Malicious PDF — malware analysis report

Static analysis result for SHA-256 10019b13515dfbb8…

MALICIOUS

PDF

42.8 KB Created: 2018-12-28 08:09:08 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 323d310eb834df39cdd2c3c034b961ea SHA-1: 9c7e00ba1880dc18fee28439d6f26b55a18f7661 SHA-256: 10019b13515dfbb8b0026739d34b3727197929b278d3e51cb6c4f0fb87a918e2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a large collection of documents on the domain 'gorillawalker.com', which is a common tactic for SEO manipulation or distributing further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/drug-safety-pharmacovigilance-pharmacoepidmiology-database.pdf
    • http://www.gorillawalker.com/fractured-tales-of-milwaukee-s-eastside-a-true-story-about.pdf
    • http://www.gorillawalker.com/network-basics-course-booklet-course-booklets.pdf
    • http://www.gorillawalker.com/the-collected-poems-of-nikos-kavadias-the-modern-greek-literature.pdf
    • http://www.gorillawalker.com/100-trait-specific-comments-a-quick-guide-for-giving-constructive.pdf
    • http://www.gorillawalker.com/sport-in-a-changing-world-second-edition.pdf
    • http://www.gorillawalker.com/basics-in-adolescent-medicine-a-practical-manual-of-signs-symptoms.pdf
    • http://www.gorillawalker.com/superintendent-a-novel.pdf
    • http://www.gorillawalker.com/criminal-profiling-third-edition-an-introduction-to-behavioral-evidence-analysis.pdf
    • http://www.gorillawalker.com/lose-weight-get-laid-find-god-the-all-in-one.pdf
    • http://www.gorillawalker.com/test-success-test-taking-techniques-for-beginning-nursing-students-4th.pdf
    • http://www.gorillawalker.com/the-perfect-legal-resume.pdf
    • http://www.gorillawalker.com/lane-s-end-a-fitzjohn-mystery-fitzjohn-mystery-series-volume.pdf
    • http://www.gorillawalker.com/a-real-winner-b1-footprint-reading-library.pdf
    • http://www.gorillawalker.com/sheherazade-the-merchant-and-the-genie-the-two-black-dogs.pdf
    • http://www.gorillawalker.com/laser-systems-and-applications.pdf
    • http://www.gorillawalker.com/rural-development-theory-and-practice-routledge-studies-in-development-and.pdf
    • http://www.gorillawalker.com/ansible-configuration-management-second-edition.pdf
    • http://www.gorillawalker.com/make-love-not-war-the-sexual-revolution-an-unfettered-history.pdf
    • http://www.gorillawalker.com/consumer-protection-for-africa-report-of-the-africa-conference-harrare.pdf
    • http://www.gorillawalker.com/glamour-addiction-inside-the-american-ballroom-dance-industry-hardcover-2006.pdf
    • http://www.gorillawalker.com/selma-lagerl-f-swedish-edition.pdf
    • http://www.gorillawalker.com/a-wicked-snow-kindle-edition.pdf
    • http://www.gorillawalker.com/the-black-giant-a-history-of-the-east-texas-oil.pdf
    • http://www.gorillawalker.com/how-to-draw-the-life-and-times-of-james-k.pdf
    • http://www.gorillawalker.com/handbook-of-pediatric-psychology-third-edition.pdf
    • http://www.gorillawalker.com/dental-pulp-stem-cells-springerbriefs-in-stem-cells.pdf
    • http://www.gorillawalker.com/the-open-adoption-experience-a-complete-guide-for-adoptive-and.pdf
    • http://www.gorillawalker.com/canc-n-1-40-000-riviera-maya-mexico-guide-dive.pdf
    • http://www.gorillawalker.com/max-und-moritz-auf-chinesisch.pdf
    • http://www.gorillawalker.com/a-tank-squadron-commander-outwits-a-corps-commander.pdf
    • http://www.gorillawalker.com/adventures-with-a-historian-the-life-and-times-of-john.pdf
    • http://www.gorillawalker.com/piano-hill.pdf
    • http://www.gorillawalker.com/destined-to-survive-a-dieppe-veteran-s-story-kindle-edition.pdf
    • http://www.gorillawalker.com/it-s-easy-to-play-mozart.pdf
    • http://www.gorillawalker.com/wisdom.pdf
    • http://www.gorillawalker.com/paying-for-the-party-how-college-maintains-inequality.pdf
    • http://www.gorillawalker.com/knowledge-and-inquiry-readings-in-epistemology.pdf
    • http://www.gorillawalker.com/mindful-inquiry-in-social-research.pdf
    • http://www.gorillawalker.com/pericles-the-rise-and-fall-of-athenian-democracy-leaders-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.