Malicious PDF — malware analysis report

Static analysis result for SHA-256 009561079650f77d…

MALICIOUS

PDF

43.6 KB Created: 2018-12-15 20:07:37 +03:00 Authoring application: soft Xpansion Perfect PDF 5 Premium (via PDF Xpansion 5.7.8)
MD5: 5c36bc8730a151934287e74635604439 SHA-1: 7e036a3cf025eef31964685b2cc26ba27620c806 SHA-256: 009561079650f77de2b99910af03a9d569e245d157726fad002da56e6db26c9d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/encyclopedia-of-chemical-engineering-volume-ii.pdf
    • http://www.gorillawalker.com/ancestral-images-a-hong-kong-collection-royal-asiatic-society-hong.pdf
    • http://www.gorillawalker.com/training-therapy-prophylaxis-and-rehabilitation-how-it-works-ziff-davis.pdf
    • http://www.gorillawalker.com/the-architecture-of-chance-an-introduction-to-the-logic-and.pdf
    • http://www.gorillawalker.com/snare-channeling-morpheus-7-kindle-edition.pdf
    • http://www.gorillawalker.com/radio-shangri-la-what-i-discovered-on-my-accidental-journey.pdf
    • http://www.gorillawalker.com/contending-for-full-orchestra.pdf
    • http://www.gorillawalker.com/john-paul-jones-father-of-the-american-navy-signature-lives.pdf
    • http://www.gorillawalker.com/tradition-of-excellence-with-dvd-for-trumpet-two-book-set.pdf
    • http://www.gorillawalker.com/of-crimes-and-punishments.pdf
    • http://www.gorillawalker.com/rubens-in-private-the-master-portrays-his-family-hardcover.pdf
    • http://www.gorillawalker.com/fred-the-fly.pdf
    • http://www.gorillawalker.com/the-come-up.pdf
    • http://www.gorillawalker.com/i-vetri-del-museo-archeologico-di-tripoli-archaeopress-roman-archaeology.pdf
    • http://www.gorillawalker.com/a-royal-menagerie-meissen-porcelain-animals-getty-trust-publications-j.pdf
    • http://www.gorillawalker.com/betty-crocker-s-cooky-book-facsimile-edition-by-betty-crocker.pdf
    • http://www.gorillawalker.com/trauma-counseling-theories-and-interventions.pdf
    • http://www.gorillawalker.com/negotiation-readings-exercises-and-cases-6th-edition-print-replica-kindle.pdf
    • http://www.gorillawalker.com/ecmo-extracorporeal-life-support-in-adults.pdf
    • http://www.gorillawalker.com/the-american-connection-revised-u-s-guns-money-and-influence.pdf
    • http://www.gorillawalker.com/the-women-of-colonial-latin-america-new-approaches-to-the.pdf
    • http://www.gorillawalker.com/the-burning-skies.pdf
    • http://www.gorillawalker.com/biblia-sacra-volume-1-romanian-edition.pdf
    • http://www.gorillawalker.com/discipline-without-stress-punishments-or-rewards-how-teachers-and-parents.pdf
    • http://www.gorillawalker.com/holt-algebra-1-power-presentations.pdf
    • http://www.gorillawalker.com/mcgraw-hill-my-math-grade-1.pdf
    • http://www.gorillawalker.com/international-caravanning-and-camping-guide-to-austria-germany-italy-and.pdf
    • http://www.gorillawalker.com/motion-control-basics-troubleshooting-skills-for-cnc-robotics-practical-guides.pdf
    • http://www.gorillawalker.com/logo-design-tutorial-with-cd-paperback.pdf
    • http://www.gorillawalker.com/of-habit.pdf
    • http://www.gorillawalker.com/the-interpreters-soyinka-s-prose-style-literary-criticism-critical-essay.pdf
    • http://www.gorillawalker.com/volume-17-advances-in-photochemistry.pdf
    • http://www.gorillawalker.com/new-neighbors-for-nora.pdf
    • http://www.gorillawalker.com/pilgrimage-to-the-himalayas-and-other-silhouettes-from-memory.pdf
    • http://www.gorillawalker.com/the-significance-of-the-printed-word-in-early-america-colonists.pdf
    • http://www.gorillawalker.com/vertebrate-paleontology-in-alberta-report-of-a-conference-held-at.pdf
    • http://www.gorillawalker.com/snakes-a-complete-pet-owner-s-manual.pdf
    • http://www.gorillawalker.com/hear-my-prayer-woo-15-vocal-score-qty-2-a4649.pdf
    • http://www.gorillawalker.com/adventuring-in-arizona-a-sierra-club-travel-guide.pdf
    • http://www.gorillawalker.com/a-perfect-life-a-novel-audiobook-cd-unabridged-audio-cd.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.