Malicious PDF — malware analysis report

Static analysis result for SHA-256 0eb9aaa914f21b9c…

MALICIOUS

PDF

42.9 KB Created: 2019-04-03 18:17:41 +03:00 Authoring application: DVIPSONE 2.2.4 http://www.YandY.com (via Acrobat Distiller 7.0.5 (Windows))
MD5: b78ea553d95b821cead573854b78a1dd SHA-1: dcb425128eefa85001d3c668f0562f16df5f600d SHA-256: 0eb9aaa914f21b9ca0b51ad3105132df8b5a1810ebb6d60aa0994b5bd9b90717
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This pattern is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this document as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-vor-game.pdf
    • http://www.gorillawalker.com/venza-sus-temores-ansiedad-fobia-y-p-nico-masters-salud.pdf
    • http://www.gorillawalker.com/le-black-cat-saloon-french-edition.pdf
    • http://www.gorillawalker.com/four-centuries-of-fashion-classical-kimono-from-the-kyoto-national.pdf
    • http://www.gorillawalker.com/hybrid-electric-vehicle-manufacturing-industry-market-research-report-download-pdf.pdf
    • http://www.gorillawalker.com/hotel-organisation-and-front-office-management.pdf
    • http://www.gorillawalker.com/governor-s-hot-kinky-wife-interracial-obsessions-volume-two.pdf
    • http://www.gorillawalker.com/the-postcolonial-studies-dictionary.pdf
    • http://www.gorillawalker.com/mastering-autodesk-revit-architecture-2015-autodesk-official-press.pdf
    • http://www.gorillawalker.com/fluid-structure-interactions-cross-flow-induced-instabilities.pdf
    • http://www.gorillawalker.com/365-everyday-games-pastimes-something-fun-for-everyone.pdf
    • http://www.gorillawalker.com/history-of-the-kuykendall-family-since-its-settlement-in-dutch.pdf
    • http://www.gorillawalker.com/the-life-of-gampopa.pdf
    • http://www.gorillawalker.com/delicious-the-art-and-life-of-wayne-thiebaud.pdf
    • http://www.gorillawalker.com/cultural-roundabouts-spanish-film-and-novel-on-the-road.pdf
    • http://www.gorillawalker.com/mussette-in-d-major-bwv-anh-126-early-intermediate-piano.pdf
    • http://www.gorillawalker.com/judicial-applications-of-artificial-intelligence.pdf
    • http://www.gorillawalker.com/1-and-2-peter-macarthur-bible-studies.pdf
    • http://www.gorillawalker.com/modern-mix-curating-personal-style-with-chic-accessible-finds.pdf
    • http://www.gorillawalker.com/body-and-will-being-an-essay-concerning-will-in-its.pdf
    • http://www.gorillawalker.com/robert-wilson-routledge-performance-practitioners.pdf
    • http://www.gorillawalker.com/search-for-the-purebloods-oklahoma-museum-of-natural-history.pdf
    • http://www.gorillawalker.com/the-fire-and-the-light-book-one-of-the-souls.pdf
    • http://www.gorillawalker.com/applied-superconductivity-1997-proceedings-of-eucas-1997-the-third-european.pdf
    • http://www.gorillawalker.com/club-reduce-5-week-candida-weight-loss-program.pdf
    • http://www.gorillawalker.com/why-not-women-a-biblical-study-of-women-in-missions.pdf
    • http://www.gorillawalker.com/fallen-secrets-kindle-edition.pdf
    • http://www.gorillawalker.com/the-ferrari-in-the-bedroom.pdf
    • http://www.gorillawalker.com/el-necronomicon-spanish-edition.pdf
    • http://www.gorillawalker.com/canadian-law-dictionary.pdf
    • http://www.gorillawalker.com/the-ibanker-kindle-edition.pdf
    • http://www.gorillawalker.com/your-first-business-plan-a-simple-question-and-answer-format.pdf
    • http://www.gorillawalker.com/electrical-machines-drives-volume-volume-two-fourth-edition-applied-electricity.pdf
    • http://www.gorillawalker.com/annotated-guide-to-robert-e-howard-s-sword-and-sorcery.pdf
    • http://www.gorillawalker.com/bad-boys-an-inside-look-at-the-detriot-piston-s.pdf
    • http://www.gorillawalker.com/laser-guidebook.pdf
    • http://www.gorillawalker.com/noisy-peekaboo-choo-choo.pdf
    • http://www.gorillawalker.com/studies-in-canon-law-presented-to-p-j-m-huizing.pdf
    • http://www.gorillawalker.com/black-mask-pulp-story-reader-6-stories-from-the-october.pdf
    • http://www.gorillawalker.com/strengthening-the-soul-of-your-leadership-seeking-god-in-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://www.YandY.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.