Malicious PDF — malware analysis report

Static analysis result for SHA-256 11c61a206e196981…

MALICIOUS

PDF

43.4 KB Created: 2019-03-17 06:33:18 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: 67ab53f726b7d35948f78899b1f98f54 SHA-1: 8ea7682d02ed6db7ce99747f34634a6c90ed8794 SHA-256: 11c61a206e196981d5541efee8cb36a86b5241ab026b1cc3fc63059565a71332
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/out-of-africa-and-shadows-on-the-grass-edition-unknown.pdf
    • http://www.gorillawalker.com/basic-principles-of-the-technique-of-18th-and-19th-century.pdf
    • http://www.gorillawalker.com/how-to-thrive-as-a-solo-librarian.pdf
    • http://www.gorillawalker.com/havana-casas-particulares-reviews-and-photos-of-the-best-apartment.pdf
    • http://www.gorillawalker.com/advanced-hypnotherapy-scripts-collection-quit-smoking-scripts-a-collection-of.pdf
    • http://www.gorillawalker.com/john-woolman-and-the-20th-century-pendle-hill-pamphlets-book.pdf
    • http://www.gorillawalker.com/punch-or-the-london-charivari-volume-103-july-9-1892.pdf
    • http://www.gorillawalker.com/jazz-guitar-workshop-walking-bass-lines-the-blues-in-12.pdf
    • http://www.gorillawalker.com/tragedy-and-hope-101-the-illusion-of-justice-freedom-and.pdf
    • http://www.gorillawalker.com/computational-studies-of-new-materials-ii-from-ultrafast-processes-and.pdf
    • http://www.gorillawalker.com/escrito-por-los-otros-ensayos-sobre-los-libros-de-luis.pdf
    • http://www.gorillawalker.com/intense-electron-and-ion-beams-particle-acceleration-and-detection.pdf
    • http://www.gorillawalker.com/time-of-my-life.pdf
    • http://www.gorillawalker.com/dream-room-tales-of-the-dixie-mafia.pdf
    • http://www.gorillawalker.com/grotesque-in-church-art.pdf
    • http://www.gorillawalker.com/let-her-speak-transcript-of-texas-sate-senator-wendy-davis.pdf
    • http://www.gorillawalker.com/red-orchestra-the-story-of-the-berlin-underground-and-the.pdf
    • http://www.gorillawalker.com/seaside-interiors-interiors-taschen.pdf
    • http://www.gorillawalker.com/trait-de-m-decine-ost-opathique-du-cr-ne-et.pdf
    • http://www.gorillawalker.com/wings-of-retribution-millennium-potion.pdf
    • http://www.gorillawalker.com/social-work-research-methods-four-alternative-paradigms.pdf
    • http://www.gorillawalker.com/heal-your-liver-detoxify-and-repair-your-liver-with-the.pdf
    • http://www.gorillawalker.com/the-original-incidents-of-poems-sinologica.pdf
    • http://www.gorillawalker.com/essential-guide-to-acute-care.pdf
    • http://www.gorillawalker.com/una-carga-de-valor-libro-6-de-el-anillo-del.pdf
    • http://www.gorillawalker.com/andean-express-kindle-edition.pdf
    • http://www.gorillawalker.com/vocal-aerobics-a-complete-fitness-program-for-your-voice.pdf
    • http://www.gorillawalker.com/mental-health-module-23.pdf
    • http://www.gorillawalker.com/i-have-to-go-classic-munsch.pdf
    • http://www.gorillawalker.com/turn-around-program-cookbook-weight-watchers-flex-and-core-plans.pdf
    • http://www.gorillawalker.com/concerto-for-2-violins-in-b-flat-major-rv-524.pdf
    • http://www.gorillawalker.com/don-t-know-why-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/a-mom-s-prayers-for-her-son-praying-for-every.pdf
    • http://www.gorillawalker.com/generalized-seizures-pipeline-review-q2-2011-download-pdf-digital.pdf
    • http://www.gorillawalker.com/let-s-go-london-oxford-cambridge-the-student-travel-guide.pdf
    • http://www.gorillawalker.com/a-most-unsuitable-earl-marriage-by-scandal-book-2.pdf
    • http://www.gorillawalker.com/the-adventures-of-peanut-the-sugar-glider.pdf
    • http://www.gorillawalker.com/the-people-trade-pacific-island-laborers-and-new-caledonia-1865.pdf
    • http://www.gorillawalker.com/the-eucharistic-liturgies-their-evolution-and-interpretation.pdf
    • http://www.gorillawalker.com/company-tax-planning-handbook-2015-2016.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.