Malicious PDF — malware analysis report

Static analysis result for SHA-256 fdd3e09033b2d323…

MALICIOUS

PDF

45.3 KB Created: 2018-12-15 20:07:25 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: eeb4d0091dfaa67fa3d2ea4de800201e SHA-1: ad05ee79b4d78e8ef17357ca561b7b74f9c787a9 SHA-256: fdd3e09033b2d323c572dbe9b836f6d89d96a72b2185ffbff3447772af4bd91d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents on the gorillawalker.com domain. This suggests a link farm or redirection strategy to obscure the ultimate malicious intent. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-would-jesus-say-a-lenten-study-nextsunday-studies.pdf
    • http://www.gorillawalker.com/lucky-luke-english-version-volume-6-ma-dalton-kindle-edition.pdf
    • http://www.gorillawalker.com/fiddle-time-joggers-piano-accompaniment-book.pdf
    • http://www.gorillawalker.com/cartas-sobre-la-guerra-del-paraguay-1865-1866-primary-source.pdf
    • http://www.gorillawalker.com/valuable-oils-of-the-bible-and-their-prayerful-use-a.pdf
    • http://www.gorillawalker.com/akira-to-zoltan-twenty-six-men-who-changed-the-world.pdf
    • http://www.gorillawalker.com/writing-ancient-history-an-introduction-to-classical-historiography-library-of.pdf
    • http://www.gorillawalker.com/color-environment-human-response.pdf
    • http://www.gorillawalker.com/hot-dogs-croissants-the-culinary-misadventures-of-two-french-women.pdf
    • http://www.gorillawalker.com/the-stone-gods.pdf
    • http://www.gorillawalker.com/the-14-day-green-smoothie-detox-diet-achieve-better-health.pdf
    • http://www.gorillawalker.com/medical-devices-fda-s-approval-of-four-temporomandibular-joint-implants.pdf
    • http://www.gorillawalker.com/engineering-seismic-design-principles-2-paperback.pdf
    • http://www.gorillawalker.com/storying-domestic-violence-constructions-and-stereotypes-of-abuse-in-the.pdf
    • http://www.gorillawalker.com/zebras-2016-calendar.pdf
    • http://www.gorillawalker.com/tobacco-or-health.pdf
    • http://www.gorillawalker.com/baby-s-very-first-colors-book-usborne-baby-board-books.pdf
    • http://www.gorillawalker.com/laboratory-investigations-in-anatomy-physiology-cat-version-2nd-edition.pdf
    • http://www.gorillawalker.com/fancy-a-cuppa-north-yorkshire.pdf
    • http://www.gorillawalker.com/sandomierz-i-okolice-przewodnik-regionalny-polish-edition.pdf
    • http://www.gorillawalker.com/la-historia-de-erika-the-story-of-erika-spanish-edition.pdf
    • http://www.gorillawalker.com/management-of-chronic-pain-in-a-primary-care-primary-health.pdf
    • http://www.gorillawalker.com/tightrope-poppy-the-high-wire-pig.pdf
    • http://www.gorillawalker.com/autonomy-in-social-science-research-volume-4-the-view-from.pdf
    • http://www.gorillawalker.com/the-chocolate-chef-uncovered-chocolate-secrets-revealed.pdf
    • http://www.gorillawalker.com/bay-city-rollers-unofficial-calendar-2008-a3-calendar-a3-calendar.pdf
    • http://www.gorillawalker.com/russian-literature-an-introduction.pdf
    • http://www.gorillawalker.com/warlord-of-mars-the-martian-barsoom-john-carter-series-book.pdf
    • http://www.gorillawalker.com/lean-green-and-healthy.pdf
    • http://www.gorillawalker.com/tokyo-city-atlas-a-bilingual-guide-revised-ed.pdf
    • http://www.gorillawalker.com/duos-classiques-pour-le-violoncelle-pi-ces-faciles-de-beethoven.pdf
    • http://www.gorillawalker.com/economics-for-executives.pdf
    • http://www.gorillawalker.com/rand-mcnally-el-paso-tx-easyfinder-plus-map.pdf
    • http://www.gorillawalker.com/the-chair-collection-edition-1-golden-age-of-furniture-design.pdf
    • http://www.gorillawalker.com/man-dis-connected-how-technology-has-sabotaged-what-it-means.pdf
    • http://www.gorillawalker.com/abused-boys-the-neglected-victims-of-sexual-abuse.pdf
    • http://www.gorillawalker.com/jackasses-2016-square-12x12.pdf
    • http://www.gorillawalker.com/stone-hunts-the-fraternity-20.pdf
    • http://www.gorillawalker.com/fields-of-fury-the-american-civil-war.pdf
    • http://www.gorillawalker.com/the-psychology-of-winning-for-women-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.