Malicious PDF — malware analysis report

Static analysis result for SHA-256 0829bf53b1509419…

MALICIOUS

PDF

42.0 KB Created: 2018-12-15 08:52:28 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: dbf025ed089dc92b86d8fee390e2160b SHA-1: f40392d75259c9f13d8e92ee4f866be9fbbc2ded SHA-256: 0829bf53b1509419b3633cb22d6934194c49bf19976709dceefc8a2cc914319e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lapland-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/fitface-hands-free-facial-toning-exercises.pdf
    • http://www.gorillawalker.com/dry-skin-and-common-sense.pdf
    • http://www.gorillawalker.com/web-development-and-design-foundations-with-html5-6th-edition.pdf
    • http://www.gorillawalker.com/power-the-essential-works-of-foucault-1954-1984-vol-3.pdf
    • http://www.gorillawalker.com/this-living-hand-and-other-essays-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/lavender-springs-spa-worship-leader-guide.pdf
    • http://www.gorillawalker.com/the-parent-child-dance-strategies-and-techniques-for-staying-one.pdf
    • http://www.gorillawalker.com/quartet-for-oboe-clarinet-alto-saxophone-and-bassoon-by-arthur.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-55-93-fm-7-93-long.pdf
    • http://www.gorillawalker.com/daisy-comes-home.pdf
    • http://www.gorillawalker.com/grundlagen-der-orchestration-teil-1-text-volume-1-german-edition.pdf
    • http://www.gorillawalker.com/hamlet-publisher-yale-university-press.pdf
    • http://www.gorillawalker.com/capture-the-wandering-heart-rescued-a-series-of-hope.pdf
    • http://www.gorillawalker.com/wildlife-wildflowers-and-wild-activities-exploring-southern-appalachia.pdf
    • http://www.gorillawalker.com/open-secrets-a-true-story-of-love-jealousy-and-murder.pdf
    • http://www.gorillawalker.com/clinical-psychiatry-and-the-law.pdf
    • http://www.gorillawalker.com/design-guides-for-offshore-structures-green-guide.pdf
    • http://www.gorillawalker.com/the-complete-reporter-fundamentals-of-news-gathering-writing-and-editing.pdf
    • http://www.gorillawalker.com/xenophobe-s-guide-to-the-estonians.pdf
    • http://www.gorillawalker.com/pillow-princess-part-2-kindle-edition.pdf
    • http://www.gorillawalker.com/fodor-s-brazil-with-an-8-page-special-section-on.pdf
    • http://www.gorillawalker.com/die-rolle-und-funktionsweise-der-europ-ischen-kommission-in-der.pdf
    • http://www.gorillawalker.com/reawakening-regent-vampire-lords-volume-3.pdf
    • http://www.gorillawalker.com/neuroscience-a-mathematical-primer.pdf
    • http://www.gorillawalker.com/social-studies-the-world-grade-6.pdf
    • http://www.gorillawalker.com/great-horse-stories-for-girls-inspiring-tales-of-friendship-and.pdf
    • http://www.gorillawalker.com/music-video-and-entertainment-software-retailing-in-romania-market-databook.pdf
    • http://www.gorillawalker.com/when-my-mind-wanders-it-brings-back-souvenirs-kindle-edition.pdf
    • http://www.gorillawalker.com/getting-to-maybe-kindle-edition.pdf
    • http://www.gorillawalker.com/y-t-yn-cypress-canyon-the-house-in-cypress-canyon.pdf
    • http://www.gorillawalker.com/steck-vaughn-ged-test-prep-2014-ged-science-spanish-student.pdf
    • http://www.gorillawalker.com/hidden-wyoming-including-jackson-hole-and-grand-teton-and-yellowstone.pdf
    • http://www.gorillawalker.com/rowan.pdf
    • http://www.gorillawalker.com/lonely-planet-peru-video-videos-vhs-ntsc-vhs-tape.pdf
    • http://www.gorillawalker.com/parents-and-children-the-ethics-of-the-family.pdf
    • http://www.gorillawalker.com/bartok-companion-the.pdf
    • http://www.gorillawalker.com/the-four-million.pdf
    • http://www.gorillawalker.com/bow-ties-a-practical-guide-men-s-style-series-book.pdf
    • http://www.gorillawalker.com/the-metamorphosis-of-kaden-parsons.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.