Malicious PDF — malware analysis report

Static analysis result for SHA-256 f5e225d3ebf23ace…

MALICIOUS

PDF

44.3 KB Created: 2018-11-23 21:03:38 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 2a59a71966c829293e4b2517c8968c4d SHA-1: 57b521e68cdda1abf292e377e2f64a258ae30f1f SHA-256: f5e225d3ebf23ace713ec6f344a489ebae255fd674b56d228bde140d2eb7ec04
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, indicating a link farm or redirection strategy. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a large collection of documents hosted on www.gorillawalker.com, likely as a lure for further malicious activity or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/betrayed-a-jenny-watkins-mystery.pdf
    • http://www.gorillawalker.com/i-too-sing-america-three-centuries-of-african-american-poetry.pdf
    • http://www.gorillawalker.com/the-dachau-defendants-life-stories-from-testimony-and-documents-of.pdf
    • http://www.gorillawalker.com/experiencing-mis-student-value-edition-plus-mymislab-with-pearson-etext.pdf
    • http://www.gorillawalker.com/an-introduction-to-solid-state-diffusion.pdf
    • http://www.gorillawalker.com/towards-a-comprehensive-theory-of-human-learning-lifelong-learning-and.pdf
    • http://www.gorillawalker.com/the-innovators-how-a-group-of-hackers-geniuses-and-geeks.pdf
    • http://www.gorillawalker.com/the-organization-of-learning-learning-development-and-conceptual-change.pdf
    • http://www.gorillawalker.com/the-spirit-of-reiki-from-tradition-to-the-present-fundamental.pdf
    • http://www.gorillawalker.com/random-pulse-streams-and-their-applications-studies-in-electrical-and.pdf
    • http://www.gorillawalker.com/asa-2012-far-aviation-maintenance-technicians.pdf
    • http://www.gorillawalker.com/the-world-in-so-many-words-a-country-by-country.pdf
    • http://www.gorillawalker.com/secrets-of-great-communicators-simple-powerful-strategies-for-reachingthe-heart.pdf
    • http://www.gorillawalker.com/aquarium-fish-identifier-illustrated-encyclopedia.pdf
    • http://www.gorillawalker.com/wolfskin-the-light-isles.pdf
    • http://www.gorillawalker.com/africa-in-stereo-modernism-music-and-pan-african-solidarity.pdf
    • http://www.gorillawalker.com/satyricon-hackett-classics.pdf
    • http://www.gorillawalker.com/female-asses-the-ultimate-photo-collection.pdf
    • http://www.gorillawalker.com/leap-of-faith-lorimer-sports-stories.pdf
    • http://www.gorillawalker.com/the-raj-revisited.pdf
    • http://www.gorillawalker.com/caleo-leech.pdf
    • http://www.gorillawalker.com/seedlings-sea-lions.pdf
    • http://www.gorillawalker.com/put-thinking-to-the-test.pdf
    • http://www.gorillawalker.com/how-to-take-minutes-the-quickie-guide-the-quickie-guides.pdf
    • http://www.gorillawalker.com/pasta-cookbook-authentic-recipes-from-the-home-of-pasta.pdf
    • http://www.gorillawalker.com/images-of-masculinity-in-fantasy-fiction-studies-in-comparative-literature.pdf
    • http://www.gorillawalker.com/the-jester-s-club-kindle-edition.pdf
    • http://www.gorillawalker.com/soccer-secrets-5-simple-rules-for-young-teams-and-their.pdf
    • http://www.gorillawalker.com/showtime-one-team-one-season-one-step-from-the-nhl.pdf
    • http://www.gorillawalker.com/game-development-essentials-game-story-character-development.pdf
    • http://www.gorillawalker.com/labyrinth-daido-moriyama.pdf
    • http://www.gorillawalker.com/halliwell-s-who-s-who-in-the-movies-15e-the.pdf
    • http://www.gorillawalker.com/kuwait-in-pictures-visual-geography-twenty-first-century.pdf
    • http://www.gorillawalker.com/the-theory-and-practice-of-history-edited-with-an-introduction.pdf
    • http://www.gorillawalker.com/women-war-and-the-making-of-bangladesh-remembering-1971.pdf
    • http://www.gorillawalker.com/harlow-indiana-and-reese-a-true-story-about-best-friends.pdf
    • http://www.gorillawalker.com/pol-tica-para-pancho-spanish-edition.pdf
    • http://www.gorillawalker.com/veterinary-medical-school-admission-requirements-in-the-united-states-and.pdf
    • http://www.gorillawalker.com/the-deity-debate-a-conversation-on-the-difficult-questions-of.pdf
    • http://www.gorillawalker.com/corrective-reading-decoding-b1-teacher-s-guide-decoding-strategies.pdf
    • http://www.gorillawalker.com/towards-a-comprehensive-theory-of-human-learning-lifelong-lear
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.