Malicious PDF — malware analysis report

Static analysis result for SHA-256 0fceff4e928c3a67…

MALICIOUS

PDF

44.7 KB Created: 2019-03-16 14:27:14 +03:00 Authoring application: Adobe InDesign CC 2014 (Windows) (via Adobe PDF Library 11.0)
MD5: 6218c40126e492d7f7661326cceb9f46 SHA-1: b4941b309f84d565f7bb28347d63be04d1fe50de SHA-256: 0fceff4e928c3a6743cb4687497f14ccf9a1fdca48d732017470ff1babee032f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/industrial-marketing-analysis-planning-and-control.pdf
    • http://www.gorillawalker.com/tivoli-gardens.pdf
    • http://www.gorillawalker.com/photo-book-dream-trip-1-yosakoi-festival-in-sendai-city.pdf
    • http://www.gorillawalker.com/student-workbook-for-aufmann-lockwood-s-beginning-algebra-with-applications.pdf
    • http://www.gorillawalker.com/fallon-supercarrier-in-the-desert-superbase-8.pdf
    • http://www.gorillawalker.com/being-assertive-finding-the-sweet-spot-between-passive-aggressive.pdf
    • http://www.gorillawalker.com/norfolk-western-s-y-class-articulated-steam-locomotives.pdf
    • http://www.gorillawalker.com/bargain-babe-penny-wise-secrets-to-living-on-the-cheap.pdf
    • http://www.gorillawalker.com/your-whispering-homunculus.pdf
    • http://www.gorillawalker.com/windows-and-linux-integration-hands-on-solutions-for-a-mixed.pdf
    • http://www.gorillawalker.com/business-applications-of-microcomputers-and-information-technology.pdf
    • http://www.gorillawalker.com/guide-to-bush-flying-concepts-and-techniques-for-the-pro.pdf
    • http://www.gorillawalker.com/evaluation-of-criminal-responsibility-in-multiple-personality-and-the-related.pdf
    • http://www.gorillawalker.com/internet-and-technology-law-desk-reference-2002.pdf
    • http://www.gorillawalker.com/hide-and-seek-jess-tennant-mysteries.pdf
    • http://www.gorillawalker.com/trapped-the-blackmail-club-collection-1.pdf
    • http://www.gorillawalker.com/planning-and-human-rights.pdf
    • http://www.gorillawalker.com/seew-lfe-piraten-der-weltmeere-137-berlistet-german-edition.pdf
    • http://www.gorillawalker.com/methylprednisolone-treats-inflammation-severe-allergies-arthritis-asthma-blood-or-bone.pdf
    • http://www.gorillawalker.com/public-policy-in-canada-an-introduction-6-e.pdf
    • http://www.gorillawalker.com/quick-cheap-comfort-food-100-fresh-recipes-for-meals-in.pdf
    • http://www.gorillawalker.com/compact-i-public-administration-in-complexity.pdf
    • http://www.gorillawalker.com/leed-bd-c-mock-exam-questions-answers-and-explanations-a.pdf
    • http://www.gorillawalker.com/emperor-pickletine-rides-the-bus-origami-yoda.pdf
    • http://www.gorillawalker.com/china-urban-mass-transit-annual-report-2010.pdf
    • http://www.gorillawalker.com/principles-of-polymer-processing-society-of-plastics-engineers-monographs.pdf
    • http://www.gorillawalker.com/pronto-let-s-cook-italian-in-20-minutes.pdf
    • http://www.gorillawalker.com/the-career-chronicles-an-insider-s-guide-to-what-jobs.pdf
    • http://www.gorillawalker.com/tenahaha-and-the-wari-state-a-view-of-the-middle.pdf
    • http://www.gorillawalker.com/fool-s-gold-volume-2-fool-s-gold-tokyopop.pdf
    • http://www.gorillawalker.com/the-theory-of-sets-of-points-cambridge-library-collection-mathematics.pdf
    • http://www.gorillawalker.com/catecismo-cat-lico-de-los-estados-unidos-para-los-adultos.pdf
    • http://www.gorillawalker.com/strindberg-and-genre-series-a-scandinavian-literary-history-and-criticism.pdf
    • http://www.gorillawalker.com/federal-rules-of-civil-procedure-amendments-received-to-may-19.pdf
    • http://www.gorillawalker.com/management-of-technological-change-in-the-catering-industry.pdf
    • http://www.gorillawalker.com/handbook-of-coastal-and-ocean-engineering-vol-2-offshore-structures.pdf
    • http://www.gorillawalker.com/mission-to-sonora-the-bluenight-series.pdf
    • http://www.gorillawalker.com/gale-encyclopedia-of-senior-health-5-volume-set.pdf
    • http://www.gorillawalker.com/bedside-limericks-a-book-of-ridiculous-rhymes-all-about-the.pdf
    • http://www.gorillawalker.com/horace-satires-and-epistles.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.