Malicious PDF — malware analysis report

Static analysis result for SHA-256 10c66c3c22175641…

MALICIOUS

PDF

41.2 KB Created: 2018-12-11 20:45:16 +03:00 Authoring application: - (via Acrobat Distiller Daemon 3.0 for Solaris 2.3 and later (SPARC))
MD5: c6efe5cebc9574a581945623a82b0d00 SHA-1: 96b76d79d9c5848023f6ffd25335dae8c86cdc51 SHA-256: 10c66c3c22175641df153b7d1826f4ed2b1bb137c6324726fcf6837e806d06cd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged the PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/texas-pride.pdf
    • http://www.gorillawalker.com/how-to-draw-ghost-rider-marvel-super-heroes-series.pdf
    • http://www.gorillawalker.com/illustration-now-1.pdf
    • http://www.gorillawalker.com/an-itinerary-containing-his-ten-yeeres-travell-through-the-twelve.pdf
    • http://www.gorillawalker.com/hong-kong-singapore-bangkok.pdf
    • http://www.gorillawalker.com/adobe-photoshop-cs-for-photographers-professional-image-editor-s-guide.pdf
    • http://www.gorillawalker.com/fundamental-college-algebra.pdf
    • http://www.gorillawalker.com/quantum-physics-a-functional-integral-point-of-view.pdf
    • http://www.gorillawalker.com/how-to-choose-the-right-plants-for-your-garden-planting.pdf
    • http://www.gorillawalker.com/naturalist-s-guide-to-wetland-plants-kindle-edition.pdf
    • http://www.gorillawalker.com/mental-illness-affecting-marital-consent-1961.pdf
    • http://www.gorillawalker.com/on-the-ridge-between-life-and-death-a-climbing-life.pdf
    • http://www.gorillawalker.com/louise-the-adventures-of-a-chicken.pdf
    • http://www.gorillawalker.com/the-priesthood-understanding-man-s-purpose-in-god-s-original.pdf
    • http://www.gorillawalker.com/sister-sarah-s-no-no-sums32-kindle-edition.pdf
    • http://www.gorillawalker.com/wednesday-s-child.pdf
    • http://www.gorillawalker.com/auditing-and-assurance-services-an-intergrated-approach-and-acl-software.pdf
    • http://www.gorillawalker.com/riders.pdf
    • http://www.gorillawalker.com/the-complete-guitar-manual.pdf
    • http://www.gorillawalker.com/selecting-training-methods-competent-trainer-s-toolkit.pdf
    • http://www.gorillawalker.com/firestorm-anna-pigeon.pdf
    • http://www.gorillawalker.com/columbia-a-general-survey.pdf
    • http://www.gorillawalker.com/persuasive-writing-grades-4-8.pdf
    • http://www.gorillawalker.com/bellinzona.pdf
    • http://www.gorillawalker.com/fred-zinnemann-an-autobiography.pdf
    • http://www.gorillawalker.com/sex-and-the-christian-ebook-shorts-kindle-edition.pdf
    • http://www.gorillawalker.com/lucian-freud-painting-people-introduction-by-martin-gayford.pdf
    • http://www.gorillawalker.com/bodies-of-light-enlightenment-for-every-body.pdf
    • http://www.gorillawalker.com/frame-93-the-great-indoors.pdf
    • http://www.gorillawalker.com/island-english-for-micronesia-guide.pdf
    • http://www.gorillawalker.com/beta-lapachone-a-natural-cure.pdf
    • http://www.gorillawalker.com/a-moseley-miscellany-prose-and-verse-1997-2012.pdf
    • http://www.gorillawalker.com/my-voice-will-go-with-you-the-teaching-tales-of.pdf
    • http://www.gorillawalker.com/five-days-in-skye-a-novel-macdonald-family-series.pdf
    • http://www.gorillawalker.com/where-and-how-to-sell-your-photographs.pdf
    • http://www.gorillawalker.com/the-audubon-backyard-birdwatcher-birdfeeders-and-bird-gardens.pdf
    • http://www.gorillawalker.com/vectors-matrices-and-c-code-download-pdf-digital.pdf
    • http://www.gorillawalker.com/captive-dreams-berkley-sensation.pdf
    • http://www.gorillawalker.com/topology-of-metric-spaces.pdf
    • http://www.gorillawalker.com/journeys-and-adventures-of-captain-hatteras-1867-in-russian-language.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.