Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8b56aa356785396…

MALICIOUS

PDF

42.4 KB Created: 2019-03-18 08:27:44 +03:00 Authoring application: - (via pdfTeX-1.0b-pdfcrypt)
MD5: 9f5769dfe5e0bd8355572cd1bf5901d6 SHA-1: 191a9370b6b3faa25987445f0103b151828aebdf SHA-256: f8b56aa356785396b03e2daf6afa9b1ec4f8d5c21d1564fea6ea607db2dc42a1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wealth-in-the-dead-sea-scrolls-and-in-the-qumran.pdf
    • http://www.gorillawalker.com/reconhecimento-de-padr-es-trilogia-blue-ant-portuguese-edition.pdf
    • http://www.gorillawalker.com/the-seventy-wonders-of-the-ancient-world-the-great-monuments.pdf
    • http://www.gorillawalker.com/international-law-and-diplomacy.pdf
    • http://www.gorillawalker.com/betty-crocker-easy-chinese-betty-crocker-creative-recipes.pdf
    • http://www.gorillawalker.com/before-you-leap-time-will-tell-volume-1.pdf
    • http://www.gorillawalker.com/penthouse-entre-las-sabanas-una-coleccion-de-historias-eroticas-a.pdf
    • http://www.gorillawalker.com/how-to-draw-and-paint-hoofed-animals.pdf
    • http://www.gorillawalker.com/hunter-x-hunter-tome-6.pdf
    • http://www.gorillawalker.com/handbook-for-brunner-and-suddarth-s-textbook-of-medical-surgical.pdf
    • http://www.gorillawalker.com/embalming-history-theory-and-practice-fifth-edition.pdf
    • http://www.gorillawalker.com/raptors-in-captivity-guidelines-for-care-and-management.pdf
    • http://www.gorillawalker.com/from-nursing-assistant-to-patient-care-technician-new-roles-new.pdf
    • http://www.gorillawalker.com/pirates-of-underwhere-prince-of-underwhere.pdf
    • http://www.gorillawalker.com/southie-boy.pdf
    • http://www.gorillawalker.com/clonebrews-homebrew-recipes-for-150-commercial-beers.pdf
    • http://www.gorillawalker.com/practical-guide-to-noise-and-vibration-control-for-hvac-systems.pdf
    • http://www.gorillawalker.com/meridian-qigong-14-qigong-exercises-to-energize-heal-and-restore.pdf
    • http://www.gorillawalker.com/acs-pocketcard-set.pdf
    • http://www.gorillawalker.com/solo-schooling-learn-to-coach-yourself-when-you-re-riding.pdf
    • http://www.gorillawalker.com/eagles-blastoff-readers-backyard-wildlife-blastoff-readers-backyard-wildlife-level.pdf
    • http://www.gorillawalker.com/practice-theory-work-and-organization-an-introduction.pdf
    • http://www.gorillawalker.com/the-maternal-voice-in-victorian-fiction-rewriting-the-patriarchal-family.pdf
    • http://www.gorillawalker.com/of-a-feather.pdf
    • http://www.gorillawalker.com/case-studies-in-plant-taxonomy.pdf
    • http://www.gorillawalker.com/whirlwind-the-caretaker-trilogy-book-2.pdf
    • http://www.gorillawalker.com/nocilla-lab-narrativa-punto-de-lectura-spanish-edition.pdf
    • http://www.gorillawalker.com/dessert.pdf
    • http://www.gorillawalker.com/sun-tzu-s-the-art-of-war-plus-the-warrior.pdf
    • http://www.gorillawalker.com/the-daring-heart-the-highland-heather-and-hearts-scottish-romance.pdf
    • http://www.gorillawalker.com/orpheus-a-vampire-s-rise.pdf
    • http://www.gorillawalker.com/the-midnight-pianist.pdf
    • http://www.gorillawalker.com/advances-in-experimental-psychology-research-psychology-research-progress.pdf
    • http://www.gorillawalker.com/armada-a-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/bundle-mercer-thinking-critically-about-child-development-3e-levine-child.pdf
    • http://www.gorillawalker.com/great-alaska-earthquake-of-1964-engineering.pdf
    • http://www.gorillawalker.com/a-teacher-s-guide-to-including-students-with-disabilites-in.pdf
    • http://www.gorillawalker.com/cleveland-slovaks-images-of-america.pdf
    • http://www.gorillawalker.com/czech-republic-culture-shock-a-survival-guide-to-customs-etiquette.pdf
    • http://www.gorillawalker.com/pivotal-moments-the-war-on-terror.pdf
    • http://www.gorillawalker.com/how-to-draw-and-paint-hoofed-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.