Malicious PDF — malware analysis report

Static analysis result for SHA-256 1488ac849da5aa45…

MALICIOUS

PDF

45.6 KB Created: 2019-04-07 18:02:38 +03:00 Authoring application: - (via PDFlib Personalization Server 5.0.1 (COM/Win32) unlicensed)
MD5: 784684257998c4fa3816540e3eab9855 SHA-1: dc03130539bd9b91d2ccff238232a5cebd822903 SHA-256: 1488ac849da5aa45cdc134af1fa10c9e62455f0da69ddff807cef7d82760af00
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malware. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/domaine-chandon-the-first-french-owned-california-sparkling-wine-cellar.pdf
    • http://www.gorillawalker.com/invasion-new-york-invasion-america-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/core-studies-in-kansas-sedimentology-and-diagenesis-of-economically-important.pdf
    • http://www.gorillawalker.com/how-to-tap-your-ira-or-401-k-and-escape.pdf
    • http://www.gorillawalker.com/our-high-calling-practical-and-devotional-thoughts-on-personal-sanctification.pdf
    • http://www.gorillawalker.com/argentinien-land-meiner-tr.pdf
    • http://www.gorillawalker.com/mark-julian-vampire-p-i-the-case-of-the-heavenly.pdf
    • http://www.gorillawalker.com/aqa-nelson-skills-german-schreibs-auf-qa-nelson-german.pdf
    • http://www.gorillawalker.com/the-everything-drums-book-from-tuning-and-timing-to-fills.pdf
    • http://www.gorillawalker.com/the-ultimate-boys-book-of-devotions-365-daily-devotions-2.pdf
    • http://www.gorillawalker.com/red-money.pdf
    • http://www.gorillawalker.com/war-brothers-the-graphic-novel.pdf
    • http://www.gorillawalker.com/dermatology-therapy-a-to-z-essentials.pdf
    • http://www.gorillawalker.com/the-jews-of-italy-1848-1915-between-tradition-and-transformation.pdf
    • http://www.gorillawalker.com/the-rock-cycle-at-work-cycles-in-nature.pdf
    • http://www.gorillawalker.com/sensuality-and-sexuality-across-the-divide-of-shame-psychoanalytic-inquiry.pdf
    • http://www.gorillawalker.com/rock-and-roll-and-the-american-landscape-the-birth-of.pdf
    • http://www.gorillawalker.com/the-art-of-the-exposition.pdf
    • http://www.gorillawalker.com/back-on-the-road-to-serfdom-the-resurgence-of-statism.pdf
    • http://www.gorillawalker.com/children-with-cochlear-implants-in-the-educational-setting-clinical-competence.pdf
    • http://www.gorillawalker.com/principles-of-space-instrument-design-cambridge-aerospace-series.pdf
    • http://www.gorillawalker.com/the-complete-book-of-united-states-history.pdf
    • http://www.gorillawalker.com/duck-sock-hop.pdf
    • http://www.gorillawalker.com/historia-de-los-estados-unidos-spanish-edition.pdf
    • http://www.gorillawalker.com/brutalization-bloodlines-a-serial-thriller-episode-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-mask-handbook-a-practical-guide.pdf
    • http://www.gorillawalker.com/kevin-zraly-windows-on-the-world-complete-wine-course-30th.pdf
    • http://www.gorillawalker.com/el-estudio-de-caso-un-nuevo-horizonte-de-investigaci-n.pdf
    • http://www.gorillawalker.com/the-evolution-of-flamenco-entertainment-carlota-santana-s-troupe-shows.pdf
    • http://www.gorillawalker.com/digital-visual-fortran-programmer-s-guide-hp-technologies.pdf
    • http://www.gorillawalker.com/diary-of-titian-ramsay-peale-oregon-to-california-overland-journey.pdf
    • http://www.gorillawalker.com/engineering-labour-technical-workers-in-comparative-perspective-real-utopias-project.pdf
    • http://www.gorillawalker.com/magic-tree-house-fact-tracker-20-ghosts-a-nonfiction-companion.pdf
    • http://www.gorillawalker.com/rand-mcnally-hallwag-international-road-map-kenya-tanzania.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-bahamas-1-rough-guide-travel-guides.pdf
    • http://www.gorillawalker.com/the-migration-industry-and-the-commercialization-of-international-migration-global.pdf
    • http://www.gorillawalker.com/the-romantic.pdf
    • http://www.gorillawalker.com/taming-the-wild-cougar-heart-of-the-cougar-book-3.pdf
    • http://www.gorillawalker.com/the-wilmington-campaign-and-the-battle-for-fort-fisher.pdf
    • http://www.gorillawalker.com/african-accents-a-workbook-for-actors.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.