Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7412b8169761f69…

MALICIOUS

PDF

41.5 KB Created: 2019-01-06 08:11:33 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: 8dfa98e3eaa6f78ca4689f4df18218f1 SHA-1: 978407dc6702788c66d648ac74cc5c1c518c8e2d SHA-256: f7412b8169761f695157737f2f3dbb177c56ddc85f7e0f40383b06f684706a6b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be a link farm designed to manipulate search engines or redirect users to potentially malicious content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/oman-the-islamic-democratic-tradition-durham-modern-middle-east-and.pdf
    • http://www.gorillawalker.com/apps-for-autism-an-essential-guide-to-over-200-effective.pdf
    • http://www.gorillawalker.com/cultural-intelligence-improving-your-cq-to-engage-our-multicultural-world.pdf
    • http://www.gorillawalker.com/simulation-using-promodel-w-cd-rom.pdf
    • http://www.gorillawalker.com/north-star-to-freedom-the-story-of-the-underground-railroad.pdf
    • http://www.gorillawalker.com/giovanna-d-arco-vocal-score-italian-language-edition-vocal-score.pdf
    • http://www.gorillawalker.com/magic-cancer-bullet-how-a-tiny-orange-pill-may-rewrite.pdf
    • http://www.gorillawalker.com/cuestionarios-de-derecho-constitucional-hist-rico-spanish-edition.pdf
    • http://www.gorillawalker.com/the-penny-detective-a-morris-shannon-mystery-volume-1.pdf
    • http://www.gorillawalker.com/bee-me-an-animotion-experience.pdf
    • http://www.gorillawalker.com/the-director-s-cut-a-memoir-of-60-years-in.pdf
    • http://www.gorillawalker.com/tattoo-road-trip-the-pacific-northwest.pdf
    • http://www.gorillawalker.com/the-teen-centered-book-club-readers-into-leaders-libraries-unlimited.pdf
    • http://www.gorillawalker.com/my-thinning-years-starving-the-gay-within.pdf
    • http://www.gorillawalker.com/the-ultimate-scrabble-book.pdf
    • http://www.gorillawalker.com/el-cid-contado-a-los-ninos-the-cid-told-to.pdf
    • http://www.gorillawalker.com/a-hunger-like-no-other-immortals-after-dark.pdf
    • http://www.gorillawalker.com/sports-injuries-diseases-disorders.pdf
    • http://www.gorillawalker.com/a-history-of-ottoman-poetry-volume-v-1859.pdf
    • http://www.gorillawalker.com/chris-marker-french-film-directors.pdf
    • http://www.gorillawalker.com/the-landscape-of-scotland.pdf
    • http://www.gorillawalker.com/irrigation-agriculture-and-the-raj-punjab-1887-1947-south-asian.pdf
    • http://www.gorillawalker.com/behavior-modification-basic-principles-managing-behavior.pdf
    • http://www.gorillawalker.com/a-guide-for-field-workers-in-folklore.pdf
    • http://www.gorillawalker.com/the-elements-ingredients-of-the-universe.pdf
    • http://www.gorillawalker.com/5-minute-devotions-for-youth-ministry.pdf
    • http://www.gorillawalker.com/my-dearest-friend-letters-of-abigail-and-john-adams-with.pdf
    • http://www.gorillawalker.com/exclusively-chloe.pdf
    • http://www.gorillawalker.com/in-pursuit-of-trophy-smallmouth-bass-my-life-in-a.pdf
    • http://www.gorillawalker.com/how-to-power-tune-mini-speedpro-series.pdf
    • http://www.gorillawalker.com/sword-magick-a-magick-novella.pdf
    • http://www.gorillawalker.com/seeking-the-succubus-succubus-trilogy-book-1.pdf
    • http://www.gorillawalker.com/a-tutorial-guide-to-autocad-release-14.pdf
    • http://www.gorillawalker.com/spilled-milk-based-on-a-true-story-kindle-edition.pdf
    • http://www.gorillawalker.com/kaplan-gmat-premier-2016-with-6-practice-tests-book-online.pdf
    • http://www.gorillawalker.com/el-esp-ritu-santo-en-la-tradici-n-sin-ptica.pdf
    • http://www.gorillawalker.com/in-simpkinsville-character-tales-illustrated-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/mediation-of-construction-disputes.pdf
    • http://www.gorillawalker.com/solaris-systems-programming-paperback.pdf
    • http://www.gorillawalker.com/sima-s-undergarments-for-women-a-novel.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.