Malicious PDF — malware analysis report

Static analysis result for SHA-256 e286c0ab31647ff2…

MALICIOUS

PDF

46.1 KB Created: 2018-11-23 21:03:26 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: e07cb53ca0cd7d077c10e0d16374bf26 SHA-1: cc6b64b74ecc6c81009e9006044c2e8a88f2575c SHA-256: e286c0ab31647ff24a15467b41fcf599ef504802f453966afd03d645572ce287
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com, which likely serves as a gateway to malicious content or phishing pages. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sex-the-supreme-court-obscenity-and-indecency-laws-in-canada.pdf
    • http://www.gorillawalker.com/bikers-baby-bbw-motorcycle-pregnancy-romance.pdf
    • http://www.gorillawalker.com/recovering-precious-metals-a-complete-workshop-treatise.pdf
    • http://www.gorillawalker.com/x-rated-menage-erotica-ffm.pdf
    • http://www.gorillawalker.com/the-secret-of-the-ninth-planet-bengali-edition.pdf
    • http://www.gorillawalker.com/state-map-miami-metro-beach-25.pdf
    • http://www.gorillawalker.com/seismic-strong-motion-synthetics-computational-techniques-vol-4.pdf
    • http://www.gorillawalker.com/her-plaything.pdf
    • http://www.gorillawalker.com/national-geographic-kids-125-true-stories-of-amazing-pets-inspiring.pdf
    • http://www.gorillawalker.com/torts-summary-for-law-schools-negligence-intentional-torts-strict-liability.pdf
    • http://www.gorillawalker.com/the-golf-course.pdf
    • http://www.gorillawalker.com/meet-eve-bunting-about-the-author.pdf
    • http://www.gorillawalker.com/the-apocrypha-in-the-irish-church-manuscript-studies-guides.pdf
    • http://www.gorillawalker.com/texas-advance-sheet-may-2012-kindle-edition.pdf
    • http://www.gorillawalker.com/the-future-of-higher-education-perspectives-from-america-s-academic.pdf
    • http://www.gorillawalker.com/kinnie-wagner-the-complete-kinnie-wagner-story-reprinted-from-pug.pdf
    • http://www.gorillawalker.com/who-grows-up-in-the-forest-a-book-about-forest.pdf
    • http://www.gorillawalker.com/the-mountains-of-romania-cicerone-mountain-guide.pdf
    • http://www.gorillawalker.com/how-to-start-a-profitable-worm-business-on-a-shoestring.pdf
    • http://www.gorillawalker.com/mafalda-y-las-frases-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-crisis.pdf
    • http://www.gorillawalker.com/following-the-cultured-public-s-chosen-one-why-martensen-mattered.pdf
    • http://www.gorillawalker.com/winning-is-everything.pdf
    • http://www.gorillawalker.com/frommer-s-walking-tours-new-york.pdf
    • http://www.gorillawalker.com/elementary-matrix-theory-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/grant-green-rediscovering-the-forgotten-genuis-of-jazz-guitar.pdf
    • http://www.gorillawalker.com/fluvial-processes-in-geomorphology-dover-earth-science-paperback-1995-author.pdf
    • http://www.gorillawalker.com/the-marathon-watch-kindle-edition.pdf
    • http://www.gorillawalker.com/image-recognition-and-classification-algorithms-systems-and-applications-optical-science.pdf
    • http://www.gorillawalker.com/the-gift-of-breath.pdf
    • http://www.gorillawalker.com/crime-scene-chemistry-for-the-armchair-sleuth-publisher-prometheus-books.pdf
    • http://www.gorillawalker.com/knowledge-information-and-the-business-process-revolutionary-thinking-or-common.pdf
    • http://www.gorillawalker.com/waiting-for-an-army-to-die-the-tragedy-of-agent.pdf
    • http://www.gorillawalker.com/the-behavior-of-the-laboratory-rat-a-handbook-with-tests.pdf
    • http://www.gorillawalker.com/weapons-of-mass-destruction-writing-the-critical-essay.pdf
    • http://www.gorillawalker.com/camerimage-2004-international-film-festival-of-the-art-of-cinematography.pdf
    • http://www.gorillawalker.com/distrofias-y-degeneraciones-corneales-corneal-dystophies-and-degenerations-spanish-edition.pdf
    • http://www.gorillawalker.com/wallace-d-wattles-premium-collection-9-books-the-science-of.pdf
    • http://www.gorillawalker.com/pearson-algebra-1-common-core-vol-1-teacher-s-edition.pdf
    • http://www.gorillawalker.com/advances-in-quantum-chemistry-vol-14-volume-14-v-14.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.