Malicious PDF — malware analysis report

Static analysis result for SHA-256 01460c122396635b…

MALICIOUS

PDF

41.2 KB Created: 2018-11-14 08:34:27 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: de807f8e0eb9c1bb20047581e166993d SHA-1: ad38292e426a56bf04404b614c8705dde70f424f SHA-256: 01460c122396635b23b75c9c81548e97c3f0ef16a4ba013fe6bdcbfe3f1e649d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-fighting-pattons-library-edition.pdf
    • http://www.gorillawalker.com/advances-in-oilseed-research.pdf
    • http://www.gorillawalker.com/funny-laws.pdf
    • http://www.gorillawalker.com/the-story-of-king-arthur-in-cornwall.pdf
    • http://www.gorillawalker.com/beyond-the-darkness-a-biography-of-bede-griffiths.pdf
    • http://www.gorillawalker.com/thomas-alva-edison-american-inventor-and-businessman-legendary-american-biographies.pdf
    • http://www.gorillawalker.com/dinosaur-sticker-atlas.pdf
    • http://www.gorillawalker.com/the-murder-on-the-links-complete-unabridged.pdf
    • http://www.gorillawalker.com/cmos-vlsi-layout-artwork-design-and-lab.pdf
    • http://www.gorillawalker.com/age-of-ultron-vs-marvel-zombies-4.pdf
    • http://www.gorillawalker.com/alaska-south-central-guide.pdf
    • http://www.gorillawalker.com/round-table-geometry-teacher-guide.pdf
    • http://www.gorillawalker.com/bitemarks.pdf
    • http://www.gorillawalker.com/space-and-time-in-ancient-greek-narrative.pdf
    • http://www.gorillawalker.com/behind-the-attic-wall.pdf
    • http://www.gorillawalker.com/beyond-compliance-a-new-industry-view-of-the-environment.pdf
    • http://www.gorillawalker.com/the-english-governess-at-the-siamese-court-primary-sources-historical.pdf
    • http://www.gorillawalker.com/thought-vibration-or-the-law-of-attraction-in-the-thought.pdf
    • http://www.gorillawalker.com/metals-english-heritage-research-transactions-volume-1.pdf
    • http://www.gorillawalker.com/making-known-god-s-eternal-purpose.pdf
    • http://www.gorillawalker.com/splat-wile-e-coyote-experiments-with-states-of-matter-wile.pdf
    • http://www.gorillawalker.com/sundance-reader.pdf
    • http://www.gorillawalker.com/captured-by-the-viking.pdf
    • http://www.gorillawalker.com/remembering-radio-an-oral-history-of-old-time-radio-kindle.pdf
    • http://www.gorillawalker.com/healing-childhood-ear-infections-prevention-home-care-and-alternative-treatment.pdf
    • http://www.gorillawalker.com/heartland-baking-from-the-jerre-anne-cafe.pdf
    • http://www.gorillawalker.com/the-twofold-purpose-of-god.pdf
    • http://www.gorillawalker.com/filemaker-api-for-php-12.pdf
    • http://www.gorillawalker.com/gaia-a-new-look-at-life-on-earth.pdf
    • http://www.gorillawalker.com/gay-s-anatomy-three-on-my-d-kindle-edition.pdf
    • http://www.gorillawalker.com/alpha-male-tales-vol-1-hetero-macho-alpha-male-bundle.pdf
    • http://www.gorillawalker.com/babu-s-song.pdf
    • http://www.gorillawalker.com/hungary-and-transylvania-v-1.pdf
    • http://www.gorillawalker.com/chaotic-prima-official-game-guide-prima-official-game-guides.pdf
    • http://www.gorillawalker.com/the-very-hungry-city-urban-energy-efficiency-and-the-economic.pdf
    • http://www.gorillawalker.com/the-courage-to-be-yourself-true-stories-by-teens-about.pdf
    • http://www.gorillawalker.com/understanding-your-international-students-an-educational-cultural-and-linguistic-guide.pdf
    • http://www.gorillawalker.com/maiwai-vol-3-spanish-edition.pdf
    • http://www.gorillawalker.com/atlas-of-head-and-neck-ultrasound.pdf
    • http://www.gorillawalker.com/the-glycemic-load-diet-cookbook-150-recipes-to-help-you.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.