Malicious PDF — malware analysis report

Static analysis result for SHA-256 033b55cea0a18e8c…

MALICIOUS

PDF

42.4 KB Created: 2019-01-06 08:14:45 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: dbd9ed0ec34f95fb56b3429b55e5adf0 SHA-1: 4ba5e1da49599d19080e91f7a0e9c08473c3615a SHA-256: 033b55cea0a18e8c14db10ef10ba4c7bf7e9cb63e0f325f3a9832f8e4b6b4a42
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/abc-limericks-for-boys-the-abc-limericks-for-children-series.pdf
    • http://www.gorillawalker.com/divorce-dollars-get-your-fair-share-financial-planning-before-during.pdf
    • http://www.gorillawalker.com/indexes-a-chapter-from-the-chicago-manual-of-style-15th.pdf
    • http://www.gorillawalker.com/magnus-robot-fighter-archives-volume-1-v-1.pdf
    • http://www.gorillawalker.com/bandages.pdf
    • http://www.gorillawalker.com/the-good-life-gets-better-panning-for-gold.pdf
    • http://www.gorillawalker.com/la-princesa-amy-y-el-carruaje-de-oro-princess-amy.pdf
    • http://www.gorillawalker.com/mushrooms-great-recipe-ideas-with-a-classic-ingredient-in-60.pdf
    • http://www.gorillawalker.com/max-best-friend-hero-marine.pdf
    • http://www.gorillawalker.com/blue-moon-digital.pdf
    • http://www.gorillawalker.com/coping-with-a-hernia-overcoming-common-problems-series.pdf
    • http://www.gorillawalker.com/adventure-bible-for-toddlers.pdf
    • http://www.gorillawalker.com/grant-seeking-in-an-electronic-age-part-of-the-allyn.pdf
    • http://www.gorillawalker.com/model-law-decisions.pdf
    • http://www.gorillawalker.com/introduction-to-human-parasitology.pdf
    • http://www.gorillawalker.com/observations-on-reversionary-payments-on-schemes-for-providing-annuities-for.pdf
    • http://www.gorillawalker.com/god-gulliver-and-genocide-barbarism-and-the-european-imagination-1492.pdf
    • http://www.gorillawalker.com/handbook-of-drilling-practices.pdf
    • http://www.gorillawalker.com/the-ghosts-of-rowan-oak-william-faulkner-s-ghost-stories.pdf
    • http://www.gorillawalker.com/understanding-space-an-introduction-to-astronautics.pdf
    • http://www.gorillawalker.com/hot-to-the-touch.pdf
    • http://www.gorillawalker.com/the-forests-of-silence-deltora-quest-series.pdf
    • http://www.gorillawalker.com/drinking-and-drafting-fantasy-basketball-strategery-for-each-phase-of.pdf
    • http://www.gorillawalker.com/the-mirror-for-princes-kalila-wa-dimna-oberon-modern-plays.pdf
    • http://www.gorillawalker.com/transfer-pricing-in-international-business-a-management-tool-for-adding.pdf
    • http://www.gorillawalker.com/xml-how-to-program-java-2-perl-cgi-and-active.pdf
    • http://www.gorillawalker.com/digital-black-white-photography-paperback-2004-author-john-beardsworth.pdf
    • http://www.gorillawalker.com/faraway-campaign-experiences-of-an-indian-army-cavalry-officer-in.pdf
    • http://www.gorillawalker.com/siblings-practical-parenting.pdf
    • http://www.gorillawalker.com/oracle-wait-event-tuning-high-performance-with-wait-event-interface.pdf
    • http://www.gorillawalker.com/increasing-flexibility-and-agility-at-the-national-reconnaissance-office-lessons.pdf
    • http://www.gorillawalker.com/animal-painting-workbook.pdf
    • http://www.gorillawalker.com/if-your-child-stutters-a-guide-for-parents.pdf
    • http://www.gorillawalker.com/mr-mrs-kane-betraying-the-billionaire-bwwm-billionaire-romance-book.pdf
    • http://www.gorillawalker.com/ansari-selected-poems.pdf
    • http://www.gorillawalker.com/folens-history-renaissance-revolution-and-reformation-student-book.pdf
    • http://www.gorillawalker.com/a-secret-safe-to-tell.pdf
    • http://www.gorillawalker.com/korean-home-cooking-quick-easy-delicious-recipes-to-make-at.pdf
    • http://www.gorillawalker.com/the-complete-coding-procedure-solution.pdf
    • http://www.gorillawalker.com/demons-our-changing-attitudes-to-alcohol-tobacco-and-drugs.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.