Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ae6904fdd527687…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:07:56 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: c4f89410e8a0f9bca8239e70632b4bba SHA-1: d0aa368f7b207844c705c10c65132b4f24e6acbd SHA-256: 0ae6904fdd527687d3711bb4feec6f012f55f412f2390a5bbfb78cd77c499946
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This pattern is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, potentially including malicious payloads. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests this behavior. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/paranormal-erotica-the-encounter.pdf
    • http://www.gorillawalker.com/trampoline-an-illustrated-novel.pdf
    • http://www.gorillawalker.com/fluid-mechanics-and-transfer-processes.pdf
    • http://www.gorillawalker.com/book-of-dreams-and-nightmares.pdf
    • http://www.gorillawalker.com/cell-physiology-sourcebook-third-edition-a-molecular-approach.pdf
    • http://www.gorillawalker.com/hong-kong-city-map-detailed-tourist-informations-hotel-selection-1.pdf
    • http://www.gorillawalker.com/finite-element-analysis-of-beam-to-beam-contact-lecture-notes.pdf
    • http://www.gorillawalker.com/chromosomes-in-evolution-of-eukaryotic-groups.pdf
    • http://www.gorillawalker.com/my-fair-child.pdf
    • http://www.gorillawalker.com/the-human-body-book-second-edition.pdf
    • http://www.gorillawalker.com/letters-from-prague-1939-150-1941.pdf
    • http://www.gorillawalker.com/the-long-embrace-raymond-chandler-and-the-woman-he-loved.pdf
    • http://www.gorillawalker.com/auto-bingo-2.pdf
    • http://www.gorillawalker.com/great-platform-at-vijayanagara-architecture-sculpture.pdf
    • http://www.gorillawalker.com/inro-and-other-miniature-forms-of-japanese-lacquer-art.pdf
    • http://www.gorillawalker.com/catalogue-of-syriac-manuscripts-in-the-british-museum-acquired-since.pdf
    • http://www.gorillawalker.com/buick-oldsmobile-and-pontiac-full-size-models-1985-thru-2002.pdf
    • http://www.gorillawalker.com/how-to-read-a-poem-and-start-a-poetry-circle.pdf
    • http://www.gorillawalker.com/learn-french-with-paul-noble.pdf
    • http://www.gorillawalker.com/nomads-in-postrevolutionary-iran-the-qashqa-i-in-an-era.pdf
    • http://www.gorillawalker.com/mel-bay-presents-school-of-bongo-book-cd-set.pdf
    • http://www.gorillawalker.com/learning-maya-6-rendering.pdf
    • http://www.gorillawalker.com/modern-mexico-s-standard-guide-to-the-city-of-mexico.pdf
    • http://www.gorillawalker.com/get-off-the-grass-kickstarting-new-zealand-s-innovation-economy.pdf
    • http://www.gorillawalker.com/five.pdf
    • http://www.gorillawalker.com/social-imc-social-strategies-with-bottom-line-roi.pdf
    • http://www.gorillawalker.com/timeless-love-a-time-travel-romance.pdf
    • http://www.gorillawalker.com/chicago-state-calendar.pdf
    • http://www.gorillawalker.com/chinese-myths-and-legends-all-about-myths.pdf
    • http://www.gorillawalker.com/membrane-processes-for-water-reuse.pdf
    • http://www.gorillawalker.com/the-usborne-illustrated-dictionary-of-physics-illustrated-dictionaries.pdf
    • http://www.gorillawalker.com/rainy-day-sudoku-puzzles-puzzle-solving-fun-to-sharpen-your.pdf
    • http://www.gorillawalker.com/vegetable-literacy-cooking-and-gardening-with-twelve-families-from-the.pdf
    • http://www.gorillawalker.com/opere-di-vittoria-colonna-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/left-of-the-color-line-race-radicalism-and-twentieth-century.pdf
    • http://www.gorillawalker.com/when-you-give-a-frog-a-piece-of-matza.pdf
    • http://www.gorillawalker.com/au-nom-du-pere-french-edition.pdf
    • http://www.gorillawalker.com/environmental-change-in-iceland-past-and-present-glaciology-and-quaternary.pdf
    • http://www.gorillawalker.com/victorian-women-poets-an-annotated-anthology.pdf
    • http://www.gorillawalker.com/the-art-of-salad-making-and-the-art-of-barbecue.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.