Malicious PDF — malware analysis report

Static analysis result for SHA-256 f5636157d67432ba…

MALICIOUS

PDF

44.4 KB Created: 2018-12-07 18:27:13 +03:00 Authoring application: Adobe Photoshop 5.0 (via Adobe Photoshop for Windows)
MD5: c4c2850f54b10652425414f88792abfe SHA-1: d32f0548c9e95468a41eb91b49cb70a8f560f8fc SHA-256: f5636157d67432ba6e489ee9a8b8dc8ded4909799feac5d349179da10048d3d0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute content from the 'gorillawalker.com' domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/computational-science-and-engineering.pdf
    • http://www.gorillawalker.com/the-collected-works-of-mary-sidney-herbert-countess-of-pembroke.pdf
    • http://www.gorillawalker.com/tax-havens-how-globalization-really-works-cornell-studies-in-money.pdf
    • http://www.gorillawalker.com/holt-mcdougal-world-regions-student-edition-grades-6-8-the.pdf
    • http://www.gorillawalker.com/getting-roosevelt-a-homeowner-s-nightmare-kindle-edition.pdf
    • http://www.gorillawalker.com/my-hungry-hell-what-it-s-really-like-to-be.pdf
    • http://www.gorillawalker.com/1-2-peter-jude-christians-living-in-an-age-of.pdf
    • http://www.gorillawalker.com/a-practical-private-treatise-on-the-infectious-diseases-of-the.pdf
    • http://www.gorillawalker.com/cooking-with-flaxseed-meal-20-omega-3-rich-recipes-wheat.pdf
    • http://www.gorillawalker.com/kindergarten-sight-words-level-2-a-kindergarten-sight-word-book.pdf
    • http://www.gorillawalker.com/mechanisms-of-disease-in-small-animal-surgery.pdf
    • http://www.gorillawalker.com/discovering-hospitality-and-tourism-the-world-s-greatest-industry-2nd.pdf
    • http://www.gorillawalker.com/deathly-meetings.pdf
    • http://www.gorillawalker.com/your-guide-to-bodywork-a-comprehensive-guide-to-repair-and.pdf
    • http://www.gorillawalker.com/baby-animals-volume-1-explore-series-explore-series-books-for.pdf
    • http://www.gorillawalker.com/daily-exercises-in-singing-a-kalmus-classic-edition.pdf
    • http://www.gorillawalker.com/national-plumbing-hvac-estimator-2014-national-plumbing-and-hvac-estimator.pdf
    • http://www.gorillawalker.com/one-in-ten-is-thankful-jesus-cured-10-lepers-only.pdf
    • http://www.gorillawalker.com/the-imaginative-argument-a-practical-manifesto-for-writers.pdf
    • http://www.gorillawalker.com/tasmania-state-handy-maps.pdf
    • http://www.gorillawalker.com/by-ralph-j-murphy-murphy-s-laws-of-songwriting-1st.pdf
    • http://www.gorillawalker.com/call-the-midwife-a-memoir-of-birth-joy-and-hard.pdf
    • http://www.gorillawalker.com/hiding-in-plain-sight.pdf
    • http://www.gorillawalker.com/at-home-in-the-cosmos.pdf
    • http://www.gorillawalker.com/try-me-4-despicable-me-16.pdf
    • http://www.gorillawalker.com/ielts-the-complete-guide-to-task-1-writing.pdf
    • http://www.gorillawalker.com/tibetan-astrology-the-astrology-and-geomancy-of-tibet.pdf
    • http://www.gorillawalker.com/in-the-eagle-s-shadow-the-united-states-and-latin.pdf
    • http://www.gorillawalker.com/grand-meaulnes.pdf
    • http://www.gorillawalker.com/arbitration-2008-arbitration-proceedings-of-the-annual-meeting-of-the.pdf
    • http://www.gorillawalker.com/lytton-strachey-by-himself-a-self-portrait.pdf
    • http://www.gorillawalker.com/babylonian-boundary-stones-and-memorial-tablets-in-the-british-museum.pdf
    • http://www.gorillawalker.com/the-craft-of-research-third-edition-chicago-guides-to-writing.pdf
    • http://www.gorillawalker.com/la-formaci-n-en-internet-gu-a-para-el-dise.pdf
    • http://www.gorillawalker.com/pole-star-family-the-family-series.pdf
    • http://www.gorillawalker.com/because-of-her.pdf
    • http://www.gorillawalker.com/pen-drawing-and-pen-draughtsmen-their-work-and-their-methods.pdf
    • http://www.gorillawalker.com/opto-mechanical-systems-design-volume-2-design-and-analysis-of.pdf
    • http://www.gorillawalker.com/building-a-new-church-a-process-manual-for-pastors-and.pdf
    • http://www.gorillawalker.com/the-big-picture-book-of-human-civilisation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.