Malicious PDF — malware analysis report

Static analysis result for SHA-256 e7289b5c8b3d5e58…

MALICIOUS

PDF

40.2 KB Created: 2019-03-17 11:02:54 +03:00 Authoring application: Adobe InDesign CC 2014 (Macintosh) (via Adobe PDF Library 11.0)
MD5: 3ff523bb98168d1532ff526304b74fae SHA-1: 95ee5f72c7b6f34a833c85e53a1c34b25ca1c601 SHA-256: e7289b5c8b3d5e5897404e6668d33b939d3dc0d0aefbbaa1036e8a5cfc5a2365
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/theory-of-remote-image-formation.pdf
    • http://www.gorillawalker.com/the-writing-of-orpheus-greek-myth-in-cultural-context.pdf
    • http://www.gorillawalker.com/the-late-scholar-the-lord-peter-wimsey-and-harriet-book.pdf
    • http://www.gorillawalker.com/nudge-improving-decisions-about-health-wealth-and-happiness-expanded-edition.pdf
    • http://www.gorillawalker.com/don-t-give-up-the-ship-myths-of-the-war.pdf
    • http://www.gorillawalker.com/love-soul-freedom-dancing-with-rumi-on-the-mystic-path.pdf
    • http://www.gorillawalker.com/the-greatest-80s-rock-guitar.pdf
    • http://www.gorillawalker.com/rabbit-housing-planning-building-and-equipping-facilities-for-humanely-raising.pdf
    • http://www.gorillawalker.com/encountering-affect-capacities-apparatuses-conditions.pdf
    • http://www.gorillawalker.com/grrl-alex-a-personal-journey-to-a-transgender-identity.pdf
    • http://www.gorillawalker.com/developing-the-leader-within-you-kindle-edition.pdf
    • http://www.gorillawalker.com/women-in-muslim-family-law-contemporary-issues-in-the-middle.pdf
    • http://www.gorillawalker.com/the-ocean-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/leni-riefenstahl-and-olympia-scarecrow-filmmakers-series.pdf
    • http://www.gorillawalker.com/alcohol-teen-rights-and-freedoms.pdf
    • http://www.gorillawalker.com/seaboard-air-line-railway-the-route-of-courteous-service.pdf
    • http://www.gorillawalker.com/el-dia-que-me-quieras-the-day-you-love-me.pdf
    • http://www.gorillawalker.com/the-healing-power-of-forests-the-philosophy-behind-restoring-earth.pdf
    • http://www.gorillawalker.com/the-gospel-of-buddha-compiled-from-ancient-records-illustrated-kindle.pdf
    • http://www.gorillawalker.com/american-savage-the-savages.pdf
    • http://www.gorillawalker.com/into-the-darkness-dark-realm-series.pdf
    • http://www.gorillawalker.com/the-metropolitan-revolution-how-cities-and-metros-are-fixing-our.pdf
    • http://www.gorillawalker.com/the-power-of-song-music-and-dance-in-the-mission.pdf
    • http://www.gorillawalker.com/the-german-corpse-factory-a-study-in-first-world-war.pdf
    • http://www.gorillawalker.com/durban-kwazulu-natal-footprint-focus-guide-by-williams-lizzie-2011.pdf
    • http://www.gorillawalker.com/2013-calendar-flower-spirits-2013-pocket-planner.pdf
    • http://www.gorillawalker.com/the-process-of-financial-planning-developing-a-financial-plan.pdf
    • http://www.gorillawalker.com/the-forks-of-the-ohio.pdf
    • http://www.gorillawalker.com/meg-cabot-who-wrote-that.pdf
    • http://www.gorillawalker.com/reign-fall-demon-princess-demon-princess-novel.pdf
    • http://www.gorillawalker.com/by-dk-publishing-dk-eyewitness-travel-guide-new-zealand-revised.pdf
    • http://www.gorillawalker.com/the-overcoming-life.pdf
    • http://www.gorillawalker.com/sims-2-box-set-prima-official-game-guide.pdf
    • http://www.gorillawalker.com/uncle-s-magic-thrownet.pdf
    • http://www.gorillawalker.com/from-where-i-sit-making-my-way-with-cerebral-palsey.pdf
    • http://www.gorillawalker.com/the-folk-dance-costume-atlas-of-poland-history-geography-music.pdf
    • http://www.gorillawalker.com/parties-in-congress.pdf
    • http://www.gorillawalker.com/sharing-ideas-resources-to-keep-our-nation-s-schools-safe.pdf
    • http://www.gorillawalker.com/disappearing-curtains.pdf
    • http://www.gorillawalker.com/star-of-the-king-the-christian-s-guide-to-learning.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.