Malicious PDF — malware analysis report

Static analysis result for SHA-256 f360db5efc2af614…

MALICIOUS

PDF

44.8 KB Created: 2019-02-13 19:54:16 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: d2b0679b1cb18b705bb3432b9048d466 SHA-1: e3ee1752e915d6671ecf200c59ae7567d40c68a1 SHA-256: f360db5efc2af614fae29e60d88e453d4666a88919ad067f49632dc99899f69c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the domain 'gorillawalker.com'. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large number of potentially malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/boys-at-war-men-at-peace-former-enemy-air-combatants.pdf
    • http://www.gorillawalker.com/chicken-nutrition-a-guide-for-nutritionists-and-poultry-professionals.pdf
    • http://www.gorillawalker.com/basic-offshore-safety-safety-induction-and-emergency-training-for-new.pdf
    • http://www.gorillawalker.com/allgemeine-anleitung-zur-berechnung-der-leibrenten-und-anwartschaften-volume-2.pdf
    • http://www.gorillawalker.com/sexing-the-body-gender-politics-and-the-construction-of-sexuality.pdf
    • http://www.gorillawalker.com/how-to-choose-an-orthodontist.pdf
    • http://www.gorillawalker.com/four-views-on-eternal-security.pdf
    • http://www.gorillawalker.com/slapping-techniques-complete-electric-bass-player.pdf
    • http://www.gorillawalker.com/medical-jokes-and-humour.pdf
    • http://www.gorillawalker.com/la-maldici-n-de-los-borbones-de-la-locura-de.pdf
    • http://www.gorillawalker.com/savard-lee-international-symposium-on-bath-smelting.pdf
    • http://www.gorillawalker.com/labconnection-on-dvd-for-network.pdf
    • http://www.gorillawalker.com/combo-seeley-s-essentials-of-anatomy-physiology-w-connect-plus.pdf
    • http://www.gorillawalker.com/the-fashion-dictionary-a-visual-resource-for-terms-techniques-and.pdf
    • http://www.gorillawalker.com/health-program-planning-and-evaluation-a-practical-systematic-approach-for.pdf
    • http://www.gorillawalker.com/too-taboo-erotica-superbundle-fifteen-forbidden-sex-stories-kindle-edition.pdf
    • http://www.gorillawalker.com/travels-in-egypt-syria-cyprus-the-morea-greece-italy-etc.pdf
    • http://www.gorillawalker.com/father-seraphim-rose-his-life-and-works.pdf
    • http://www.gorillawalker.com/path-of-the-assassin-vol-13.pdf
    • http://www.gorillawalker.com/the-origin-of-species-by-means-of-natural-selection-or.pdf
    • http://www.gorillawalker.com/bibliography-of-skiing-studies.pdf
    • http://www.gorillawalker.com/negima-37.pdf
    • http://www.gorillawalker.com/breathing-speech-and-song.pdf
    • http://www.gorillawalker.com/blackstone-s-eu-treaties-legislation-2014-2015-blackstone-s-statutes.pdf
    • http://www.gorillawalker.com/mastering-commodity-futures-options-a-step-by-step-guide-to.pdf
    • http://www.gorillawalker.com/life-in-new-amsterdam-picture-the-past.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-ultimate-musical-adventures-music-rough-guides.pdf
    • http://www.gorillawalker.com/worship-by-the-book.pdf
    • http://www.gorillawalker.com/le-francais-avec-jeux-et-activites-volume-2-french-edition.pdf
    • http://www.gorillawalker.com/outies-mote-series-book-3.pdf
    • http://www.gorillawalker.com/fodor-s-guide-to-south-america-1968.pdf
    • http://www.gorillawalker.com/a-concise-introduction-to-programming-in-python-chapman-hall-crc.pdf
    • http://www.gorillawalker.com/the-social-nature-of-cryptocurrencies-or-what-would-marx-say.pdf
    • http://www.gorillawalker.com/brown-bears.pdf
    • http://www.gorillawalker.com/astrolog-a-una-gu-a-simple-para-el-xito-personal.pdf
    • http://www.gorillawalker.com/chibi-vampire-vol-4.pdf
    • http://www.gorillawalker.com/year-of-mistaken-discoveries.pdf
    • http://www.gorillawalker.com/seduction-and-the-secret-power-of-women-the-lure-of.pdf
    • http://www.gorillawalker.com/catalyst-in-the-wake-of-the-great-bhola-cyclone-kindle.pdf
    • http://www.gorillawalker.com/the-grizzly-our-greatest-wild-animal.pdf
    • http://www.gorillawalker.com/sexing-the-body-gender-politics-and-the-construc
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.