Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ed6f8098ceea37d…

MALICIOUS

PDF

32.5 KB Created: 2019-05-18 14:49:50 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.1.0 (Windows))
MD5: 6bce1964762c388345c9a8fcf75c7f3c SHA-1: 966e5f7f80db73d0d98a72ff5271e07712dff6eb SHA-256: 0ed6f8098ceea37d38499c14dbb98a3618ef7f6a6c79c55454b018d5ef86cb29
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-history-of-science-volume-2.pdf
    • http://www.gorillawalker.com/rossini-illustrated-lives-of-the-great-composers-series.pdf
    • http://www.gorillawalker.com/divine-sounds-from-the-heart-singing-unfettered-in-their-own.pdf
    • http://www.gorillawalker.com/painless-junior-grammar-painless-junior-series.pdf
    • http://www.gorillawalker.com/along-the-trail-in-algonquin-park-with-ralph-bice.pdf
    • http://www.gorillawalker.com/teaching-adult-esol-principles-and-practice-developing-adult-skills.pdf
    • http://www.gorillawalker.com/nirv-gift-and-award-bible.pdf
    • http://www.gorillawalker.com/black-studs-mugs-and-thugs-vol-5-gangbangers-criminals-pimps.pdf
    • http://www.gorillawalker.com/graph-theory-and-complex-networks-an-introduction.pdf
    • http://www.gorillawalker.com/mobil-travel-guide-2008-texas-forbes-travel-guide-texas.pdf
    • http://www.gorillawalker.com/caught-in-the-middle-helping-children-to-cope-with-separaion.pdf
    • http://www.gorillawalker.com/librarian-s-guide-to-online-searching-3rd-edition.pdf
    • http://www.gorillawalker.com/galina-ustvolskaya-sonata-for-violin-and-piano.pdf
    • http://www.gorillawalker.com/phenomenological-sociology-experience-and-insight-in-modern-society-published-in.pdf
    • http://www.gorillawalker.com/wagon-wheels-a-contemporary-journey-on-the-oregon-trail.pdf
    • http://www.gorillawalker.com/own-her-warriors-of-hades-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/world-war-ii-the-definitive-visual-history.pdf
    • http://www.gorillawalker.com/television-identifying-propaganda-techniques-opposing-viewpoints-juniors.pdf
    • http://www.gorillawalker.com/greek-bronze-statuary-from-the-beginnings-through-the-fifth-century.pdf
    • http://www.gorillawalker.com/when-a-woman-lets-go-of-her-fears-the-amazing.pdf
    • http://www.gorillawalker.com/antichrist-devil-s-advocates.pdf
    • http://www.gorillawalker.com/corporate-success-through-people-making-international-labour-standards-work-for.pdf
    • http://www.gorillawalker.com/america-s-best-vegetable-recipes-666-ways-to-make-vegetables.pdf
    • http://www.gorillawalker.com/lazarus-and-the-hurricane-the-freeing-of-rubin-hurricane-carter.pdf
    • http://www.gorillawalker.com/charly-s-diary.pdf
    • http://www.gorillawalker.com/algebra-2-study-guide-and-intervention-workbook.pdf
    • http://www.gorillawalker.com/here-the-people-rule-selected-essays-landmarks-of-contemporary-political.pdf
    • http://www.gorillawalker.com/vietnam-war-almanac-vietnam-war-reference-library.pdf
    • http://www.gorillawalker.com/colloquial-english-a-course-for-non-native-speakers.pdf
    • http://www.gorillawalker.com/graphis-poster-annual-2016.pdf
    • http://www.gorillawalker.com/self-discovery.pdf
    • http://www.gorillawalker.com/the-birth-of-methodism-in-england.pdf
    • http://www.gorillawalker.com/possibilistic-approach-to-rotorcraft-design-implementation-with-a-multi-objective.pdf
    • http://www.gorillawalker.com/the-forest-unseen-a-year-s-watch-in-nature.pdf
    • http://www.gorillawalker.com/the-new-science-of-axiological-psychology-value-inquiry-book-169.pdf
    • http://www.gorillawalker.com/fertile-ground.pdf
    • http://www.gorillawalker.com/cardiovascular-diseases-perspectives-in-pediatric-pathology-vol-12.pdf
    • http://www.gorillawalker.com/dr-grauenhaft-und-dr-gruselitch-sex-blut-und-heavy-metal.pdf
    • http://www.gorillawalker.com/from-rain-to-rainbows.pdf
    • http://www.gorillawalker.com/mexican-anarchism-after-the-revolution.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.