Malicious PDF — malware analysis report

Static analysis result for SHA-256 05f1d36f430a8ae2…

MALICIOUS

PDF

43.4 KB Created: 2018-11-30 20:30:22 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: fb64e862e78cc3f7c991a0e7ba80b9b5 SHA-1: f0ae3798b7ca7a1ac5292603bba2efa11f021b14 SHA-256: 05f1d36f430a8ae22a1111c1c3adb316068b1c4ab7cdfab39d9bbab7260a9af7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on gorillawalker.com, suggesting a link farm or SEO manipulation tactic. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-counterpoints-library-complete-32-volume-set-resources-for-understanding.pdf
    • http://www.gorillawalker.com/dakota-s-cowboys-dakota-heat-3-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/brescia-bugatti.pdf
    • http://www.gorillawalker.com/wortschatz-und-textproduktion-wie-lassen-sich-schreibkompetenzen-von-hauptsch-lern.pdf
    • http://www.gorillawalker.com/practical-astrology-self-transformation-through-self-knowledge-kabbalah-tarot-and.pdf
    • http://www.gorillawalker.com/pediatric-foot-and-ankle-surgery.pdf
    • http://www.gorillawalker.com/the-origin-of-radar-praeger-security-international.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-berresford-rockett-s-applied-calculus-7th.pdf
    • http://www.gorillawalker.com/the-captured-a-true-story-of-abduction-by-indians-on.pdf
    • http://www.gorillawalker.com/gender-swap-candle-shop-breaking-in-the-bimbo-forced-gender.pdf
    • http://www.gorillawalker.com/it-s-not-summer-without-you-summer-series-book-2.pdf
    • http://www.gorillawalker.com/basic-theory-of-ordinary-differential-equations-universitext.pdf
    • http://www.gorillawalker.com/it-s-okay-it-s-paleo-kindle-edition.pdf
    • http://www.gorillawalker.com/songs-of-the-1970-s-the-decade-series.pdf
    • http://www.gorillawalker.com/el-pequeno-libro-de-la-medicina-energetica-coleccion-salud-y.pdf
    • http://www.gorillawalker.com/my-karate-odyssey-a-six-month-journey-across-north-central.pdf
    • http://www.gorillawalker.com/costa-rica-guias-del-buen-viajero-spanish-edition.pdf
    • http://www.gorillawalker.com/my-little-nest-of-heavenly-blue-frasquita-serenade-1922-sheet.pdf
    • http://www.gorillawalker.com/grain-brain-top-50-facts-countdown.pdf
    • http://www.gorillawalker.com/building-troyes-cathedral-the-late-gothic-campaigns.pdf
    • http://www.gorillawalker.com/the-adventures-of-monka-the-monkey-kindle-edition.pdf
    • http://www.gorillawalker.com/art-of-palestinian-embroidery.pdf
    • http://www.gorillawalker.com/spinning-for-softness-and-speed.pdf
    • http://www.gorillawalker.com/the-white-climax-publishing-erotica-library.pdf
    • http://www.gorillawalker.com/memoirs-of-mrs-ruth-patten-of-hartford-conn-with-letters.pdf
    • http://www.gorillawalker.com/korean-cooking-made-easy-simple-meals-in-minutes-korean-cookbook.pdf
    • http://www.gorillawalker.com/health-online-how-to-find-health-information-support-groups-and.pdf
    • http://www.gorillawalker.com/hull-east-1928-yorkshire-sheet-240-03b-old-o-s.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-the-pelican-shakespeare.pdf
    • http://www.gorillawalker.com/kuhn-s-structure-of-scientific-revolutions-50-years-on-boston.pdf
    • http://www.gorillawalker.com/it-is-easy-being-green-60-bible-stories-crafts-with.pdf
    • http://www.gorillawalker.com/campagne-de-russie-1812-primary-source-edition-french-edition.pdf
    • http://www.gorillawalker.com/corporate-legal-departments-vol-1-2.pdf
    • http://www.gorillawalker.com/skud.pdf
    • http://www.gorillawalker.com/partners-healing-from-his-addiction.pdf
    • http://www.gorillawalker.com/agribusiness-management-challenges-opportunities-strategies.pdf
    • http://www.gorillawalker.com/the-new-handbook-of-administrative-supervision-in-counseling.pdf
    • http://www.gorillawalker.com/burgeoned-barbwires-armenian-edition.pdf
    • http://www.gorillawalker.com/brownies-blondies-and-bar-cookies.pdf
    • http://www.gorillawalker.com/paleo-freezer-recipes-and-paleo-indian-recipes-2-book-combo.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.