fef05 SHA-1: 661d72d77fb841ad3f363a2c1caad8a1aeb505ef SHA-256: e142a5297048b22d408e12a7de3df2b6583c263c280b00af2ef31cf40335dc80
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a link farm designed to drive traffic to numerous PDF files hosted on www.gorillawalker.com, likely for SEO manipulation or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cyberaser.pdf
    • http://www.gorillawalker.com/s-mtliche-werke-band-9-essays-i-betrachtungen-zur-zeit.pdf
    • http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-kawasaki-singles.pdf
    • http://www.gorillawalker.com/breathtaking-respiratory-system-god-s-wonderous-machine.pdf
    • http://www.gorillawalker.com/fodor-s-see-it-paris-3rd-edition-full-color-travel.pdf
    • http://www.gorillawalker.com/seminars-in-colon-rectal-surgery-chemotherapy-volume-19-number-4.pdf
    • http://www.gorillawalker.com/church-history-an-introduction-to-research-reference-works-and-methods.pdf
    • http://www.gorillawalker.com/the-erotics-of-war-in-german-romanticism.pdf
    • http://www.gorillawalker.com/la-repubblica-di-venezuela-guzman-blanco-ed-il-suo-messaggio.pdf
    • http://www.gorillawalker.com/vintage-menswear-a-collection-from-the-vintage-showroom.pdf
    • http://www.gorillawalker.com/all-or-nothing-at-all-a-life-of-frank-sinatra.pdf
    • http://www.gorillawalker.com/health-and-safety-management-principles-and-best-practice.pdf
    • http://www.gorillawalker.com/india-of-the-vedic-age-with-reference-to-the-mahabharata.pdf
    • http://www.gorillawalker.com/art-of-problem-solving-introduction-to-counting-and-probability-textbook.pdf
    • http://www.gorillawalker.com/qualitative-communication-research-methods.pdf
    • http://www.gorillawalker.com/cadenza-solo-viola.pdf
    • http://www.gorillawalker.com/myles-textbook-for-midwives-16e.pdf
    • http://www.gorillawalker.com/searching-for-recognition-the-promotion-of-latin-american-literature-in.pdf
    • http://www.gorillawalker.com/salvese-quien-pueda-novela-de-humor-en-cuba-spanish-edition.pdf
    • http://www.gorillawalker.com/naruto-3-in-1-edition-vol-3-includes-vols-7.pdf
    • http://www.gorillawalker.com/paris-princeton-lectures-on-mathematical-finance-2003-lecture-notes-in.pdf
    • http://www.gorillawalker.com/a-weekend-visit.pdf
    • http://www.gorillawalker.com/contrarian-investment-strategy-the-psychology-of-stock-market-success.pdf
    • http://www.gorillawalker.com/research-explorations-in-adult-attachment-american-university-studies-series-viii.pdf
    • http://www.gorillawalker.com/child-and-adolescent-sleep-an-issue-of-sleep-medicine-clinics.pdf
    • http://www.gorillawalker.com/chocolate-bible-cordon-bleu.pdf
    • http://www.gorillawalker.com/breakthrough-success-secrets-for-selling-out-of-this-world-telescopes.pdf
    • http://www.gorillawalker.com/texes-science-8-12-136-secrets-study-guide-texes-test.pdf
    • http://www.gorillawalker.com/ethiopia-making-sense-of-the-past-and-the-present-with.pdf
    • http://www.gorillawalker.com/the-guitarist-s-scale-book.pdf
    • http://www.gorillawalker.com/crystal-structures-a-working-approach-studies-in-physics-and-chemistry.pdf
    • http://www.gorillawalker.com/reporting-clear-a-pilot-s-interview-guide-to-background-checks.pdf
    • http://www.gorillawalker.com/de-compras-con-l-y-ella-t-cnicas-de-mercadeo.pdf
    • http://www.gorillawalker.com/the-citizen-s-guide-to-planning-4th-edition-citizens-planning.pdf
    • http://www.gorillawalker.com/to-be-a-u-s-air-force-pilot.pdf
    • http://www.gorillawalker.com/destiny-awaits.pdf
    • http://www.gorillawalker.com/key-words-with-peter-and-jane-3-let-me-write.pdf
    • http://www.gorillawalker.com/the-art-of-writing-speaking-the-english-language-hardback-common.pdf
    • http://www.gorillawalker.com/too-hot-to-hoot-funny-palindrome-riddles.pdf
    • http://www.gorillawalker.com/bill-elliott-the-peaceable-man.pdf
    • http://www.gorillawalker.com/church-history-an-introduction-to-research-reference-wor
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.