Malicious PDF — malware analysis report

Static analysis result for SHA-256 f6cd9cc93ad92613…

MALICIOUS

PDF

41.9 KB Created: 2019-03-16 14:53:42 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: e49506a24f877fc45acca19f9ad01a5f SHA-1: e4fe3d152908e4aaddf9e7eb453a4f3146676785 SHA-256: f6cd9cc93ad926135c925560a493f46fd5b65589350d37f40590bdbf822d06eb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/saint-bernard-s-three-course-banquet-humility-charity-and-contemplation.pdf
    • http://www.gorillawalker.com/practical-underbalanced-drilling-and-workover.pdf
    • http://www.gorillawalker.com/the-shamer-s-signet.pdf
    • http://www.gorillawalker.com/books-before-bed-perfect-arrow-quick-kids-book-kids-stories.pdf
    • http://www.gorillawalker.com/the-joy-of-tax.pdf
    • http://www.gorillawalker.com/china-meat-processing-industry-profile-cic1352-download-pdf-digital.pdf
    • http://www.gorillawalker.com/frommer-s-prague-by-night.pdf
    • http://www.gorillawalker.com/traveler-s-tool-kit-how-to-travel-absolutely-anywhere.pdf
    • http://www.gorillawalker.com/unsolved-crimes.pdf
    • http://www.gorillawalker.com/das-urteil-und-andere-erzahlungen-franz-kafka.pdf
    • http://www.gorillawalker.com/colour-full-pain-tattoo-and-piercing.pdf
    • http://www.gorillawalker.com/la-persona-mas-importante-sobre-la-tierra-spanish-edition.pdf
    • http://www.gorillawalker.com/yotsuba-vol-7.pdf
    • http://www.gorillawalker.com/acts-face-of-the-fire-no-limits-discipleship-series.pdf
    • http://www.gorillawalker.com/litigation-trial-practice-for-the-legal-assistant-1995-publication.pdf
    • http://www.gorillawalker.com/fifty-shades-of-chicken-a-parody-in-a-cookbook.pdf
    • http://www.gorillawalker.com/ni-vivos-ni-muertos-la-desaparici.pdf
    • http://www.gorillawalker.com/the-interview-kit.pdf
    • http://www.gorillawalker.com/marching-to-zion-a-novel.pdf
    • http://www.gorillawalker.com/literacy-work-stations-making-centers-work.pdf
    • http://www.gorillawalker.com/paleo-grilling-recipes-and-paleo-kids-recipes-2-book-combo.pdf
    • http://www.gorillawalker.com/the-maiden-of-ireland-thorndike-press-large-print-romance.pdf
    • http://www.gorillawalker.com/pharmacodynamics-and-patient-care.pdf
    • http://www.gorillawalker.com/technics-and-creativity-gemini-g-e-l.pdf
    • http://www.gorillawalker.com/blackboard-bundle-evidence-for-paralegals-4e.pdf
    • http://www.gorillawalker.com/god-s-leaders-for-tomorrow-s-world.pdf
    • http://www.gorillawalker.com/the-manipulated-mind-brainwashing-conditioning-and-indoctrination.pdf
    • http://www.gorillawalker.com/storm-over-the-land-a-profile-of-the-civil-war.pdf
    • http://www.gorillawalker.com/love-is-all-you-need-a-sweet-romance-box-set.pdf
    • http://www.gorillawalker.com/raising-healthy-horses-first-edition-revised.pdf
    • http://www.gorillawalker.com/the-unleashed-series.pdf
    • http://www.gorillawalker.com/las-leyes-de-la-herencia-espiritual-spanish-edition.pdf
    • http://www.gorillawalker.com/by-chris-bishop-the-encyclopedia-of-weapons-of-world-war.pdf
    • http://www.gorillawalker.com/an-excellent-mystery-cadfael-chronicles.pdf
    • http://www.gorillawalker.com/the-therapist-s-guide-to-psychopharmacology-revised-edition-working-with.pdf
    • http://www.gorillawalker.com/mince-pie-for-starters-the-autobiography-of-one-of-racing.pdf
    • http://www.gorillawalker.com/continuing-bonds-new-understandings-of-grief-death-education-aging-and.pdf
    • http://www.gorillawalker.com/little-puppy-finger-puppet-book-little-finger-puppet-board-books.pdf
    • http://www.gorillawalker.com/north-neches-river-national-wildlife-refuge-establishment-proposal-environment-assessment.pdf
    • http://www.gorillawalker.com/1001-buildings-you-must-see-before-you-die-the-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.