Malicious PDF — malware analysis report

Static analysis result for SHA-256 04351025f325b0e1…

MALICIOUS

PDF

42.1 KB Created: 2019-04-04 10:02:07 +03:00 Authoring application: Adobe Illustrator CS5.1 (via GPL Ghostscript 9.10)
MD5: 26e126c8a5a3648b979f957ea0654847 SHA-1: 5bf7438d33e5b85af88fc0f026d7d9f98c57bda1 SHA-256: 04351025f325b0e1bf26c5989cfe759f2395fcb924e37f6fc9831ec77036ccfc
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/textbook-of-dental-anatomy-and-physiology-with-394-illustrations.pdf
    • http://www.gorillawalker.com/dragon-valley.pdf
    • http://www.gorillawalker.com/basic-blacksmithing-an-introduction-to-toolmaking.pdf
    • http://www.gorillawalker.com/pediatric-incontinence-evaluation-and-clinical-management.pdf
    • http://www.gorillawalker.com/topics-on-steiner-systems-volume-7-annals-of-discrete-mathematics.pdf
    • http://www.gorillawalker.com/ace-reid-s-cowpokes-home-remedies.pdf
    • http://www.gorillawalker.com/neuroinflammation-in-disease-risk-factors-management-and-outcomes.pdf
    • http://www.gorillawalker.com/house-lust-america-s-obsession-with-our-homes.pdf
    • http://www.gorillawalker.com/triad-optical-illusions.pdf
    • http://www.gorillawalker.com/10-minutes-a-day-math-fourth-grade-math-made-easy.pdf
    • http://www.gorillawalker.com/is-british-food-bad-for-you-choice-in-welfare.pdf
    • http://www.gorillawalker.com/classic-american-cars-classic-cars-and-bikes-collection.pdf
    • http://www.gorillawalker.com/the-skin-ego.pdf
    • http://www.gorillawalker.com/delegating-work-hbr-20-minute-manager-series.pdf
    • http://www.gorillawalker.com/encounters-with-wolves-75-wolf-pictures-3-true-short-stories.pdf
    • http://www.gorillawalker.com/knowledge-and-ethics-in-anthropology-obligations-and-requirements.pdf
    • http://www.gorillawalker.com/dk-eyewitness-pocket-map-and-guide-vienna.pdf
    • http://www.gorillawalker.com/ethics-and-economics-of-assisted-reproduction-the-cost-of-longing.pdf
    • http://www.gorillawalker.com/building-a-disaster-resistant-university-fema-443.pdf
    • http://www.gorillawalker.com/as-i-shall-be-someday-a-personal-journey-through-the.pdf
    • http://www.gorillawalker.com/turning-over-a-new-leaf-in-madison-wisconsin.pdf
    • http://www.gorillawalker.com/full-throttle-3-turbo-cowboys.pdf
    • http://www.gorillawalker.com/ibiza-formentera-balearics-spain-1-50-000-hiking-map-gps.pdf
    • http://www.gorillawalker.com/panzer-feldjacke-german-armored-crew-uniforms-of-the-second-world.pdf
    • http://www.gorillawalker.com/piano-sonata-no-28-in-a-major-op-101-bk.pdf
    • http://www.gorillawalker.com/shopping-math-math-24-7.pdf
    • http://www.gorillawalker.com/alfred-publishing-06-422348-playing-the-harpsichord.pdf
    • http://www.gorillawalker.com/chocolate-spanish-dance-nutcracker-suite-tchaikovsky-easy-piano-sheet-music.pdf
    • http://www.gorillawalker.com/firefighters.pdf
    • http://www.gorillawalker.com/gears-grins-gasoline-my-wheel-life-adventures.pdf
    • http://www.gorillawalker.com/the-legacy-of-odin-the-runes-saga-book-2-kindle.pdf
    • http://www.gorillawalker.com/marie-ndiaye-blankness-and-recognition-contemporary-french-and-francophone-cultures.pdf
    • http://www.gorillawalker.com/electronic-documents-in-maritime-trade-law-and-practice.pdf
    • http://www.gorillawalker.com/turning-victorian-ladies-into-women-the-life-of-bessie-rayner.pdf
    • http://www.gorillawalker.com/context-level-d-steck-vaughn-comprehension-skills.pdf
    • http://www.gorillawalker.com/no-more-bullies-the-real-super-mind.pdf
    • http://www.gorillawalker.com/everybody-on-the-truck-the-story-of-the-dillards-the.pdf
    • http://www.gorillawalker.com/title-40-environment-63-1-63-599-2011-title-40.pdf
    • http://www.gorillawalker.com/memory-attention-and-decision-making-a-unifying-computational-neuroscience-approach.pdf
    • http://www.gorillawalker.com/radio-receiver-projects-you-can-build.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.