Malicious PDF — malware analysis report

Static analysis result for SHA-256 0496a932f3541a25…

MALICIOUS

PDF

43.4 KB Created: 2018-11-14 08:15:49 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: b76bf18c3737713c6306afddda686d77 SHA-1: c1e1f58ceb496a078a721131190493fe4c8fe909 SHA-256: 0496a932f3541a25b36a10dc8b4c52eacf7df808490556065cfdf6c6ef6ce12a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or SEO manipulation tactic, and the sheer volume suggests a malicious intent to distribute or redirect users. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sociodynamics-a-systematic-approach-to-mathematical-modelling-in-the-social.pdf
    • http://www.gorillawalker.com/my-daily-walk-discover-the-life-of-jesus.pdf
    • http://www.gorillawalker.com/developing-agility-and-quickness-sport-performance.pdf
    • http://www.gorillawalker.com/shaken-faith-syndrome-strengthening-one-s-testimony-in-the-face.pdf
    • http://www.gorillawalker.com/kinetic-systems-mathematical-description-of-chemical-kinetics-in-solution.pdf
    • http://www.gorillawalker.com/advances-in-solid-state-physics-45.pdf
    • http://www.gorillawalker.com/plowing-in-hope-towards-a-biblical-theology-of-culture.pdf
    • http://www.gorillawalker.com/the-pebble-first-guide-to-rocks-and-minerals-pebble-first.pdf
    • http://www.gorillawalker.com/american-journal-of-dental-science-volume-28.pdf
    • http://www.gorillawalker.com/reynold-brown-a-life-in-pictures.pdf
    • http://www.gorillawalker.com/maze-the-ballerina-series-book-2-volume-2.pdf
    • http://www.gorillawalker.com/solar-power-energy-today.pdf
    • http://www.gorillawalker.com/de-profundis-clasicos-de-la-literatura-series-spanish-edition.pdf
    • http://www.gorillawalker.com/ibsen-four-major-plays-vol-ii.pdf
    • http://www.gorillawalker.com/florida-criminal-cases-notebook.pdf
    • http://www.gorillawalker.com/backpacking-the-complete-backpacking-guide-to-getting-you-started-on.pdf
    • http://www.gorillawalker.com/sophie-la-girafe-on-the-move.pdf
    • http://www.gorillawalker.com/commissioning-the-past-understanding-south-africa-s-truth-and-reconciliation.pdf
    • http://www.gorillawalker.com/brynne-non-vampire-the-non-vampire-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/amg-s-annotated-strong-s-dictionaries-word-study-series.pdf
    • http://www.gorillawalker.com/belligerent-muse-five-northern-writers-and-how-they-shaped-our.pdf
    • http://www.gorillawalker.com/principled-judicial-restraint-a-case-against-activism.pdf
    • http://www.gorillawalker.com/the-english-execution-narrative-1200-1700-the-body-gender-and.pdf
    • http://www.gorillawalker.com/myth-and-scripture-contemporary-perspectives-on-religion-language-and-imagination.pdf
    • http://www.gorillawalker.com/the-storm-a-profitable-position-and-other-plays-russian-edition.pdf
    • http://www.gorillawalker.com/easy-gospel-mandolin-solos-vol-2-book-cd.pdf
    • http://www.gorillawalker.com/international-comparative-employment-relations.pdf
    • http://www.gorillawalker.com/mcgraw-hill-education-gmat-2016-strategies-10-practice-tests-11.pdf
    • http://www.gorillawalker.com/picturing-poverty-print-culture-and-fsa-photographs.pdf
    • http://www.gorillawalker.com/points-de-depart.pdf
    • http://www.gorillawalker.com/streamlined-id-a-practical-guide-to-instructional-design.pdf
    • http://www.gorillawalker.com/thermodynamics-and-the-destruction-of-resources.pdf
    • http://www.gorillawalker.com/john-wesley-on-the-sacraments-a-theological-study.pdf
    • http://www.gorillawalker.com/lost-breweries-of-toronto.pdf
    • http://www.gorillawalker.com/guide-to-jamaica-a-complete-travel-book-of-the-famous.pdf
    • http://www.gorillawalker.com/soa-in-practice-the-art-of-distributed-system-design-theory.pdf
    • http://www.gorillawalker.com/product-and-process-design-principles-synthesis-analysis-and-design.pdf
    • http://www.gorillawalker.com/the-early-cartography-of-renfrewshire-occasional-paper.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-fashion-illustration.pdf
    • http://www.gorillawalker.com/rand-mcnally-1st-edition-des-moines-street-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.