Malicious PDF — malware analysis report

Static analysis result for SHA-256 10f69905183feb98…

MALICIOUS

PDF

45.9 KB Created: 2018-12-11 20:44:45 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: fd7fcfbb906f8d1dae9566916f3da640 SHA-1: 49d9929ccdf2880cf472dc36fbefacc3e706d6f4 SHA-256: 10f69905183feb98cf65202f70daa249014bfb89e1aa85901de3baa9fc2f74cd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8640

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stock-trader-s-almanac-2013.pdf
    • http://www.gorillawalker.com/saving-big-ben-the-saga-of-the-u-s-s.pdf
    • http://www.gorillawalker.com/input-output-economics-theory-and-applications-featuring-asian-economies.pdf
    • http://www.gorillawalker.com/adobe-illustrator-for-fashion-design-plus-myfashionkit-access-card-package.pdf
    • http://www.gorillawalker.com/frommer-s-walt-disney-world-orlando-2000-frommer-s-walt.pdf
    • http://www.gorillawalker.com/advances-in-wind-farming-proceedings-of-the-international-conference-and.pdf
    • http://www.gorillawalker.com/students-handbook-of-formulas-data-and-equations.pdf
    • http://www.gorillawalker.com/paleo-ricette-per-la-cena-ricette-per-una-cena-paleo.pdf
    • http://www.gorillawalker.com/provence-guides-verts-french-edition.pdf
    • http://www.gorillawalker.com/jokes-for-kids-400-funny-jokes-for-kids-funny-jokes.pdf
    • http://www.gorillawalker.com/mastering-11-maths-numerical-reasoning-practice-book-1.pdf
    • http://www.gorillawalker.com/caillou-en-el-restaurante-caillou-out-and-about-spanish-edition.pdf
    • http://www.gorillawalker.com/vector-analysis-and-quaternions-mathematical-monographs-volume-8.pdf
    • http://www.gorillawalker.com/sacred-unity-further-steps-to-an-ecology-of-mind.pdf
    • http://www.gorillawalker.com/blues-scatitudes-vocal-improvisations-of-the-blues-book-cd.pdf
    • http://www.gorillawalker.com/richard-scarry-s-a-day-at-the-fire-station-pictureback.pdf
    • http://www.gorillawalker.com/santa-365-a-chet-and-bernie-eshort-story-the-chet.pdf
    • http://www.gorillawalker.com/professional-angularjs.pdf
    • http://www.gorillawalker.com/an-introduction-to-continuum-mechanics.pdf
    • http://www.gorillawalker.com/the-prevalence-of-deceit.pdf
    • http://www.gorillawalker.com/strings-attached-aids-and-the-rise-of-transnational-connections-in.pdf
    • http://www.gorillawalker.com/modern-romance-september-2015-books-5-8-digital.pdf
    • http://www.gorillawalker.com/studies-in-the-intellectual-history-of-tokugawa-japan-american-council.pdf
    • http://www.gorillawalker.com/comer-para-correr-consejos-y-recetas-para-hacer-sencilla-la.pdf
    • http://www.gorillawalker.com/how-to-build-a-bobber-on-a-budget-motorbooks-workshop.pdf
    • http://www.gorillawalker.com/the-art-of-critical-reading-brushing-up-on-your-reading.pdf
    • http://www.gorillawalker.com/atlas-der-augenheilkunde-springer-lehrbuch-german-edition.pdf
    • http://www.gorillawalker.com/the-deeds-of-louis-the-fat.pdf
    • http://www.gorillawalker.com/visit-montenegro-visit-montenegro-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/smith-thomas-a-casebook-on-contract.pdf
    • http://www.gorillawalker.com/vegetarian-cooking-stir-fried-sweet-potato-leaves-and-shimeji-mushrooms.pdf
    • http://www.gorillawalker.com/biologia-para-principiantes-biology-for-beginners-spanish-edition.pdf
    • http://www.gorillawalker.com/the-untold-love-story-marie-antoinette-count-fersen.pdf
    • http://www.gorillawalker.com/minow-and-the-wasteland-time-manner-and-place-newton-minow.pdf
    • http://www.gorillawalker.com/the-guardian-angel.pdf
    • http://www.gorillawalker.com/theory-of-association-schemes-springer-monographs-in-mathematics.pdf
    • http://www.gorillawalker.com/the-plant-disease-clinic-and-field-diagnosis-of-abiotic-diseases.pdf
    • http://www.gorillawalker.com/files-on-jfk-interviews-with-confessed-assassin-james-e-files.pdf
    • http://www.gorillawalker.com/bundle-college-algebra-and-trigonometry-7th-enhanced-webassign-homework-with.pdf
    • http://www.gorillawalker.com/creative-capital-managing-private-wealth-in-a-complex-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.