Malicious PDF — malware analysis report

Static analysis result for SHA-256 0e464af7855a2dee…

MALICIOUS

PDF

39.4 KB Created: 2018-12-15 20:01:15 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: e90409b3516a2414238e5eee823fa5cb SHA-1: 579424fbe4819957ec5387befef720b4a31265b9 SHA-256: 0e464af7855a2deee9cd0ff2affdcc765e8fcfff8eb4e91e0720f2d893516aa8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or SEO manipulation tactic, and potentially a method to distribute further malicious content or redirect users to phishing sites. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/start-small-finish-big.pdf
    • http://www.gorillawalker.com/crazy-world-of-hospitals-crazy-world-ser.pdf
    • http://www.gorillawalker.com/pathfinder-player-companion-people-of-the-sands.pdf
    • http://www.gorillawalker.com/the-source-for-pediatric-dysphagia.pdf
    • http://www.gorillawalker.com/the-honeymoon-cottage-a-pajaro-bay-cozy-mystery-sweet-romance.pdf
    • http://www.gorillawalker.com/periodontia-portuguese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/power-structure-ownership-integration-and-competition-in-the-u-s.pdf
    • http://www.gorillawalker.com/guidelines-for-the-supplementary-load-testing-of-bridges.pdf
    • http://www.gorillawalker.com/p-s-your-cat-is-dead.pdf
    • http://www.gorillawalker.com/a-caregiver-from-the-heart-kindle-edition.pdf
    • http://www.gorillawalker.com/write-me-a-murder-acting-edition.pdf
    • http://www.gorillawalker.com/poetry-matters-creative-voices.pdf
    • http://www.gorillawalker.com/my-first-new-testament-stories.pdf
    • http://www.gorillawalker.com/the-rocks-of-aserol-part-one-volume-1.pdf
    • http://www.gorillawalker.com/1-2-thessalonians-reformed-expository-commentary.pdf
    • http://www.gorillawalker.com/180-days-of-reading-for-fourth-grade-practice-assess-diagnose.pdf
    • http://www.gorillawalker.com/ennius-and-the-architecture-of-the-annales.pdf
    • http://www.gorillawalker.com/making-weapons-talking-peace-a-physicist-s-odyssey-from-hiroshima.pdf
    • http://www.gorillawalker.com/orchestral-bowing-etudes-violin-belwin-course-for-strings.pdf
    • http://www.gorillawalker.com/mao-in-the-boardroom-marketing-genius-from-the-mind-of.pdf
    • http://www.gorillawalker.com/extra-life-coming-of-age-in-cyberspace.pdf
    • http://www.gorillawalker.com/solutions-of-the-examples-in-higher-algebra.pdf
    • http://www.gorillawalker.com/christmas-pets-and-kisses-16-sweet-christmas-romances.pdf
    • http://www.gorillawalker.com/highlander-s-rebellious-love-macinnes-sisters-trilogy-volume-2.pdf
    • http://www.gorillawalker.com/sentirse-bien-spanish-edition.pdf
    • http://www.gorillawalker.com/effects-of-orthodontic-treatment-on-self-confidence-perspective-survey-by.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-great-reggae-the-complete-story-of.pdf
    • http://www.gorillawalker.com/jelgavas-rajons-rajona-karte-1-100-000-jelgavas-pilseta-pilsetas.pdf
    • http://www.gorillawalker.com/the-holy-goof-a-biography-of-neal-cassady.pdf
    • http://www.gorillawalker.com/ulsi-science-and-technology-proceedings-of-the-5th-international-symposium.pdf
    • http://www.gorillawalker.com/in-my-sister-s-shadow-amish-maids-volume-4.pdf
    • http://www.gorillawalker.com/mexico-nafta-and-the-hardships-of-progress-historical-patterns-and.pdf
    • http://www.gorillawalker.com/cosmic-kindle-edition.pdf
    • http://www.gorillawalker.com/drawing-cutting-edge-comics.pdf
    • http://www.gorillawalker.com/senioritis-kindle-edition.pdf
    • http://www.gorillawalker.com/in-search-of-margaret-fell.pdf
    • http://www.gorillawalker.com/tourist-s-guide-to-north-devon-and-the-exmoor-district.pdf
    • http://www.gorillawalker.com/pseudo-class-iii-malocclusion-a-challenge-in-orthodontics-diagnosis-treatment.pdf
    • http://www.gorillawalker.com/hellfrost-adventure-compendium-1-savage-worlds.pdf
    • http://www.gorillawalker.com/the-simple-heart-cure-the-90-day-program-to-stop.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.