Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c50c8b3f1babe6a…

MALICIOUS

PDF

39.6 KB Created: 2018-12-02 10:57:11 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: e339a93f22a31d2d2204dbced65dee45 SHA-1: 4b017d37dbdef76e9f7ea1d188f621526a6da58b SHA-256: 1c50c8b3f1babe6ae50dbffb12a35532d82d63d15c732acf82cdfb55854e0627
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or as a distribution vector for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-everlasting-chapel-book-3-in-the-chapel-series.pdf
    • http://www.gorillawalker.com/u-s-renewable-electricity-how-does-wind-generation-impact-competitive.pdf
    • http://www.gorillawalker.com/guinevere-song-sheet-music.pdf
    • http://www.gorillawalker.com/the-sword-of-agrippa-antioch.pdf
    • http://www.gorillawalker.com/the-rights-of-minority-cultures.pdf
    • http://www.gorillawalker.com/dsm-5-overview.pdf
    • http://www.gorillawalker.com/stay-safe-crime-map-of-baltimore-kindle-edition.pdf
    • http://www.gorillawalker.com/china-engaged-integration-with-the-global-economy-china-2020.pdf
    • http://www.gorillawalker.com/the-infertile-male-advanced-assisted-reproductive-technology.pdf
    • http://www.gorillawalker.com/the-orange-order-a-contemporary-northern-irish-history.pdf
    • http://www.gorillawalker.com/gerontologic-nursing-pageburst-e-book-on-kno-retail-access-card.pdf
    • http://www.gorillawalker.com/max-stirner-s-dialectical-egoism-a-new-interpretation.pdf
    • http://www.gorillawalker.com/milf-futas-futanari-erotica-bundle.pdf
    • http://www.gorillawalker.com/peruvian-education-at-a-crossroads-challenges-and-opportunities-for-the.pdf
    • http://www.gorillawalker.com/psyche-kindle-edition.pdf
    • http://www.gorillawalker.com/the-network-security-test-lab-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-thailand-s-beaches-islands-rough-guide.pdf
    • http://www.gorillawalker.com/1-510-essential-words-for-learning-english-a-complete-dictionary.pdf
    • http://www.gorillawalker.com/puzzles-about-art-an-aesthetics-casebook.pdf
    • http://www.gorillawalker.com/5-steps-to-a-5-ap-calculus-bc-2014-2015.pdf
    • http://www.gorillawalker.com/peter-rabbit-s-happy-easter.pdf
    • http://www.gorillawalker.com/the-kindling-middle-school-magic.pdf
    • http://www.gorillawalker.com/reporting-for-the-media-international-9th-edition.pdf
    • http://www.gorillawalker.com/healthy-freezer-cooking-a-guide-to-creating-nutritious-meals-from.pdf
    • http://www.gorillawalker.com/brain-matters-translating-research-into-classroom-practice-2nd-edition.pdf
    • http://www.gorillawalker.com/wolves-of-the-northern-rift-magic-machinery-series.pdf
    • http://www.gorillawalker.com/indianapolis-indiana-street-map-american-map.pdf
    • http://www.gorillawalker.com/dm-gastroenterology-and-mch-gastrosurgery-entrance-examination-includes-important-text.pdf
    • http://www.gorillawalker.com/stochastic-modelling-for-systems-biology-second-edition-chapman-hall-crc.pdf
    • http://www.gorillawalker.com/milan-with-underground-map.pdf
    • http://www.gorillawalker.com/compliance-by-design-it-controls-that-work.pdf
    • http://www.gorillawalker.com/simple-machines-forces-in-action-do-it-yourself.pdf
    • http://www.gorillawalker.com/rethinking-the-pentateuch-prolegomena-to-the-theology-of-ancient-israel.pdf
    • http://www.gorillawalker.com/happy-anniversary-wife-surprises-sissy-husband.pdf
    • http://www.gorillawalker.com/the-jurisprudence-of-pregnancy-concepts-of-conflict-persons-and-property.pdf
    • http://www.gorillawalker.com/the-opposite-of-art-a-novel.pdf
    • http://www.gorillawalker.com/como-se-adquiere-el-conocimiento-de-mundos-spanish-edition.pdf
    • http://www.gorillawalker.com/fantastic-and-magical-tale-russian-edition.pdf
    • http://www.gorillawalker.com/finite-element-analysis-theory-and-application-with-ansys.pdf
    • http://www.gorillawalker.com/abc-s-of-the-bushkill-creek.pdf
    • http://www.gorillawalker.com/the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.