Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c1db9a056fc037b…

MALICIOUS

PDF

46.6 KB Created: 2018-11-14 11:22:44 +03:00 Authoring application: Adobe InDesign CS5 (7.0.3) (via Adobe PDF Library 9.9)
MD5: 42cb3da804d4af0220670be26dbb1d7d SHA-1: b73ab0054ac86782e33b96539c79a3617db98747 SHA-256: 0c1db9a056fc037b00e0fe84bdab9146fddc63a0a97a386f3ad470ef8c2bb8e9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7752

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/film-before-griffith.pdf
    • http://www.gorillawalker.com/commentationes-societatis-regiae-scientiarum-gottingensis-recentiores-classis-historicae-et-philologicae.pdf
    • http://www.gorillawalker.com/the-future-of-water-in-african-cities-why-waste-water.pdf
    • http://www.gorillawalker.com/the-2007-2012-world-outlook-for-crude-petroleum-and-natural.pdf
    • http://www.gorillawalker.com/congress-and-the-common-good.pdf
    • http://www.gorillawalker.com/jazz-piano-voicings-an-essential-resource-for-aspiring-jazz-musicians.pdf
    • http://www.gorillawalker.com/a-gift-before-dying.pdf
    • http://www.gorillawalker.com/dv8-16-february-1998.pdf
    • http://www.gorillawalker.com/electrical-conduction-in-graphene-and-nanotubes.pdf
    • http://www.gorillawalker.com/tactical-crime-analysis-research-and-investigation.pdf
    • http://www.gorillawalker.com/trader-vic-s-pacific-island-cookbook-with-side-trips-to.pdf
    • http://www.gorillawalker.com/psychology-and-law-the-international-library-of-psychology.pdf
    • http://www.gorillawalker.com/the-bacteriologist-an-original-comedy-in-five-acts-my-friend.pdf
    • http://www.gorillawalker.com/child-pornography-and-sex-rings.pdf
    • http://www.gorillawalker.com/charles-johnson-the-novelist-as-philosopher.pdf
    • http://www.gorillawalker.com/what-everyone-needs-to-know-about-islam.pdf
    • http://www.gorillawalker.com/nanoparticles-from-theory-to-application.pdf
    • http://www.gorillawalker.com/the-old-red-tractor.pdf
    • http://www.gorillawalker.com/strategic-brand-management-creating-and-sustaining-brand-equity-long-term.pdf
    • http://www.gorillawalker.com/architectural-graphic-standards-9th-edition-1998-cumulative-supplement-by-ramsey.pdf
    • http://www.gorillawalker.com/excel-workbook-to-accompany-practical-business-math-procedures.pdf
    • http://www.gorillawalker.com/toma-de-datos-mediciones-y-croquis-para-la-instalaci.pdf
    • http://www.gorillawalker.com/meet-rebecca-american-girl.pdf
    • http://www.gorillawalker.com/y-sin-embargo-no-se-mueve-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-right-stock-at-the-right-time-prospering-in-the.pdf
    • http://www.gorillawalker.com/actinides-in-the-environment-a-symposium-sponsored-by-the-division.pdf
    • http://www.gorillawalker.com/the-illustrated-encyclopedia-of-woodworking-handtools-instruments-devices-the-illustrated.pdf
    • http://www.gorillawalker.com/cosmeceuticals-drugs-vs-cosmetics-cosmetic-science-and-technology.pdf
    • http://www.gorillawalker.com/magic-of-the-brittany-2013.pdf
    • http://www.gorillawalker.com/the-private-world-of-ottoman-women-saqi-essentials.pdf
    • http://www.gorillawalker.com/anti-oxidants-and-effects-on-longevity-index-of-new-information.pdf
    • http://www.gorillawalker.com/murmullos-de-la-selva-montana-encantada-spanish-edition.pdf
    • http://www.gorillawalker.com/estrategias-de-lenguaje-para-ninos-language-strategies-for-children-ejercicios.pdf
    • http://www.gorillawalker.com/multiple-masks-neoclassicism-in-stravinsky-s-works-on-greek-subjects.pdf
    • http://www.gorillawalker.com/motor-vehicle-accident-reconstruction-and-cause-analysis-kindle-edition.pdf
    • http://www.gorillawalker.com/fragmentsandletters.pdf
    • http://www.gorillawalker.com/professional-orchestration-a-practical-handbook-workbook.pdf
    • http://www.gorillawalker.com/othello-a-critical-reader-arden-early-modern-drama-guides.pdf
    • http://www.gorillawalker.com/diagnostic-electron-microscopy-of-tumours.pdf
    • http://www.gorillawalker.com/the-law-of-the-sea-a-select-bibliography-2010.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.