Malicious PDF — malware analysis report

Static analysis result for SHA-256 072ab980df8a573b…

MALICIOUS

PDF

43.6 KB Created: 2018-11-14 11:23:10 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 4ed002baac42fa8cec47419a018a3820 SHA-1: e0cc47a6b38c2d5ec99ab00d5494793a0f170c57 SHA-256: 072ab980df8a573bf6b676ca1d09827583a53923befcf816595fb9cfb3a1219c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged the PDF as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/becoming-osiris-the-ancient-egyptian-death-experience.pdf
    • http://www.gorillawalker.com/aplicaci.pdf
    • http://www.gorillawalker.com/kidnapped-by-river-rats-william-and-catherine-booth-trailblazer-books.pdf
    • http://www.gorillawalker.com/the-new-imperial-edition-of-mezzo-soprano-songs-level-intermediate.pdf
    • http://www.gorillawalker.com/hearing-voices-the-histories-causes-and-meanings-of-auditory-verbal.pdf
    • http://www.gorillawalker.com/notes-on-the-bedouins-and-wah-bys-collected-during-his.pdf
    • http://www.gorillawalker.com/messages-of-hope-2003.pdf
    • http://www.gorillawalker.com/virgil-s-aeneid-cosmos-and-imperium.pdf
    • http://www.gorillawalker.com/radar-design-principles-signal-processing-and-the-environment.pdf
    • http://www.gorillawalker.com/unified-algebra-and-trigonometry.pdf
    • http://www.gorillawalker.com/the-soul-s-mark-hunted-volume-2.pdf
    • http://www.gorillawalker.com/coding-and-payment-guide-for-behavioral-health-services-2011.pdf
    • http://www.gorillawalker.com/nineteenth-century-dissent-in-eastern-england-studies-in-evangelical-history.pdf
    • http://www.gorillawalker.com/basics-of-winning-slots.pdf
    • http://www.gorillawalker.com/bone-loss-and-osteoporosis-an-anthropological-perspective.pdf
    • http://www.gorillawalker.com/jesse-savannah-he-said-she-said.pdf
    • http://www.gorillawalker.com/transplantation-at-a-glance-kindle-edition.pdf
    • http://www.gorillawalker.com/learn-to-code-in-swift-the-new-language-of-ios.pdf
    • http://www.gorillawalker.com/the-emperor-s-new-clothes-a-fairy-tale-little-pebbles.pdf
    • http://www.gorillawalker.com/cold-hearts-candy-floss.pdf
    • http://www.gorillawalker.com/introduction-to-the-command-line-second-edition-the-fat-free.pdf
    • http://www.gorillawalker.com/tips-for-the-residency-match-what-residency-directors-are-really.pdf
    • http://www.gorillawalker.com/analyzing-household-vulnerability-to-climate-change-in-ethiopia-evidence-from.pdf
    • http://www.gorillawalker.com/do-the-work-overcome-resistance-and-get-out-of-your.pdf
    • http://www.gorillawalker.com/shining-hearts-collection-of-visual-materials.pdf
    • http://www.gorillawalker.com/reviews-of-environmental-contamination-and-toxicology-201.pdf
    • http://www.gorillawalker.com/qdt-2004-quintessence-of-dental-technology-volume-27-qdt-quintessence.pdf
    • http://www.gorillawalker.com/site-engineering-workbook.pdf
    • http://www.gorillawalker.com/hospitality-services.pdf
    • http://www.gorillawalker.com/games-purpose-and-potential-in-education.pdf
    • http://www.gorillawalker.com/cfa-level-2-complete-package.pdf
    • http://www.gorillawalker.com/christmas-miracles-foreword-by-don-piper-author-of-90-minutes.pdf
    • http://www.gorillawalker.com/registered-professional-nurses-unlicensed-assistive-personnel.pdf
    • http://www.gorillawalker.com/sleep-black-bear-sleep.pdf
    • http://www.gorillawalker.com/dublin-city-map.pdf
    • http://www.gorillawalker.com/slated-kindle-edition.pdf
    • http://www.gorillawalker.com/christian-gnosis.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-negro-league-baseball-facts-on-file-sports.pdf
    • http://www.gorillawalker.com/books-of-nogihen-sports-medicine-of-everyone-2-scuba-diving.pdf
    • http://www.gorillawalker.com/seducing-the-knight-brotherhood-of-the-scottish-templars-volume-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.