Malicious PDF — malware analysis report

Static analysis result for SHA-256 16171a4392a4b057…

MALICIOUS

PDF

41.7 KB Created: 2018-11-23 08:00:20 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 49f08b706cdff0cf6fbfdfe1f7b321ef SHA-1: 7bc0562b288761b8f53c7752eaecd05177c3eecf SHA-256: 16171a4392a4b057537bf711fb60135bae6c78df1b9509685e371f822023f5ff
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beautiful-boys.pdf
    • http://www.gorillawalker.com/dark-souls-the-official-guide.pdf
    • http://www.gorillawalker.com/the-footsteps-of-israel-understanding-jews-in-anglo-saxon-england.pdf
    • http://www.gorillawalker.com/words-that-transform-preaching-as-a-catalyst-for-renewal.pdf
    • http://www.gorillawalker.com/accountability-in-athenian-government-wisconsin-studies-in-classics.pdf
    • http://www.gorillawalker.com/quantum-change-when-epiphanies-and-sudden-insights-transform-ordinary-lives.pdf
    • http://www.gorillawalker.com/predatory-animals-a-paranormal-thriller.pdf
    • http://www.gorillawalker.com/fort-halifax-winslow-s-historic-outpost-landmarks.pdf
    • http://www.gorillawalker.com/effective-time-management-how-to-save-time-and-spend-it.pdf
    • http://www.gorillawalker.com/origins-of-classical-architecture-temples-orders-and-gifts-to-the.pdf
    • http://www.gorillawalker.com/coaching-pattern-read-coverage-kindle-edition.pdf
    • http://www.gorillawalker.com/india-burma-and-ceylon-information-for-travellers-and-residents.pdf
    • http://www.gorillawalker.com/a-history-of-us-book-8-an-age-of-extremes.pdf
    • http://www.gorillawalker.com/hspa-success-in-mathematics-student-workbook-nj-hspa.pdf
    • http://www.gorillawalker.com/current-therapy-in-reptile-medicine-and-surgery-1e.pdf
    • http://www.gorillawalker.com/violin-concerto-op-17-full-score-a6429.pdf
    • http://www.gorillawalker.com/days-of-power-part-1.pdf
    • http://www.gorillawalker.com/german-128-147-english-bilingual-visual-dictionary-dk-visual-dictionaries.pdf
    • http://www.gorillawalker.com/sportsmanlike-driving.pdf
    • http://www.gorillawalker.com/porridge-the-inside-story.pdf
    • http://www.gorillawalker.com/clear-correct-concise-e-mail-a-writing-workbook-for-customer.pdf
    • http://www.gorillawalker.com/sextus-empiricus-against-the-physicists.pdf
    • http://www.gorillawalker.com/living-as-a-beloved-daughter-of-god-a-faith-sharing.pdf
    • http://www.gorillawalker.com/the-cambridge-history-of-the-book-in-britain-volume-2.pdf
    • http://www.gorillawalker.com/kau-kau-cuisine-culture-in-the-hawaiian-islands.pdf
    • http://www.gorillawalker.com/practice-of-the-wild.pdf
    • http://www.gorillawalker.com/amo-al-per-spanish-edition.pdf
    • http://www.gorillawalker.com/124-prayers-for-caregivers.pdf
    • http://www.gorillawalker.com/the-first-lakatoi.pdf
    • http://www.gorillawalker.com/ionian-corfu-levkas-cephalonia-zakinthos-and-the-coast-to-finakounda.pdf
    • http://www.gorillawalker.com/still-a-mistress-the-saga-continues-the-millionaire-mistress-series.pdf
    • http://www.gorillawalker.com/math-grade-3-spectrum.pdf
    • http://www.gorillawalker.com/life-in-prison.pdf
    • http://www.gorillawalker.com/venice-city-guides-cadogan.pdf
    • http://www.gorillawalker.com/ultimate-risk-thoroughbred-series-40.pdf
    • http://www.gorillawalker.com/adobe-coldfusion-interview-questions-you-ll-most-likely-be-asked.pdf
    • http://www.gorillawalker.com/mouse-the-five-ancestors-book-6.pdf
    • http://www.gorillawalker.com/real-justice-jailed-for-life-for-being-black-the-story.pdf
    • http://www.gorillawalker.com/ordnance-survey-philip-s-street-atlas-bristol-and-bath-street.pdf
    • http://www.gorillawalker.com/programming-for-peace-computer-aided-methods-for-international-conflict-resolution.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.