Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebeac3e5d24ea222…

MALICIOUS

PDF

43.8 KB Created: 2018-11-26 20:08:57 +03:00 Authoring application: FrameMaker 5.5.6p145 (via Acrobat Distiller 6.0 (Windows))
MD5: 99d5446a4ce09d4b866ee53f62fc0426 SHA-1: e39ef98f9b7a8b6d635e507109c030e3ba4b9fac SHA-256: ebeac3e5d24ea222210d83fc5f80e0cb316b445ff0d6fae4e59985d42fe76a34
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents on the domain www.gorillawalker.com. This suggests a tactic to drive traffic to a large collection of content, potentially for SEO manipulation or to host malicious payloads disguised as legitimate documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/institutions-and-reform-in-africa-the-public-choice-perspective.pdf
    • http://www.gorillawalker.com/chastity-discipline-a-story-of-bisexual-chastity-sissy-cuckold-slavery.pdf
    • http://www.gorillawalker.com/john-dee-s-diary-catalogue-of-manuscripts-and-selected-letters.pdf
    • http://www.gorillawalker.com/q-u-i-t-drugs-advice-on-how-to-quit.pdf
    • http://www.gorillawalker.com/militarizing-the-border-when-mexicans-became-the-enemy.pdf
    • http://www.gorillawalker.com/virginia-from-sea-to-shining-sea-second-library-binding.pdf
    • http://www.gorillawalker.com/guppies-in-tuxedos-funny-eponyms.pdf
    • http://www.gorillawalker.com/strange-plants-take-off-plants.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-minecraft-rabbit-an-unofficial-minecraft-book.pdf
    • http://www.gorillawalker.com/dreyfus-in-rehearsal.pdf
    • http://www.gorillawalker.com/cursed-bbw-to-ditzy-bimbo-bimbofication-erotica.pdf
    • http://www.gorillawalker.com/children-s-handbook-scotland-a-benefits-guide-for-children-living.pdf
    • http://www.gorillawalker.com/the-microbiology-of-safe-food.pdf
    • http://www.gorillawalker.com/the-agile-association-an-article-from-association-management-html-digital.pdf
    • http://www.gorillawalker.com/the-kuiper-belt-the-universe.pdf
    • http://www.gorillawalker.com/web-penetration-testing-with-kali-linux.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-tunisia-by-dk-publishing-dk-travel.pdf
    • http://www.gorillawalker.com/the-grand-coulee-of-washington-and-dry-falls-in-picture.pdf
    • http://www.gorillawalker.com/paraguay-in-wort-und-bild-eine-studie-uber-den-wirtschaftlichen.pdf
    • http://www.gorillawalker.com/rohinton-mistry-writers-of-the-indian-diaspora.pdf
    • http://www.gorillawalker.com/the-greatest-guessing-game-a-book-about-dividing-young-math.pdf
    • http://www.gorillawalker.com/surprise-the-billionaire-s-obsession-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/physical-metallurgy-principles-si-version.pdf
    • http://www.gorillawalker.com/the-angel-and-the-cad-love-loss-and-scandal-in.pdf
    • http://www.gorillawalker.com/undressed-teased-pleased-an-erotic-story-that-goes-deeper.pdf
    • http://www.gorillawalker.com/hindoo-holiday-an-indian-journal-new-york-review-books-classics.pdf
    • http://www.gorillawalker.com/plain-words.pdf
    • http://www.gorillawalker.com/five-ways-to-pay-for-home-healthcare-and-stay-in.pdf
    • http://www.gorillawalker.com/our-canal-in-panama-the-greatest-achievement-in-the-world.pdf
    • http://www.gorillawalker.com/hear-my-prayer-vocal-score-oxford-choral-classics-octavos.pdf
    • http://www.gorillawalker.com/fiddle-time-scales-1-pieces-puzzles-scales-and-arpeggios.pdf
    • http://www.gorillawalker.com/social-dance-and-the-modernist-imagination-in-interwar-britain.pdf
    • http://www.gorillawalker.com/practical-cookery.pdf
    • http://www.gorillawalker.com/national-survey-of-state-laws.pdf
    • http://www.gorillawalker.com/secret-beaches-of-greater-victoria-view-royal-to-sidney.pdf
    • http://www.gorillawalker.com/picture-showmen-insights-into-the-narrative-tradition-in-indian-ar.pdf
    • http://www.gorillawalker.com/handwriting-skills-copybook-1.pdf
    • http://www.gorillawalker.com/town-planning-towards-city-development-a-report-to-the-durbar.pdf
    • http://www.gorillawalker.com/the-telephone-system-of-the-british-post-office-a-practical.pdf
    • http://www.gorillawalker.com/by-ellis-d-avner-pediatric-nephrology-6th-sixth-edition.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.