Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a96c3fde9a3f032…

MALICIOUS

PDF

42.5 KB Created: 2018-11-15 19:34:33 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: cf2f7e05c7bfb120d80354261ee79945 SHA-1: fc678d888c0d52753f34fce6f3e4d3ea972f40b5 SHA-256: 1a96c3fde9a3f032551f9d33d7907f2e96d1565aa4d3ab8d8db8cafa9c689169
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/comprehension-skills-understanding-vocabulary-advanced.pdf
    • http://www.gorillawalker.com/sex-party-cowboy-sex-1-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/rust.pdf
    • http://www.gorillawalker.com/ultrafast-spectroscopy-of-semiconductors-and-semiconductor-nanostructures-springer-series-in.pdf
    • http://www.gorillawalker.com/las-presunciones-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/success-in-soccer-basic-training-techniques-and-tactics-for-developing.pdf
    • http://www.gorillawalker.com/creativity-in-the-digital-age-springer-series-on-cultural-computing.pdf
    • http://www.gorillawalker.com/disinherited-how-washington-is-betraying-america-s-young.pdf
    • http://www.gorillawalker.com/cooking-class-soups-stews.pdf
    • http://www.gorillawalker.com/digital-signal-processing-with-examples-in-matlab-second-edition-electrical.pdf
    • http://www.gorillawalker.com/when-work-doesn-t-work-anymore-women-work-and-identity.pdf
    • http://www.gorillawalker.com/world-atlas-of-large-optical-telescopes.pdf
    • http://www.gorillawalker.com/coding-interview-questions.pdf
    • http://www.gorillawalker.com/television-and-radio-announcing-11th-edition.pdf
    • http://www.gorillawalker.com/engineering-physics-v-1.pdf
    • http://www.gorillawalker.com/urban-environmental-landscape.pdf
    • http://www.gorillawalker.com/highland-healer-highland-talents-book-1.pdf
    • http://www.gorillawalker.com/thunder-and-flames-americans-in-the-crucible-of-combat-1917.pdf
    • http://www.gorillawalker.com/gardens-of-eden-long-island-s-early-twentieth-century-planned.pdf
    • http://www.gorillawalker.com/roman-law-an-historical-introduction.pdf
    • http://www.gorillawalker.com/i-am-blessed.pdf
    • http://www.gorillawalker.com/help-your-kids-with-computer-coding.pdf
    • http://www.gorillawalker.com/the-game-of-denial.pdf
    • http://www.gorillawalker.com/arduino-electronics-blueprints.pdf
    • http://www.gorillawalker.com/radar-watchkeeping.pdf
    • http://www.gorillawalker.com/the-second-amendment-in-law-and-history-historians-and-constitutional.pdf
    • http://www.gorillawalker.com/der-fl-chennutzungsplan-als-steuerungsinstrument-der-gemeinde-europaeische-hochschulschriften-european.pdf
    • http://www.gorillawalker.com/the-little-boy-jesus-bible-stories.pdf
    • http://www.gorillawalker.com/evidence-of-the-terror-in-chile.pdf
    • http://www.gorillawalker.com/whale-song-journeys-into-the-secret-lives-of-the-north.pdf
    • http://www.gorillawalker.com/houghton-mifflin-social-studies-california-teach-ed-level-5-volevel.pdf
    • http://www.gorillawalker.com/make-your-mark-franklin-roosevelt-turning-point-books.pdf
    • http://www.gorillawalker.com/ruddigore-or-the-witch-s-curse-vocal-score.pdf
    • http://www.gorillawalker.com/1961-color-photography-annual-a-selection-of-the-worlds-greatest.pdf
    • http://www.gorillawalker.com/pure-theory-of-capital.pdf
    • http://www.gorillawalker.com/eine-kleine-trauermusik-d-79-full-score-qty-4-a6979.pdf
    • http://www.gorillawalker.com/action-nothing-happens-until-you-take.pdf
    • http://www.gorillawalker.com/brother-rabbit-a-cambodian-tale.pdf
    • http://www.gorillawalker.com/basic-marathon-training-all-the-technique-and-gear-you-need.pdf
    • http://www.gorillawalker.com/summer-in-ceylon.pdf
    • http://www.gorillawalker.com/creativity-in-the-digital-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.