Malicious PDF — malware analysis report

Static analysis result for SHA-256 ffd8c7d8f3c8d633…

MALICIOUS

PDF

42.6 KB Created: 2018-11-30 20:55:50 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 1c6e0e6f54dd4b34093a3edca91df5c1 SHA-1: 4b9e0e2d45b8e831c59bc51eefd340ba930e737e SHA-256: ffd8c7d8f3c8d633e86754ad51d995c509b052eea9815b5297204b9803064a70
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute traffic to numerous external PDF documents hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/incidents-of-travel-in-central-america-chiapas-and-yucatan-v.pdf
    • http://www.gorillawalker.com/seasonal-plays-ii-scripts-for-the-holidays-puppet-shows-for.pdf
    • http://www.gorillawalker.com/vector-and-tensor-analysis-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/quantitative-real-time-pcr-methods-and-protocols-methods-in-molecular.pdf
    • http://www.gorillawalker.com/uncle-ben-s-rice-cookery.pdf
    • http://www.gorillawalker.com/lessons-from-the-classroom.pdf
    • http://www.gorillawalker.com/israel-in-pictorial-maps.pdf
    • http://www.gorillawalker.com/public-personnel-administration-2nd-edition.pdf
    • http://www.gorillawalker.com/workbook-modern-german.pdf
    • http://www.gorillawalker.com/empire-state-building-when-new-york-reached-for-the-skies.pdf
    • http://www.gorillawalker.com/contemporary-s-number-power-fractions-decimals-and-percents-essentials.pdf
    • http://www.gorillawalker.com/gateways-to-beijing.pdf
    • http://www.gorillawalker.com/write-on-wipe-off-subtraction-cards-write-on-wipe-off.pdf
    • http://www.gorillawalker.com/trees-science-kids-life-cycles.pdf
    • http://www.gorillawalker.com/data-privacy-law-an-international-perspective.pdf
    • http://www.gorillawalker.com/daily-word-ladders-80-word-study-activities-that-target-key.pdf
    • http://www.gorillawalker.com/picking-winners-a-horseplayer-s-guide-paperback.pdf
    • http://www.gorillawalker.com/plumbing-and-mechanical-services-a-textbook-3-vols.pdf
    • http://www.gorillawalker.com/histolog-a-texto-y-atlas-course-point-spanish-edition.pdf
    • http://www.gorillawalker.com/standard-guidelines-for-in-process-oxygen-transfer-testing-asce-standard.pdf
    • http://www.gorillawalker.com/sulsbruck-latin-american-percussion-book.pdf
    • http://www.gorillawalker.com/wooden-boatbuilding-adlard-coles-classic-boat.pdf
    • http://www.gorillawalker.com/quasiconformal-maps-and-teichm-ller-theory-oxford-graduate-texts-in.pdf
    • http://www.gorillawalker.com/telling-the-story-the-armenian-genocide-in-the-new-york.pdf
    • http://www.gorillawalker.com/the-national-trust-guide-to-art-deco-in-america-preservation.pdf
    • http://www.gorillawalker.com/cuba-y-su-historia-biblioteca-juvenil-spanish-edition.pdf
    • http://www.gorillawalker.com/grand-deceptions-zionist-intrigue-in-the-20th-and-21st-centuries.pdf
    • http://www.gorillawalker.com/the-munich-residence-and-the-treasury.pdf
    • http://www.gorillawalker.com/film-favorites-baritone-b-c.pdf
    • http://www.gorillawalker.com/the-second-corps-of-discovery-1811-journal-of-the-jackson.pdf
    • http://www.gorillawalker.com/ukiyo-e-to-shin-hanga-the-art-of-japanese-woodblock.pdf
    • http://www.gorillawalker.com/the-sagebrush-state-nevada-146-s-history-government-and-politics.pdf
    • http://www.gorillawalker.com/sat-ii-biology-e-m-rea-the-best-test-prep.pdf
    • http://www.gorillawalker.com/think-like-a-futurist-know-what-changes-what-doesn-t.pdf
    • http://www.gorillawalker.com/last-rites-for-the-tipu-maya-genetic-structuring-in-a.pdf
    • http://www.gorillawalker.com/index-nominum-international-drug-directory.pdf
    • http://www.gorillawalker.com/forty-million-hoofbeats-equestrian-travel-classics.pdf
    • http://www.gorillawalker.com/einf-hrung-in-die-algebraische-geometrie-vieweg-studium-aufbaukurs-mathematik.pdf
    • http://www.gorillawalker.com/oklahoma-is-where-i-live-and-other-things-on-my.pdf
    • http://www.gorillawalker.com/jazz-drumset-solos-7-contemporary-pieces.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.