Malicious PDF — malware analysis report

Static analysis result for SHA-256 065505e106c364a4…

MALICIOUS

PDF

38.7 KB Created: 2018-12-02 10:56:05 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: a15ada89a3ae777f7d93a50f54123adf SHA-1: a19c860faf9234b79290a7ef3c864742de56f6a9 SHA-256: 065505e106c364a4da2657979f1e14b0acccb42531834744367d3268a5451e81
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests this malicious intent. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8500

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/archives-of-the-airwaves-volume-6.pdf
    • http://www.gorillawalker.com/aung-san-suu-kyi-leading-women.pdf
    • http://www.gorillawalker.com/snake-charmer.pdf
    • http://www.gorillawalker.com/kate-spade-new-york-all-in-good-taste.pdf
    • http://www.gorillawalker.com/mindset-to-millionaire-7-keys-to-becoming-a-real-estate.pdf
    • http://www.gorillawalker.com/the-haiku-of-james-f-dunn.pdf
    • http://www.gorillawalker.com/stupak-on-craps.pdf
    • http://www.gorillawalker.com/the-wiley-guide-to-project-organization-and-project-management-competencies.pdf
    • http://www.gorillawalker.com/valhalla-rising-dirk-pitt-adventures.pdf
    • http://www.gorillawalker.com/chilli-jam-recipes-easy-stove-top-recipes-anyone-can-make.pdf
    • http://www.gorillawalker.com/archaeology-of-the-dreamtime.pdf
    • http://www.gorillawalker.com/barron-s-toefl-ibt-internet-based-test-barron-toefl-ibt.pdf
    • http://www.gorillawalker.com/handbook-of-dredging-engineering.pdf
    • http://www.gorillawalker.com/berlitz-barcelona-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/mala-suerte-bad-luck-leer-en-espanol-level-1-spanish.pdf
    • http://www.gorillawalker.com/a-treatise-on-modern-instrumentation-and-orchestration-to-which-is.pdf
    • http://www.gorillawalker.com/figure-drawing-and-portraiture-in-pencil-chalk-and-charcoal-dover.pdf
    • http://www.gorillawalker.com/the-black-geese-a-baba-yaga-story-from-russia.pdf
    • http://www.gorillawalker.com/the-incredibles-the-essential-guide-dk-essential-guides.pdf
    • http://www.gorillawalker.com/vallee-de-la-loire.pdf
    • http://www.gorillawalker.com/the-language-myth-why-language-is-not-an-instinct.pdf
    • http://www.gorillawalker.com/masterful-leadership-leading-like-jesus-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-bear-vocal-score-an-extravaganza-in-one-act-william.pdf
    • http://www.gorillawalker.com/sticker-play-scene-farm-sticker-play-scenes.pdf
    • http://www.gorillawalker.com/the-jehovah-contract.pdf
    • http://www.gorillawalker.com/gandhi-and-leadership-new-horizons-in-exemplary-leadership.pdf
    • http://www.gorillawalker.com/the-trojan-women-and-hippolytus-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/what-happens-next-english-russian-photoflap-russian-edition-photoflaps.pdf
    • http://www.gorillawalker.com/testosterona-un-plan-de-alimentacion-y-ejercicio-para-hombres-the.pdf
    • http://www.gorillawalker.com/the-official-phone-interview-handbook.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-food-processor-cook-book.pdf
    • http://www.gorillawalker.com/throw-the-wheat-in-the-sea-gluten-and-wheat-free.pdf
    • http://www.gorillawalker.com/a-heart-s-rebellion-a-regency-romance.pdf
    • http://www.gorillawalker.com/lift-up-my-soul-from-the-pslams-sheet-music.pdf
    • http://www.gorillawalker.com/my-neighbor-the-milf.pdf
    • http://www.gorillawalker.com/game-over-hex-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/fitting-and-dispensing-hearing-aids.pdf
    • http://www.gorillawalker.com/the-first-three-years-of-the-child.pdf
    • http://www.gorillawalker.com/mastering-corporate-tax-carolina-academic-press-mastering-kindle-edition.pdf
    • http://www.gorillawalker.com/mr-jones-rules-for-the-modern-man.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.