Malicious PDF — malware analysis report

Static analysis result for SHA-256 eba867374bfc753a…

MALICIOUS

PDF

45.1 KB Created: 2018-11-21 20:53:06 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.3.2 (Windows))
MD5: ba771785a46f6e95f2a6f64d439f9837 SHA-1: 861a4424b1e45376df5c9fc726db6baa924ee1c3 SHA-256: eba867374bfc753aec45b29ab9433ae394e8930e2a079bc99e2e5d63cc2c8628
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, predominantly hosted on 'www.gorillawalker.com'. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or host malicious content, possibly as a lure or part of a larger phishing campaign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kids-travel-journal-my-trip-to-florence.pdf
    • http://www.gorillawalker.com/protecting-privacy-in-private-international-and-procedural-law-and-by.pdf
    • http://www.gorillawalker.com/cross-disciplinary-perspectives-on-a-contested-buddhist-site-bodh-gaya.pdf
    • http://www.gorillawalker.com/the-collapse-of-the-third-republic-an-inquiry-into-the.pdf
    • http://www.gorillawalker.com/physics-and-astronomy-1-cambridge-advanced-sciences-v-1-polish.pdf
    • http://www.gorillawalker.com/physiology-of-cross-country-ski-racing.pdf
    • http://www.gorillawalker.com/syntony-and-spark-the-origins-of-radio-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/wallace-and-gromit-essential-guide-curse-of-the-were-rabbit.pdf
    • http://www.gorillawalker.com/sheep-flock-health-a-planned-approach.pdf
    • http://www.gorillawalker.com/the-official-pocket-guide-to-diabetic-exchanges-choose-your-foods.pdf
    • http://www.gorillawalker.com/jormungand-vol-3.pdf
    • http://www.gorillawalker.com/the-judge-of-ages-count-to-a-trillion.pdf
    • http://www.gorillawalker.com/mass-communications-and-media-studies-an-introduction.pdf
    • http://www.gorillawalker.com/the-big-book-of-angel-tarot-the-essential-guide-to.pdf
    • http://www.gorillawalker.com/the-diabetic-kidney-contemporary-diabetes.pdf
    • http://www.gorillawalker.com/modern-american-remedies-cases-and-materials-supplement.pdf
    • http://www.gorillawalker.com/james-clinton-neill-the-shadow-commander-of-the-alamo.pdf
    • http://www.gorillawalker.com/textbook-of-functional-analysis-a-problem-oriented-approach.pdf
    • http://www.gorillawalker.com/the-homeless-other-america.pdf
    • http://www.gorillawalker.com/shell-games-the-life-and-times-of-pearl-mcgill-industrial.pdf
    • http://www.gorillawalker.com/a-leader-s-guide-to-the-struggle-to-be-strong.pdf
    • http://www.gorillawalker.com/brunner-and-suddarth-s-textbook-of-medical-surgical-nursing-11th.pdf
    • http://www.gorillawalker.com/yukon-river-an-adventure-to-the-gold-fields-of-the.pdf
    • http://www.gorillawalker.com/comparative-commentaries-on-private-international-law-or-conflict-of-laws.pdf
    • http://www.gorillawalker.com/gender-swap-bundle-3-gender-swap-feminization-transformation-stories-gender.pdf
    • http://www.gorillawalker.com/badminton-doubles-an-introduction-kindle-edition.pdf
    • http://www.gorillawalker.com/hellenistic-philosophy-of-mind-hellenistic-culture-and-society.pdf
    • http://www.gorillawalker.com/metallurgical-applications-of-the-electron-microscope.pdf
    • http://www.gorillawalker.com/behind-the-academic-curtain-how-to-find-success-and-happiness.pdf
    • http://www.gorillawalker.com/cemetery-inscriptions-and-revolutionary-war-of-1812-and-civil-war.pdf
    • http://www.gorillawalker.com/the-history-of-st-kilda.pdf
    • http://www.gorillawalker.com/fabrics-in-fashion-design-the-way-successful-fashion-designers-use.pdf
    • http://www.gorillawalker.com/us-and-them-the-science-of-identity.pdf
    • http://www.gorillawalker.com/american-art-nouveau-the-poster-period-of-john-sloan-a.pdf
    • http://www.gorillawalker.com/clinical-virology-3rd-edition.pdf
    • http://www.gorillawalker.com/natural-history-museum-butterflies-notebook.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-play.pdf
    • http://www.gorillawalker.com/packing-heat-futanari-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/her-master-s-touch-she-was-drawn-to-him-even.pdf
    • http://www.gorillawalker.com/he-came-to-me-by-moonlight-kindle-edition.pdf
    • http://www.gorillawalker.com/physiology-of-cross-country-ski-raci
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.