Malicious PDF — malware analysis report

Static analysis result for SHA-256 0edb9d0d9dbad783…

MALICIOUS

PDF

44.4 KB Created: 2019-03-17 07:51:41 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Acrobat Distiller 11.0 (Windows))
MD5: 12bf42aba734a312a2f11ae4e98484f1 SHA-1: d2f6e83fac43c878b381f4f076df566c39d6705e SHA-256: 0edb9d0d9dbad78394d7670e8bf21072b6fff58d75083cc94b2972795377465e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/scholastic-reader-level-2-dinosaurs.pdf
    • http://www.gorillawalker.com/lydia-and-maynard-the-letters-of-lydia-lopokova-and-john.pdf
    • http://www.gorillawalker.com/the-book-of-woe-the-dsm-and-the-unmaking-of.pdf
    • http://www.gorillawalker.com/5-fluorouracil-for-basal-cell-carcinoma-guide-to-patient-experience.pdf
    • http://www.gorillawalker.com/the-joint-commission-guide-to-improving-staff-communication-second-edition.pdf
    • http://www.gorillawalker.com/the-alpha-group-complete-collection.pdf
    • http://www.gorillawalker.com/trends-and-issues-in-global-tourism-2011.pdf
    • http://www.gorillawalker.com/count-milkula.pdf
    • http://www.gorillawalker.com/diabetes-sourcebook-basic-information-about-insulin-dependent-and-noninsulin-dependent.pdf
    • http://www.gorillawalker.com/the-dime-novel-companion-a-source-book.pdf
    • http://www.gorillawalker.com/volume-2-world-cinema-the-greatest-actresses-of-all-time.pdf
    • http://www.gorillawalker.com/deleuze-and-the-non-west-volume-7-issue-1-deleuze.pdf
    • http://www.gorillawalker.com/seducing-the-billionaire-s-secretary.pdf
    • http://www.gorillawalker.com/love-based-copywriting-how-to-write-copy-that-attracts-inspires.pdf
    • http://www.gorillawalker.com/the-way-of-shikishima-waka-theory-and-practice-in-early.pdf
    • http://www.gorillawalker.com/evil-days-thirty-years-of-war-and-famine-in-ethiopia.pdf
    • http://www.gorillawalker.com/uniform-building-code-1994.pdf
    • http://www.gorillawalker.com/new-directions-for-strings-cello-book-2.pdf
    • http://www.gorillawalker.com/the-world-s-stupidest-criminals-a-comical-collection-of-400.pdf
    • http://www.gorillawalker.com/triangular-sorters-a-vlsi-systolic-architecture-for-sorting-git-ics.pdf
    • http://www.gorillawalker.com/the-law-of-employment-discrimination-cases-and-materials-university-casebook.pdf
    • http://www.gorillawalker.com/body-plethysmography.pdf
    • http://www.gorillawalker.com/great-americans-in-sports-drew-brees.pdf
    • http://www.gorillawalker.com/the-kitchen-doctor-recipes-of-diabetes-friendly-foods.pdf
    • http://www.gorillawalker.com/kant-as-philosophical-theologian.pdf
    • http://www.gorillawalker.com/economics-of-the-welfare-state.pdf
    • http://www.gorillawalker.com/weight-watchers-momentum-book-1-10.pdf
    • http://www.gorillawalker.com/reeds-astro-navigation-tables-2008.pdf
    • http://www.gorillawalker.com/collins-greek-phrasebook-collins-gem-by-collins-uk-third-edition.pdf
    • http://www.gorillawalker.com/the-fiber-optic-gyroscope.pdf
    • http://www.gorillawalker.com/my-soul-finds-rest-in-god-alone-sermons-on-the.pdf
    • http://www.gorillawalker.com/sea-and-sardinia.pdf
    • http://www.gorillawalker.com/biogeochemistry-second-edition-an-analysis-of-global-change.pdf
    • http://www.gorillawalker.com/course-in-divinity-and-general-collectanea-of-items-by-and.pdf
    • http://www.gorillawalker.com/serafina-s-promise.pdf
    • http://www.gorillawalker.com/marine-steam-turbines-marine-engineering-design-and-installation-series.pdf
    • http://www.gorillawalker.com/eudaimonic-ethics-the-philosophy-and-psychology-of-living-well-routledge.pdf
    • http://www.gorillawalker.com/aluminum-recycling-second-edition-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/fundamentals-of-microfabrication-the-science-of-miniaturization-second-edition.pdf
    • http://www.gorillawalker.com/raoul-wallenberg-the-man-who-stopped-death-young-biography-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.