Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2a99d4ebd8cad6c…

MALICIOUS

PDF

45.2 KB Created: 2018-11-30 20:23:34 +03:00 Authoring application: QuarkXPressª 4.11: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: b72f61714edeb67a0346e3656aeb8f60 SHA-1: 7c086144a276adbd818a76d91e3206231c407b51 SHA-256: e2a99d4ebd8cad6cb8b229ff7570e689ac47a71cae13f779a82092c46a64f5e0
98 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the domain www.gorillawalker.com. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/credo-the-promised-one-servant-and-saviour-credo-series-book.pdf
    • http://www.gorillawalker.com/southern-pacific-railroad-in-eastern-texas-images-of-rail.pdf
    • http://www.gorillawalker.com/cubase-4-tips-and-tricks.pdf
    • http://www.gorillawalker.com/j-r-r-tolkien-a-biography.pdf
    • http://www.gorillawalker.com/traveling-the-trans-canada-from-newfoundland-to-british-columia.pdf
    • http://www.gorillawalker.com/chemical-bonding-and-molecular-geometry-from-lewis-to-electron-densities.pdf
    • http://www.gorillawalker.com/technologies-of-history-visual-media-and-the-eccentricity-of-the.pdf
    • http://www.gorillawalker.com/j-r-r-tolkien-great-life-stories-writers-and-poets.pdf
    • http://www.gorillawalker.com/ballets-modern-dance.pdf
    • http://www.gorillawalker.com/how-to-relax-and-overcome-stress.pdf
    • http://www.gorillawalker.com/index-book-for-use-with-the-plot-genie-romance-without.pdf
    • http://www.gorillawalker.com/workbook-for-mastering-medical-coding-4e.pdf
    • http://www.gorillawalker.com/a-wee-murder-in-my-shop-a-scotshop-mystery.pdf
    • http://www.gorillawalker.com/win-win-career-negotiations-proven-strategies-for-getting-what-you.pdf
    • http://www.gorillawalker.com/mr-food-test-kitchen-quick-easy-comfort-cookbook-more-than.pdf
    • http://www.gorillawalker.com/the-comics-journal-256-october-2003-fort-thunder-forever.pdf
    • http://www.gorillawalker.com/the-tempest-workbook-classic-graphic-novel-collection.pdf
    • http://www.gorillawalker.com/mastery-of-business-presentations-your-guide-to-immediate-success.pdf
    • http://www.gorillawalker.com/zamiatin-s-we-critical-studies-in-russian-literature.pdf
    • http://www.gorillawalker.com/methods-in-ecological-and-agricultural-entomology-history-of-medieval-britain.pdf
    • http://www.gorillawalker.com/melody-of-murder-an-andromeda-spencer-novel-book-2-kindle.pdf
    • http://www.gorillawalker.com/the-uprising-an-unauthorized-tour-of-the-populist-revolt-scaring.pdf
    • http://www.gorillawalker.com/tech-comm-library.pdf
    • http://www.gorillawalker.com/gentry-social-change-in-java-the-tale-of-a-family.pdf
    • http://www.gorillawalker.com/delivering-e-learning-a-complete-strategy-for-design-application-and.pdf
    • http://www.gorillawalker.com/the-statesman-s-yearbook-2015-the-politics-cultures-and-economies.pdf
    • http://www.gorillawalker.com/beautiful-inside-and-out-conquering-thyroid-disease-with-a-healthy.pdf
    • http://www.gorillawalker.com/everything-you-need-to-score-high-on-the-gre-1999.pdf
    • http://www.gorillawalker.com/introduction-to-ratemaking-and-loss-reserving-for-property-and-casualty.pdf
    • http://www.gorillawalker.com/el-temor-de-dios-descubra-la-clave-para-conocer-intimamente.pdf
    • http://www.gorillawalker.com/eyes-wide-open-god-s-final-warning.pdf
    • http://www.gorillawalker.com/homemade-body-lotion-30-organic-body-lotion-recipes-for-gorgeous.pdf
    • http://www.gorillawalker.com/grammar-and-punctuation-grade-6.pdf
    • http://www.gorillawalker.com/berlitz-thailand-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/story-of-an-immigrant-a-russian-boy-born-in-china.pdf
    • http://www.gorillawalker.com/q-skills-for-success-level-5-reading-writing-split-student.pdf
    • http://www.gorillawalker.com/mud-hen-in-a-peacock-parade-a-funny-thing-happened.pdf
    • http://www.gorillawalker.com/finite-transcendence-existential-exile-and-the-myth-of-home.pdf
    • http://www.gorillawalker.com/ger-uschimmissionen-durch-tennisanlagen-zivilrechtlicher-unterlassungsanspruch-der-nachbarn-aus-1004.pdf
    • http://www.gorillawalker.com/how-to-see-yourself-as-you-really-are-unabridged-audible.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.