Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebd7d63133173d31…

MALICIOUS

PDF

44.3 KB Created: 2019-04-11 12:43:51 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: dffe89a076a74eb4975e7df14208f84c SHA-1: 25a7d06dbfda30c3ed3a3efe65a43bb38bb78dd6 SHA-256: ebd7d63133173d314c712e09786ea3df8f263ad3228ae2c7fcdcb61c62ed91ce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO poisoning or phishing attack. The links point to various PDF documents hosted on gorillawalker.com, suggesting a coordinated effort to distribute content or lure users. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/melodies-of-the-heart-op-5-jeg-elsker-dig-no.pdf
    • http://www.gorillawalker.com/ebay-mojo-powerseller-secrets-how-anyone-can-make-money-on.pdf
    • http://www.gorillawalker.com/intelligent-cities-enabling-tools-and-technology-digital.pdf
    • http://www.gorillawalker.com/ancient-greeks-creating-the-classical-tradition-oxford-profiles.pdf
    • http://www.gorillawalker.com/some-girls-never-learn-5-short-stories.pdf
    • http://www.gorillawalker.com/sight-reduction-tables-for-air-navigation-vol-3-latitudes-39.pdf
    • http://www.gorillawalker.com/principles-of-auditing-and-other-assurance-services-with-dynamic-accounting.pdf
    • http://www.gorillawalker.com/imager-s-battalion-the-sixth-book-of-the-imager-portfolio.pdf
    • http://www.gorillawalker.com/the-compound-effect-audio-program.pdf
    • http://www.gorillawalker.com/3d-eyewitness-plant.pdf
    • http://www.gorillawalker.com/successful-project-sponsorship-a-time-saver-for-the-busy-executive.pdf
    • http://www.gorillawalker.com/the-blondes-lay-content.pdf
    • http://www.gorillawalker.com/dentofacial-deformities-integrated-orthodontic-and-surgical-correction-volume-iii.pdf
    • http://www.gorillawalker.com/the-law-emprynted-and-englysshed-the-printing-press-as-an.pdf
    • http://www.gorillawalker.com/loose-leaf-for-public-finance.pdf
    • http://www.gorillawalker.com/how-to-build-hot-rod-trucks.pdf
    • http://www.gorillawalker.com/social-capital-as-a-health-resource-in-later-life-the.pdf
    • http://www.gorillawalker.com/durability-in-construction-rebuilding-traditions-in-21st-century-architecture.pdf
    • http://www.gorillawalker.com/failures-in-concrete-structures-case-studies-in-reinforced-and-prestressed.pdf
    • http://www.gorillawalker.com/jean-pagliuso-the-poultry-suite.pdf
    • http://www.gorillawalker.com/german-q-s-learn-to-speak-and-understand-german-with.pdf
    • http://www.gorillawalker.com/the-museum-educator-s-manual-educators-share-successful-techniques-american.pdf
    • http://www.gorillawalker.com/the-little-black-classics-atheist-s-mass.pdf
    • http://www.gorillawalker.com/sabina-part-2-pt-2.pdf
    • http://www.gorillawalker.com/atlas-der-kindernephrourologie-german-edition.pdf
    • http://www.gorillawalker.com/son-of-the-gods-book-2-from-the-journals-of.pdf
    • http://www.gorillawalker.com/new-italians.pdf
    • http://www.gorillawalker.com/the-road-to-kabul-an-anthology.pdf
    • http://www.gorillawalker.com/information-exchange-for-medical-devices-studies-in-health-technology-and.pdf
    • http://www.gorillawalker.com/handbook-of-gastrointestinal-motility-and-functional-disorders.pdf
    • http://www.gorillawalker.com/there-must-be-a-way-52-bridge-hands-to-challenge.pdf
    • http://www.gorillawalker.com/la-moglie-afghana-enewton-saggistica-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/maurice-s-strategikon-handbook-of-byzantine-military-strategy-the-middle.pdf
    • http://www.gorillawalker.com/a-breed-apart-an-illustrated-history-in-goaltending.pdf
    • http://www.gorillawalker.com/z-hne-preiswert-und-gut-sanieren-wo-wege-aus-der.pdf
    • http://www.gorillawalker.com/a-genetic-and-cultural-odyssey-the-life-and-work-of.pdf
    • http://www.gorillawalker.com/siva-sutras-the-yoga-of-supreme-identity.pdf
    • http://www.gorillawalker.com/chinese-made-easy-textbook-1-simplified-characters-bk-1-chinese.pdf
    • http://www.gorillawalker.com/the-quest-for-immortality-science-at-the-frontiers-of-aging.pdf
    • http://www.gorillawalker.com/organic-cafe-cookbook.pdf
    • http://www.gorillawalker.com/imager-s-battalion-the-sixth-book-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.