Malicious PDF — malware analysis report

Static analysis result for SHA-256 1ca16b6c6676919a…

MALICIOUS

PDF

42.2 KB Created: 2019-03-17 08:16:11 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: 98c1c09c36b1096295a77e2f689ff94f SHA-1: 5df67ef7a1f8362378d081428bcce80406c15cb1 SHA-256: 1ca16b6c6676919a0d3850ff4dda92587083a6d36076e04a6c5a065e9031c039
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body confirms the presence of numerous links to external PDF files hosted on www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic, potentially to distribute malicious content or drive traffic to compromised sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/governing-urban-economies-innovation-and-inclusion-in-canadian-city-regions.pdf
    • http://www.gorillawalker.com/soldiers-of-reason-the-rand-corporation-and-the-rise-of.pdf
    • http://www.gorillawalker.com/a-new-look-at-the-sacraments.pdf
    • http://www.gorillawalker.com/lost-and-found-three-by-shaun-tan-lost-and-found.pdf
    • http://www.gorillawalker.com/the-solar-system-science-pocket-ages-8-11-no-5762.pdf
    • http://www.gorillawalker.com/achilles-a-love-story-a-gay-novel-of-the-trojan.pdf
    • http://www.gorillawalker.com/rapid-review-neuroscience-1e.pdf
    • http://www.gorillawalker.com/perl-programming-for-the-absolute-beginner.pdf
    • http://www.gorillawalker.com/newcastle-united-s-worst-ever-players-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/enzymatic-mechanisms-biomedical-and-health-research-27.pdf
    • http://www.gorillawalker.com/how-to-grow-your-church-153-creative-ideas-for-reaching.pdf
    • http://www.gorillawalker.com/i-the-supreme.pdf
    • http://www.gorillawalker.com/american-republic-student-text.pdf
    • http://www.gorillawalker.com/the-executive-guide-to-information-security-threats-challenges-and-solutions.pdf
    • http://www.gorillawalker.com/speakout-pre-intermediate-student-access-code-for-mel-and-progress.pdf
    • http://www.gorillawalker.com/nautilus-sanction-time-wars-no-5.pdf
    • http://www.gorillawalker.com/tribebook-glass-walkers.pdf
    • http://www.gorillawalker.com/vintage-cars-author-marten-martina.pdf
    • http://www.gorillawalker.com/trial-prep-for-the-new-advocate-kindle-edition.pdf
    • http://www.gorillawalker.com/engineer-s-and-manager-s-guide-to-winning-proposals-professional.pdf
    • http://www.gorillawalker.com/the-torts-process.pdf
    • http://www.gorillawalker.com/god-s-promises-for-a-mother-s-heart.pdf
    • http://www.gorillawalker.com/the-gift-relationship-from-human-blood-to-social-policy.pdf
    • http://www.gorillawalker.com/primates-of-park-avenue-a-memoir.pdf
    • http://www.gorillawalker.com/advances-in-modeling-concrete-service-life-proceedings-of-4th-international.pdf
    • http://www.gorillawalker.com/7th-edition-abc-air-band-radio-guide.pdf
    • http://www.gorillawalker.com/the-vedanta-sutras-or-brahma-sutras-with-commentary-forgotten-books.pdf
    • http://www.gorillawalker.com/secret-regrets-volume-2-moving-past-your-past.pdf
    • http://www.gorillawalker.com/introduction-to-programming-languages-principles-c-c-scheme-and-prolog.pdf
    • http://www.gorillawalker.com/practical-scientific-christianity-articles-and-talks.pdf
    • http://www.gorillawalker.com/blood-mist.pdf
    • http://www.gorillawalker.com/clarinet-concerto-score.pdf
    • http://www.gorillawalker.com/vice-dick-cheney-and-the-hijacking-of-the-american-presidency.pdf
    • http://www.gorillawalker.com/nature-of-the-beast-mcnachton-vampires-book-5.pdf
    • http://www.gorillawalker.com/financial-modeling-of-the-equity-market-from-capm-to-cointegration.pdf
    • http://www.gorillawalker.com/a-cancer-therapy-results-of-fifty-cases-and-the-cure.pdf
    • http://www.gorillawalker.com/the-way-of-zen-kindle-edition.pdf
    • http://www.gorillawalker.com/brasilia-chandigarh-living-with-modernity.pdf
    • http://www.gorillawalker.com/dictionary-of-1000-dutch-proverbs-hippocrene-bilingual-proverbs.pdf
    • http://www.gorillawalker.com/resumes-for-communications-careers-vgm-s-professional-resumes-series.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.