Malicious PDF — malware analysis report

Static analysis result for SHA-256 1f4d93c3d3b51bce…

MALICIOUS

PDF

43.8 KB Created: 2018-12-14 20:04:09 +03:00 Authoring application: PrimoPDF http://www.primopdf.com/ (via PrimoPDF)
MD5: 95c428f5e6ebf2c05b6e8400107ac567 SHA-1: dc09116731a0fe82f9a836501f45be7b54fb31d8 SHA-256: 1f4d93c3d3b51bced08702bb81153ca9539df51e9bb7a06a74af258256186f83
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The critical PDF_SEO_LINK_FARM heuristic indicates the presence of a large number of external links within the PDF. The ML classifier also flagged this PDF as malicious. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/internet-bookselling-made-easy-how-to-earn-a-living-selling.pdf
    • http://www.gorillawalker.com/the-versatile-grain-and-the-elegant-bean-a-celebration-of.pdf
    • http://www.gorillawalker.com/means-plumbing-cost-data-1994.pdf
    • http://www.gorillawalker.com/wicked-fantasy-the-castle-of-dark-dreams-book-3.pdf
    • http://www.gorillawalker.com/the-st-paul-farmers-market-produce-cookbook-a-collection-of.pdf
    • http://www.gorillawalker.com/one-shot-iad-agency-2-siren-publishing-classic.pdf
    • http://www.gorillawalker.com/fundamentals-of-natural-gas-processing-second-edition.pdf
    • http://www.gorillawalker.com/corona-performance-of-high-voltage-transmission-lines-high-voltage-power.pdf
    • http://www.gorillawalker.com/the-hidden-meaning-of-dreams.pdf
    • http://www.gorillawalker.com/earth-magic-oracle-cards-a-48-card-deck-and-guidebook.pdf
    • http://www.gorillawalker.com/military-animals-going-to-work-animal-edition.pdf
    • http://www.gorillawalker.com/dragon-and-tiger-medical-qigong-volume-1-develop-health-and.pdf
    • http://www.gorillawalker.com/puppyhood-life-size-portraits-of-puppies-at-6-weeks-old.pdf
    • http://www.gorillawalker.com/rise-above-your-chains-how-worshipping-with-an-imprisoned-apostle.pdf
    • http://www.gorillawalker.com/lessons-from-a-street-wise-professor-what-you-won-t.pdf
    • http://www.gorillawalker.com/concert-songs-volume-2-2001-2012-46-songs-for-medium.pdf
    • http://www.gorillawalker.com/secrets-of-peruvian-cuisine.pdf
    • http://www.gorillawalker.com/bicycle-touring-map-southern-tier-1-san-diego-ca-to.pdf
    • http://www.gorillawalker.com/iron-wo-man-buns-yoga-anerobic-conditioning-for-the-hips.pdf
    • http://www.gorillawalker.com/osteopathy-head-to-toe-health-through-manipulation-nature-s-way.pdf
    • http://www.gorillawalker.com/learnsmart-standalone-access-card-for-exploring-earth-science.pdf
    • http://www.gorillawalker.com/robin-trower-bridge-of-sighs-guitar-recorded-versions.pdf
    • http://www.gorillawalker.com/design-and-simulation-of-a-control-system-for-helicopter-slung.pdf
    • http://www.gorillawalker.com/water-scientists-mission-science-collective-biographies.pdf
    • http://www.gorillawalker.com/intuitionistic-set-theory-or-how-to-construct-a-proof-forschungsergebnisse.pdf
    • http://www.gorillawalker.com/the-skinny-on-bullying.pdf
    • http://www.gorillawalker.com/diplomat-s-dictionary-second-edition-cross-cultural-negotiation-books.pdf
    • http://www.gorillawalker.com/maverick-investor-lesson-3-kindle-edition.pdf
    • http://www.gorillawalker.com/tomorrow-from-annie-three-part-sab-and-piano-with-optional.pdf
    • http://www.gorillawalker.com/drugs-how-can-i-be-healthy.pdf
    • http://www.gorillawalker.com/2011-2012-basic-and-clinical-science-course-section-8-external.pdf
    • http://www.gorillawalker.com/13-diseases-that-can-be-spread-by-intimate-contact-sexually.pdf
    • http://www.gorillawalker.com/female-sex-predators-a-crime-epidemic.pdf
    • http://www.gorillawalker.com/the-restless-dead-ten-original-stories-of-the-supernatural.pdf
    • http://www.gorillawalker.com/denver-in-flames-forging-a-new-mile-high-city.pdf
    • http://www.gorillawalker.com/petroleum-source-rocks-casebooks-in-earth-sciences.pdf
    • http://www.gorillawalker.com/agricultural-economics-and-agribusiness.pdf
    • http://www.gorillawalker.com/an-essential-guide-to-bird-photography.pdf
    • http://www.gorillawalker.com/vietnam-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/jesus-was-adopted-triumph-of-the-human-spirit-from-the.pdf
    • http://www.primopdf.com/
    • http://www.gorillawalker.com/coro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.