Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1e499976855aa9b…

MALICIOUS

PDF

39.2 KB Created: 2019-03-16 12:32:36 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: bcb6d32a76503e65891bc09e81a0394a SHA-1: e80644b813c840e57bb05b1ec27622e31688ee76 SHA-256: e1e499976855aa9b97c0b3a2d9906fb52f3f8a19c5d4c85065c5f7b7188bd56d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to a large number of potentially malicious or unwanted PDF documents hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8505

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teen-to-teen-365-daily-devotions-by-teen-guys-for.pdf
    • http://www.gorillawalker.com/bowling-2nd-edition-steps-to-success.pdf
    • http://www.gorillawalker.com/nga-tai-korero-maori-folktales.pdf
    • http://www.gorillawalker.com/the-ivp-atlas-of-bible-history.pdf
    • http://www.gorillawalker.com/kidnapped-nightmare-hall-kindle-edition.pdf
    • http://www.gorillawalker.com/genealogical-and-personal-memoirs-relating-to-the-families-of-boston.pdf
    • http://www.gorillawalker.com/everyday-life-in-ancient-mesopotamia.pdf
    • http://www.gorillawalker.com/a-season-in-hell-the-life-of-rimbaud.pdf
    • http://www.gorillawalker.com/the-truth-is-my-life-in-love-and-music.pdf
    • http://www.gorillawalker.com/codenotes-for-j2ee-ejb-jdbc-jsp-and-servlets-kindle-edition.pdf
    • http://www.gorillawalker.com/classic-myths-to-read-aloud-the-great-stories-of-greek.pdf
    • http://www.gorillawalker.com/water-resources.pdf
    • http://www.gorillawalker.com/birds-of-the-czech-republic.pdf
    • http://www.gorillawalker.com/the-big-book-of-soul-big-book-of-songs.pdf
    • http://www.gorillawalker.com/sportbiking-the-real-world-2-rider-bike-tuning-handbook.pdf
    • http://www.gorillawalker.com/the-bride-gift.pdf
    • http://www.gorillawalker.com/trashy-novel-book-1.pdf
    • http://www.gorillawalker.com/the-warrior-s-path-louis-l-amour.pdf
    • http://www.gorillawalker.com/great-chess-victories-and-defeats.pdf
    • http://www.gorillawalker.com/university-calculus-with-analytic-geometry.pdf
    • http://www.gorillawalker.com/warrior-goddess-training-become-the-woman-you-are-meant-to.pdf
    • http://www.gorillawalker.com/god-s-psychiatry.pdf
    • http://www.gorillawalker.com/everything-s-negotiable-how-to-bargain-better-to-get-what.pdf
    • http://www.gorillawalker.com/designing-positive-behavior-support-plans-innovations.pdf
    • http://www.gorillawalker.com/the-mead-hall-the-feasting-tradition-in-anglo-saxon-england.pdf
    • http://www.gorillawalker.com/cleopatra-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-literacy-coaching.pdf
    • http://www.gorillawalker.com/still-life-with-crows-pendergast-series-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/promise-and-peril-america-at-the-dawn-of-a-global.pdf
    • http://www.gorillawalker.com/psalm-23.pdf
    • http://www.gorillawalker.com/the-lives-she-left-behind.pdf
    • http://www.gorillawalker.com/inland-waterways-of-the-netherlands.pdf
    • http://www.gorillawalker.com/polymers-from-agricultural-coproducts-acs-symposium-series.pdf
    • http://www.gorillawalker.com/gentlehands.pdf
    • http://www.gorillawalker.com/an-invitation-to-3-d-vision-from-images-to-geometric.pdf
    • http://www.gorillawalker.com/a-book-for-girls-about-being-a-girl.pdf
    • http://www.gorillawalker.com/geillan-a-prisoner-s-tale.pdf
    • http://www.gorillawalker.com/camping-recipes-awesome-meals-you-can-prepare-while-being-close.pdf
    • http://www.gorillawalker.com/lonely-planet-pakistan-the-karakoram-highway-country-travel-guide-by.pdf
    • http://www.gorillawalker.com/seiniau-pynciau-dethol-estyn-gwyddoniaeth-welsh-edition.pdf
    • http://www.gorillawalker.com/genealogical-and-personal-memoirs-relating-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.