Malicious PDF — malware analysis report

Static analysis result for SHA-256 06c5a5499aea222b…

MALICIOUS

PDF

44.0 KB Created: 2019-04-04 20:53:54 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: 58d36f7c36c3dcd5699eb7b09a11c900 SHA-1: 4db41e197c34f7414a3e2fdb0b14a54e0b3808ea SHA-256: 06c5a5499aea222b36f98032aa5155435ac8dc5c3b55debda4ad7cd736fce057
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary goal appears to be directing users to a vast collection of linked PDFs hosted on gorillawalker.com, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/zagat-2009-brooklyn-zagat-survey-best-of-brooklyn.pdf
    • http://www.gorillawalker.com/led-zeppelin-the-stories-behind-every-led-zeppelin-song-stories.pdf
    • http://www.gorillawalker.com/imperfect-spiral-kindle-edition.pdf
    • http://www.gorillawalker.com/cuando-los-marginados-se-convierten-en-reyes-descubra-el-poder.pdf
    • http://www.gorillawalker.com/easy-to-learn-digital-photo-processing.pdf
    • http://www.gorillawalker.com/little-dinosaurs-and-early-birds-let-s-read-find-out.pdf
    • http://www.gorillawalker.com/chinese-civilization-the-history-of-civilization.pdf
    • http://www.gorillawalker.com/fearless-feeding-how-to-raise-healthy-eaters-from-high-chair.pdf
    • http://www.gorillawalker.com/thomas-kinkade-painter-of-light-2009-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/odysseus-17th-ed-p.pdf
    • http://www.gorillawalker.com/laboratory-animal-anaesthesia-fourth-edition.pdf
    • http://www.gorillawalker.com/tiger-woods-trailblazers-of-the-modern-world.pdf
    • http://www.gorillawalker.com/semeia-75-postcolonialism-and-scriptural-reading.pdf
    • http://www.gorillawalker.com/review-of-human-carcinogens-personal-habits-and-indoor-combustions-iarc.pdf
    • http://www.gorillawalker.com/holt-handbook-developing-language-practice-grade-10.pdf
    • http://www.gorillawalker.com/turbulence-and-predictability-in-geophysical-fluid-dynamics-and-climate-dynamics.pdf
    • http://www.gorillawalker.com/tons-of-tunes-for-the-holidays-bassoon-trombone-euphonium.pdf
    • http://www.gorillawalker.com/vedibarta-bam-shavuot-megillat-ruth.pdf
    • http://www.gorillawalker.com/the-runner-s-diary-a-daily-training-log.pdf
    • http://www.gorillawalker.com/all-colour-wok-recipes.pdf
    • http://www.gorillawalker.com/deception-by-design-the-mormon-story.pdf
    • http://www.gorillawalker.com/playing-to-win-how-strategy-really-works-by-lafley-a.pdf
    • http://www.gorillawalker.com/social-butterfly-become-light-and-free-in-social-situations.pdf
    • http://www.gorillawalker.com/manual-of-photography.pdf
    • http://www.gorillawalker.com/embassy-residences-in-washington-d-c.pdf
    • http://www.gorillawalker.com/dinosaurs-written-by-rupert-matthews-ripley-s-twists.pdf
    • http://www.gorillawalker.com/tally-s-corner.pdf
    • http://www.gorillawalker.com/emt-basic-review-manual-for-national-certification.pdf
    • http://www.gorillawalker.com/screen-adaptations-romeo-and-juliet-a-close-study-of-the.pdf
    • http://www.gorillawalker.com/avant-garde-graphics-in-russia-posters-book-design-childrens-books.pdf
    • http://www.gorillawalker.com/a-merciful-end-the-euthanasia-movement-in-modern-america.pdf
    • http://www.gorillawalker.com/integrated-korean-beginning-2-klear-textbooks-in-korean-language.pdf
    • http://www.gorillawalker.com/french-language-swot-cards-for-beginners-pack-2.pdf
    • http://www.gorillawalker.com/how-s-the-weather-footprint-reading-library-6.pdf
    • http://www.gorillawalker.com/the-2-320-funniest-quotes-the-most-hilarious-quips-and.pdf
    • http://www.gorillawalker.com/challenges-for-european-innovation-policy-cohesion-and-excellence-from-a.pdf
    • http://www.gorillawalker.com/a-history-of-the-eastern-roman-empire-book-iii-of.pdf
    • http://www.gorillawalker.com/objectarx-primer-autodesk-s-programmer.pdf
    • http://www.gorillawalker.com/the-digital-photography-book-part-5-photo-recipes.pdf
    • http://www.gorillawalker.com/computational-science-iccs-2005-5th-international-conference-atlanta-ga-usa.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.