Malicious PDF — malware analysis report

Static analysis result for SHA-256 156f660d0a6433a6…

MALICIOUS

PDF

43.9 KB Created: 2018-11-26 20:09:25 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: a0cf034c5c869c89d616e12e6bbdda15 SHA-1: fa73eb1acd8f288544b3104b669c1e97c75d8067 SHA-256: 156f660d0a6433a6d3d7e9951c0b862dc5c720ed8e150c224bab42bacab1a6e8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mommy-and-daddy-are-getting-divorced.pdf
    • http://www.gorillawalker.com/geoinformation-remote-sensing-photogrammetry-and-geographic-information-systems.pdf
    • http://www.gorillawalker.com/tibetan-treasure-literature-revelation-tradition-and-accomplishment-in-visionary-buddhism.pdf
    • http://www.gorillawalker.com/media-and-conflict-escalating-evil-media-and-power.pdf
    • http://www.gorillawalker.com/polymers-in-confined-environments-advances-in-polymer-science.pdf
    • http://www.gorillawalker.com/humorous-happenings-in-holy-places.pdf
    • http://www.gorillawalker.com/whelks-to-whales-coastal-marine-life-of-the-pacific-northwest.pdf
    • http://www.gorillawalker.com/clair-de-lune-cd-82-3-piano-solo-urtext-kindle.pdf
    • http://www.gorillawalker.com/stuffed-and-pleased-bundle-3-short-stories-taboo-first-time.pdf
    • http://www.gorillawalker.com/guide-to-contract-pricing-cost-and-price-analysis-for-contractors.pdf
    • http://www.gorillawalker.com/un-d-a-con-mis-t-as-a-day-with.pdf
    • http://www.gorillawalker.com/the-natural-physician-s-healing-therapies.pdf
    • http://www.gorillawalker.com/your-daydreams-doodles-journal.pdf
    • http://www.gorillawalker.com/the-little-book-of-schiaparelli.pdf
    • http://www.gorillawalker.com/little-book-of-fred-fred-s-life-was-always-full.pdf
    • http://www.gorillawalker.com/paddington-abroad.pdf
    • http://www.gorillawalker.com/suburban-bliss-a-female-led-marriage-a-devoted-domestic-three.pdf
    • http://www.gorillawalker.com/the-zoogeography-and-evolution-of-some-fleas-lice-and-mammals.pdf
    • http://www.gorillawalker.com/wildlife-of-australia-face-to-face-uk-version-wild-animals.pdf
    • http://www.gorillawalker.com/fungal-diseases-and-their-management-in-horticultural-crops.pdf
    • http://www.gorillawalker.com/effective-communication-in-multicultural-health-care-settings-communicating-effectively-in.pdf
    • http://www.gorillawalker.com/yes-you-can-time-the-market.pdf
    • http://www.gorillawalker.com/suggestion-and-autosuggestion-a-psychological-and-pedagogical-study.pdf
    • http://www.gorillawalker.com/the-enchanted-table-enid-blyton-star-reads.pdf
    • http://www.gorillawalker.com/medicine-that-walks-disease-medicine-and-canadian-plains-native-people.pdf
    • http://www.gorillawalker.com/the-statistical-analysis-of-interval-censored-failure-time-data-statistics.pdf
    • http://www.gorillawalker.com/khj-inside-boss-radio.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-veterinary-technology-3e.pdf
    • http://www.gorillawalker.com/the-obsession-kindle-edition.pdf
    • http://www.gorillawalker.com/number-training-your-brain.pdf
    • http://www.gorillawalker.com/cla-cp-study-guide-and-mock-examination-test-preparation.pdf
    • http://www.gorillawalker.com/a-johnny-reb-band-from-salem-the-pride-of-tarheelia.pdf
    • http://www.gorillawalker.com/liturgy-of-st-john-chrysostom.pdf
    • http://www.gorillawalker.com/fezzes-in-the-river-identity-politics-and-european-diplomacy-in.pdf
    • http://www.gorillawalker.com/iran-and-the-surrounding-world-interactions-in-culture-and-cultural.pdf
    • http://www.gorillawalker.com/the-isis-conspiracy-how-israel-and-the-west-manipulate-our.pdf
    • http://www.gorillawalker.com/embark-2015-youth-theme.pdf
    • http://www.gorillawalker.com/handwriting-years-3-4-years-3-4-scholastic-english-skills.pdf
    • http://www.gorillawalker.com/orfeo-nelle-indie-i-gesuiti-e-la-musica-in-paraguay.pdf
    • http://www.gorillawalker.com/poetiche-fantasie-dolce-stilnovo-giordaniano-vol-1-italian-edition-kindle.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.