Malicious PDF — malware analysis report

Static analysis result for SHA-256 1817139dc44d0e39…

MALICIOUS

PDF

46.5 KB Created: 2018-12-07 18:28:01 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 423265803a9aca0219232e9ad2546bc4 SHA-1: abf0e4aeb71ae7bfc6a3d4f82e8403165b8c555e SHA-256: 1817139dc44d0e39563f06d594256f1d645dc91f311aa77d487dbc11912a6b8f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a method to distribute multiple malicious documents. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests the document's purpose is to generate traffic or distribute content via these links. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/business-management-research.pdf
    • http://www.gorillawalker.com/romanze-op-227-bassoon-and-piano-weissenborn-voxman.pdf
    • http://www.gorillawalker.com/bassoon-concerto-in-c-minor-gwv-307-full-score-qty.pdf
    • http://www.gorillawalker.com/what-are-the-gospels-a-comparison-with-graeco-roman-biography.pdf
    • http://www.gorillawalker.com/shaman-ad-d-accessory.pdf
    • http://www.gorillawalker.com/a-husband-and-a-farm-in-rhodesia.pdf
    • http://www.gorillawalker.com/el-enfermo-asmatico-the-asthmatic-patient-similimum-spanish-edition.pdf
    • http://www.gorillawalker.com/grasas-y-aceites-alimentarios-este-capitulo-pertenece-al-libro-toxicolog.pdf
    • http://www.gorillawalker.com/the-butterflies-of-papua-new-guinea-their-systematics-and-biology.pdf
    • http://www.gorillawalker.com/selling-the-air-a-critique-of-the-policy-of-commercial.pdf
    • http://www.gorillawalker.com/handbook-of-interventional-radiology-and-angiography.pdf
    • http://www.gorillawalker.com/let-the-dead-bury-the-dead-a-dc-madam-account.pdf
    • http://www.gorillawalker.com/the-ex-boyfriend-s-handbook-eddie-will-do-whatever-it.pdf
    • http://www.gorillawalker.com/dyadic-green-functions-in-electromagnetic-theory-ieee-press-series-on.pdf
    • http://www.gorillawalker.com/asperger-syndrome-pocketbook-by-ronnie-young-2009.pdf
    • http://www.gorillawalker.com/drums-from-brazil.pdf
    • http://www.gorillawalker.com/lighthouse-chronicles-twenty-years-on-the-bc-lights.pdf
    • http://www.gorillawalker.com/the-point-of-production-work-environment-in-advanced-industrial-societies.pdf
    • http://www.gorillawalker.com/nightfall-nightingale-series.pdf
    • http://www.gorillawalker.com/the-makers-of-rome-nine-lives-penguin-classics.pdf
    • http://www.gorillawalker.com/a-catholic-s-guide-to-rome-discovering-the-soul-of.pdf
    • http://www.gorillawalker.com/photo-fakery-a-history-of-deception-and-manipulation.pdf
    • http://www.gorillawalker.com/forbidden-pleasure-bound-heart.pdf
    • http://www.gorillawalker.com/should-we-use-someone-else-s-sermon-preaching-in-a.pdf
    • http://www.gorillawalker.com/lev-gillet-a-monk-of-the-eastern-church.pdf
    • http://www.gorillawalker.com/woman-thou-art-loved.pdf
    • http://www.gorillawalker.com/i-know-sasquatch-fiction-picture-books.pdf
    • http://www.gorillawalker.com/us-army-special-forces-technical-manual-tm-9-1240-216.pdf
    • http://www.gorillawalker.com/italiano-para-todos-iniciacion-idiomas-larousse-spanish-edition.pdf
    • http://www.gorillawalker.com/the-full-life-study-bible-in-romanian-language-edition-biblia.pdf
    • http://www.gorillawalker.com/first-gnostic-principles-of-one-god-one-faith.pdf
    • http://www.gorillawalker.com/vcp5-dcv-official-certification-guide-covering-the-vcp550-exam-vmware.pdf
    • http://www.gorillawalker.com/vanessa-hudgens-kid-stars.pdf
    • http://www.gorillawalker.com/the-paranormal-conspiracy-the-truth-about-ghosts-aliens-and-mysterious.pdf
    • http://www.gorillawalker.com/thirukkural-araththuppaal-araththupaal-kaviyurai-tamil-edition.pdf
    • http://www.gorillawalker.com/management-information-systems-for-the-business-student-a-technical-use.pdf
    • http://www.gorillawalker.com/flying-solo-a-survival-guide-for-the-solo-lawyer.pdf
    • http://www.gorillawalker.com/the-plumb-line-the-measure-of-the-stature-of-the.pdf
    • http://www.gorillawalker.com/tomorrow-my-sunshine-will-come-memoirs-of-women-who-survived.pdf
    • http://www.gorillawalker.com/dad-s-slideshow-thumbprint-pocket-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.