Malicious PDF — malware analysis report

Static analysis result for SHA-256 02a1a848344c79bb…

MALICIOUS

PDF

42.7 KB Created: 2018-11-15 18:31:53 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: df251c1df7b5c217522bd03d89b2bb51 SHA-1: a383dfdc76bdf903c3dda53c29626b040f2d22db SHA-256: 02a1a848344c79bbafdda23bddae3c1d289a8fbeb139bc11424d8ecddd509ece
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious documents. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific intent beyond the URL distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/film-music-bibliography-i.pdf
    • http://www.gorillawalker.com/art-pottery-of-america-schiffer-book-for-collectors.pdf
    • http://www.gorillawalker.com/bach-j-s-four-duets-bwv-802-805-violin-and.pdf
    • http://www.gorillawalker.com/nato-security-and-risk-management-from-kosovo-to-khandahar-contemporary.pdf
    • http://www.gorillawalker.com/nurse-assistant-training.pdf
    • http://www.gorillawalker.com/photography.pdf
    • http://www.gorillawalker.com/country-a-novel-random-house-large-print.pdf
    • http://www.gorillawalker.com/true-relations-reading-literature-and-evidence-in-seventeenth-century-england.pdf
    • http://www.gorillawalker.com/sky-lines-vol-i.pdf
    • http://www.gorillawalker.com/individual-differences-and-family-resemblances-in-animal-behavior-a-study.pdf
    • http://www.gorillawalker.com/the-mother-and-narrative-politics-in-modern-china-feminist-issues.pdf
    • http://www.gorillawalker.com/barbarians-at-the-gate-the-fall-of-rjr-nabisco.pdf
    • http://www.gorillawalker.com/crossword-obsession-history-and-lore-of-the-world-s-most.pdf
    • http://www.gorillawalker.com/encyclopedia-of-islam-in-the-united-states-2-volumes.pdf
    • http://www.gorillawalker.com/artisan-caramels.pdf
    • http://www.gorillawalker.com/21-century-employment-and-social-security-system-paperback.pdf
    • http://www.gorillawalker.com/dictionary-of-german-names.pdf
    • http://www.gorillawalker.com/from-your-freezer-to-your-family-slow-cooker-freezer-recipes.pdf
    • http://www.gorillawalker.com/a-history-of-inventions-panorama.pdf
    • http://www.gorillawalker.com/photographing-sports-john-zimmerman-mark-kauffman-and-neil-leifer-masters.pdf
    • http://www.gorillawalker.com/the-big-book-of-real-helicopters-how-they-work-what.pdf
    • http://www.gorillawalker.com/tagebuch-eines-hypochonders-german-edition.pdf
    • http://www.gorillawalker.com/forgetting-ourselves-on-purpose-vocation-and-the-ethics-of-ambition.pdf
    • http://www.gorillawalker.com/osat-superintendent-048-secrets-study-guide-ceoe-exam-review-for.pdf
    • http://www.gorillawalker.com/the-myth-of-post-racialism-in-television-news-routledge-transformations.pdf
    • http://www.gorillawalker.com/rotifer-symposium-v-developments-in-hydrobiology.pdf
    • http://www.gorillawalker.com/a-time-for-war-a-thriller.pdf
    • http://www.gorillawalker.com/cruise-through-history-rome-to-venice-kindle-edition.pdf
    • http://www.gorillawalker.com/the-correspondence-of-walter-benjamin-1910-1940.pdf
    • http://www.gorillawalker.com/understanding-the-dynamics-of-typical-people.pdf
    • http://www.gorillawalker.com/moray-eels-and-cleaner-shrimp-work-together-animals-working-together.pdf
    • http://www.gorillawalker.com/elementary-physics-gravity.pdf
    • http://www.gorillawalker.com/ni-una-dieta-mas-not-another-diet-spanish-edition.pdf
    • http://www.gorillawalker.com/brave-new-world-bloom-s-guides.pdf
    • http://www.gorillawalker.com/a-pay-or-play-experiment-to-improve-children-s-educational.pdf
    • http://www.gorillawalker.com/epstein-and-nickles-debt-bankruptcy-article-9-and-related-laws.pdf
    • http://www.gorillawalker.com/closing-circles-50-activities-for-ending-the-day-in-a.pdf
    • http://www.gorillawalker.com/panis-angelicus-part-s.pdf
    • http://www.gorillawalker.com/famous-men-of-modern-times.pdf
    • http://www.gorillawalker.com/transgressive-corporeality-the-body-poststructuralism-the-theological-ima.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.