Malicious PDF — malware analysis report

Static analysis result for SHA-256 f76c0a3c55e3dc1f…

MALICIOUS

PDF

44.6 KB Created: 2018-12-14 20:05:04 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: 06fc70d472ea20e855c7530441fd349b SHA-1: 31dc1eb2238edd8b39db8393194387cf37661d0d SHA-256: f76c0a3c55e3dc1ffb6c992822a3f9695e3e66ba410410e537ac20826d5b6a40
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external resources, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO poisoning or to act as a landing page for further attacks. The primary IOCs are the numerous URLs hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/spelling-the-written-word-sd100-administrator-s-guide.pdf
    • http://www.gorillawalker.com/the-complete-birder-a-guide-to-better-birding.pdf
    • http://www.gorillawalker.com/ben-schonzeit-flowers-2004-calendar.pdf
    • http://www.gorillawalker.com/the-bantams.pdf
    • http://www.gorillawalker.com/the-scales-of-six.pdf
    • http://www.gorillawalker.com/complete-mba-for-dummies.pdf
    • http://www.gorillawalker.com/wit-and-wisdom-of-the-immortals.pdf
    • http://www.gorillawalker.com/demolition-and-reuse-of-concrete-and-masonry-demolition-reuse-conc.pdf
    • http://www.gorillawalker.com/palm-springs-confidential-playground-of-the-stars.pdf
    • http://www.gorillawalker.com/interpretive-ethnography-ethnographic-practices-for-the-21st-century.pdf
    • http://www.gorillawalker.com/r-f-k-must-die-chasing-the-mystery-of-the.pdf
    • http://www.gorillawalker.com/functional-analysis-calculus-of-variations-and-optimal-control-graduate-texts.pdf
    • http://www.gorillawalker.com/gis-for-environmental-stewardship-and-streamlining-an-overview-of-state.pdf
    • http://www.gorillawalker.com/night-preacher-louise-a-vernon.pdf
    • http://www.gorillawalker.com/easy-jazz-favorites-trombone-4-trombone-4.pdf
    • http://www.gorillawalker.com/the-ocean-world-of-jacques-cousteau.pdf
    • http://www.gorillawalker.com/education-management-and-management-science-iraics-proceedings.pdf
    • http://www.gorillawalker.com/oblique-derivative-problems-for-elliptic-equations.pdf
    • http://www.gorillawalker.com/if-i-could-turn-back-time.pdf
    • http://www.gorillawalker.com/barriers-to-more-active-contractor-participation-in-the-department-of.pdf
    • http://www.gorillawalker.com/the-daylight-marriage.pdf
    • http://www.gorillawalker.com/the-complete-works-of-harriet-taylor-mill.pdf
    • http://www.gorillawalker.com/the-sound-of-music-piano-vocal-guitar-score.pdf
    • http://www.gorillawalker.com/magic-lantern-guides-nikon-d300s-multimedia-workshop-hardcover.pdf
    • http://www.gorillawalker.com/cuckold-chronicles-volume-2-cheating-hotwife-interracial-cuckquean-erotica-bundle.pdf
    • http://www.gorillawalker.com/a-course-in-number-theory.pdf
    • http://www.gorillawalker.com/jefferson-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/burned-by-passion-billionaire-bad-boy-romance.pdf
    • http://www.gorillawalker.com/solvang-a-guide-to-the-danish-capital-of-america-tourist.pdf
    • http://www.gorillawalker.com/rocky-mountain-trees-a-handbook-of-the-native-species-with.pdf
    • http://www.gorillawalker.com/the-new-centurions.pdf
    • http://www.gorillawalker.com/advanced-unix-programming-2nd-edition.pdf
    • http://www.gorillawalker.com/warship-pictorial-no-35-ticonderoga-class-cruisers.pdf
    • http://www.gorillawalker.com/an-essay-on-the-shaking-palsy-dodo-press.pdf
    • http://www.gorillawalker.com/colossians-and-philemon-a-handbook-on-the-greek-text-baylor.pdf
    • http://www.gorillawalker.com/spqr-a-history-of-ancient-rome.pdf
    • http://www.gorillawalker.com/the-electrical-resistivity-of-metals-and-alloys-cambridge-solid-state.pdf
    • http://www.gorillawalker.com/staar-eoc-english-ii-assessment-flashcard-study-system-staar-test.pdf
    • http://www.gorillawalker.com/guyana-suriname-french-guiana-1-850-000-international-travel-maps.pdf
    • http://www.gorillawalker.com/the-arsenal-of-democracy-fdr-detroit-and-an-epic-quest.pdf
    • http://www.gorillawalker.com/r-f-k-must-die-chasing-the-mystery
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.