Malicious PDF — malware analysis report

Static analysis result for SHA-256 1217ccea4da2ce14…

MALICIOUS

PDF

42.0 KB Created: 2019-03-16 15:21:10 +03:00 Authoring application: pdfTeX-1.40.14 (via Revision 5)
MD5: d36958f4f28184d6498c41f7d1cc4cce SHA-1: 3e72f4dc6089d2120bfbec18f458395731cee359 SHA-256: 1217ccea4da2ce14e70b2d29c999233b21a13a0eb9e054ba45d1e3aab00df6ba
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mrs-lincoln-a-life.pdf
    • http://www.gorillawalker.com/disordini-temporomandibolari-un-percorso-per-raggiungere-il-benessere-italian-edition.pdf
    • http://www.gorillawalker.com/states-of-mind-american-and-post-soviet-perspectives-on-contemporary.pdf
    • http://www.gorillawalker.com/thy-brother-s-wife.pdf
    • http://www.gorillawalker.com/accidental-sorceress-hardstorm-saga-volume-2.pdf
    • http://www.gorillawalker.com/la-maison-du-chocolat-transcendent-desserts-by-the-legendary-chocolatier.pdf
    • http://www.gorillawalker.com/tower-of-power-silver-anniversary-revised-edition-personality.pdf
    • http://www.gorillawalker.com/the-good-wife-guide-19-rules-for-keeping-a-happy.pdf
    • http://www.gorillawalker.com/tres-hermanas-spanish-edition.pdf
    • http://www.gorillawalker.com/electron-microscopy-1992-first-edition.pdf
    • http://www.gorillawalker.com/images-of-excellence-carolina-basketball.pdf
    • http://www.gorillawalker.com/art-deco-design-mini-wall-calendar-2015-art-calendar.pdf
    • http://www.gorillawalker.com/domnall-and-the-borrowed-child.pdf
    • http://www.gorillawalker.com/photography-in-educational-research-critical-reflections-from-diverse-contexts.pdf
    • http://www.gorillawalker.com/topics-in-algebraic-and-analytic-geometry-mn-13-notes-from.pdf
    • http://www.gorillawalker.com/basic-college-mathematics-with-early-integers-3rd-edition.pdf
    • http://www.gorillawalker.com/fields-of-blessing.pdf
    • http://www.gorillawalker.com/inside-the-usa-resource-book-new-routes-in-geography.pdf
    • http://www.gorillawalker.com/jesus-an-emerging-jewish-mosaic-jewish-perspectives-post-holocaust-jewish.pdf
    • http://www.gorillawalker.com/book-of-when-where-when-what-who-s.pdf
    • http://www.gorillawalker.com/the-freelancer-s-business-book-everything-you-need-to-know.pdf
    • http://www.gorillawalker.com/the-collected-stories-of-jean-stafford.pdf
    • http://www.gorillawalker.com/title-41-public-contract-101-2011-title-41-public-contracts.pdf
    • http://www.gorillawalker.com/darfur-the-ambiguous-genocide.pdf
    • http://www.gorillawalker.com/linux-in-a-windows-world.pdf
    • http://www.gorillawalker.com/thomas-kinkade-painter-of-light-with-scripture-2014-engagement-calendar.pdf
    • http://www.gorillawalker.com/the-game-production-handbook.pdf
    • http://www.gorillawalker.com/buyer-be-wise-the-consumer-s-guide-to-buying-quality.pdf
    • http://www.gorillawalker.com/conversations-with-eritrean-political-prisoners.pdf
    • http://www.gorillawalker.com/adlerian-counseling-and-psychotherapy-a-practitioner-s-approach-fifth-edition.pdf
    • http://www.gorillawalker.com/the-best-of-500-ceramics-celebrating-a-decade-in-clay.pdf
    • http://www.gorillawalker.com/glory-in-mongolia.pdf
    • http://www.gorillawalker.com/project-seasons-hands-on-activities-for-discovering-the-wonders-of.pdf
    • http://www.gorillawalker.com/dave-grohl-nothing-to-lose-4th-edition.pdf
    • http://www.gorillawalker.com/dilbert-2015-weekly-planner-calendar.pdf
    • http://www.gorillawalker.com/the-bipolar-handbook-real-life-questions-with-up-to-date.pdf
    • http://www.gorillawalker.com/usa-weekend-the-big-book-of-frame-games.pdf
    • http://www.gorillawalker.com/barron-s-toefl-ibt-with-cd-rom-and-2-audio.pdf
    • http://www.gorillawalker.com/principles-of-applied-mathematics-advanced-book-program.pdf
    • http://www.gorillawalker.com/old-habits-die-hard-urban-renaissance.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.