Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6fef2dd85a4308c…

MALICIOUS

PDF

45.3 KB Created: 2018-11-26 20:07:10 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: c3017cc453fb7c29fbc93b9f2ef56a97 SHA-1: b7fa67009b1973f0de0a01095b87c4e8f459dd77 SHA-256: e6fef2dd85a4308cf309447a6ecad815d3f9f8603a3d0abdbe725141105b7ed2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior, pointing to a large collection of links hosted on 'www.gorillawalker.com'. No scripts were extracted from this sample, and the document body was heavily obfuscated, making it difficult to determine a more specific user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/all-american-model-kindle-edition.pdf
    • http://www.gorillawalker.com/the-legendary-life-and-fables-of-aesop.pdf
    • http://www.gorillawalker.com/ensayo-de-la-historia-civil-de-buenos-aires-tucum-n.pdf
    • http://www.gorillawalker.com/every-picture-tells-a-story-48-evocative-photographs-for-inspiring.pdf
    • http://www.gorillawalker.com/360-degree-industrial-design-fundamentals-of-analytic-product-design.pdf
    • http://www.gorillawalker.com/mathias-hoffmann-design-living-emotions.pdf
    • http://www.gorillawalker.com/a-mare-for-young-wolf-step-into-reading-step-4.pdf
    • http://www.gorillawalker.com/material-failure-in-medical-dental-devices.pdf
    • http://www.gorillawalker.com/risk-neutral-valuation-pricing-and-hedging-of-financial-derivatives-2nd.pdf
    • http://www.gorillawalker.com/medical-pocket-reference-pediatric-drugs.pdf
    • http://www.gorillawalker.com/the-aurum-film-encyclopedia-science-fiction.pdf
    • http://www.gorillawalker.com/the-littlest-angel.pdf
    • http://www.gorillawalker.com/the-psychological-and-social-impact-of-illness-and-disability.pdf
    • http://www.gorillawalker.com/quaker-writings-an-anthology-1650-1920-penguin-classics.pdf
    • http://www.gorillawalker.com/the-alli-diet-plan-your-essential-guide-to-success-with.pdf
    • http://www.gorillawalker.com/the-eye-of-the-fish.pdf
    • http://www.gorillawalker.com/impogna-il-re-no-15-from-la-donna-del-lago.pdf
    • http://www.gorillawalker.com/weekday-wonders-international-edition-paperback.pdf
    • http://www.gorillawalker.com/timed-readings-plus-in-literature-book-1.pdf
    • http://www.gorillawalker.com/dora-s-book-of-manners-dora-the-explorer.pdf
    • http://www.gorillawalker.com/general-veterinary-surgery-by-dr-eugen-frumlohner-authoriz.pdf
    • http://www.gorillawalker.com/study-guide-to-accompany-fundamental-managerial-accounting-concepts.pdf
    • http://www.gorillawalker.com/laser-spectroscopy-xiii-international-conference-hangzhou-china-2-7-june.pdf
    • http://www.gorillawalker.com/the-every-day-book-or-everlasting-calendar-of-popular-amusements.pdf
    • http://www.gorillawalker.com/the-sorcerer-vocal-score-english-a2457.pdf
    • http://www.gorillawalker.com/how-to-survive-the-terrible-twos-diary-of-a-mother.pdf
    • http://www.gorillawalker.com/on-call-in-hell-a-doctor-s-iraq-war-story.pdf
    • http://www.gorillawalker.com/the-spy-on-the-tennessee-walker-a-maggie-fiori-mystery.pdf
    • http://www.gorillawalker.com/linda-lark-registered-nurse-4-the-voyage-every-girl-dreamed.pdf
    • http://www.gorillawalker.com/enciclopedia-de-la-pesca-encyclopedia-of-fishing-caza-y-pesca.pdf
    • http://www.gorillawalker.com/how-to-be-successful-rituals-and-habits-of-highly-successful.pdf
    • http://www.gorillawalker.com/lie-algebras-in-particle-physics-from-isospin-to-unified-theories.pdf
    • http://www.gorillawalker.com/up-and-running-with-autocad-2012-second-edition-2d-and.pdf
    • http://www.gorillawalker.com/the-london-guidebook-1920s-roleplaying-in-the-capital-of-the.pdf
    • http://www.gorillawalker.com/frank-is-a-chihuahua.pdf
    • http://www.gorillawalker.com/complete-guide-to-asset-protection-strategies.pdf
    • http://www.gorillawalker.com/just-a-daydream-little-critter.pdf
    • http://www.gorillawalker.com/rock-climbing-lake-tahoe.pdf
    • http://www.gorillawalker.com/seeing-beyond-depression-church-life-by-vanier-jean-2001.pdf
    • http://www.gorillawalker.com/applying-six-sigma-tools-to-human-resources-case-studies-and.pdf
    • http://www.gorillawalker.com/mathia
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.