Malicious PDF — malware analysis report

Static analysis result for SHA-256 1fe2add09770e5ea…

MALICIOUS

PDF

45.9 KB Created: 2019-02-13 19:54:13 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: c26b848aed8f501b54c7ec4e578ca67b SHA-1: ac120b9bd3f95f254b5c12b8625af70ed2c43240 SHA-256: 1fe2add09770e5eac4e08b1737d653850cdab96aa4b74810128d2fb381147182
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious documents. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-forests-of-silence-deltora-quest-series.pdf
    • http://www.gorillawalker.com/aaai-80-proceedings-of-the-1st-national-conference-on-artificial.pdf
    • http://www.gorillawalker.com/the-mirror-for-princes-kalila-wa-dimna-oberon-modern-plays.pdf
    • http://www.gorillawalker.com/animal-painting-workbook.pdf
    • http://www.gorillawalker.com/divorce-dollars-get-your-fair-share-financial-planning-before-during.pdf
    • http://www.gorillawalker.com/the-joy-of-single-parenting.pdf
    • http://www.gorillawalker.com/mr-mrs-kane-betraying-the-billionaire-bwwm-billionaire-romance-book.pdf
    • http://www.gorillawalker.com/hot-to-the-touch.pdf
    • http://www.gorillawalker.com/blue-moon-digital.pdf
    • http://www.gorillawalker.com/understanding-space-an-introduction-to-astronautics.pdf
    • http://www.gorillawalker.com/decoding-egyptian-hieroglyphs-how-to-read-the-sacred-language-of.pdf
    • http://www.gorillawalker.com/faraway-campaign-experiences-of-an-indian-army-cavalry-officer-in.pdf
    • http://www.gorillawalker.com/drinking-and-drafting-fantasy-basketball-strategery-for-each-phase-of.pdf
    • http://www.gorillawalker.com/mushrooms-great-recipe-ideas-with-a-classic-ingredient-in-60.pdf
    • http://www.gorillawalker.com/the-monster-in-the-maze-greek-beasts-and-heroes.pdf
    • http://www.gorillawalker.com/grant-seeking-in-an-electronic-age-part-of-the-allyn.pdf
    • http://www.gorillawalker.com/pensions-backgrounds-trends-and-issues-retirement-issues-plans-and-lifestyles.pdf
    • http://www.gorillawalker.com/federal-rules-of-evidence-and-california-evidence-code-2003-statutory.pdf
    • http://www.gorillawalker.com/observations-on-reversionary-payments-on-schemes-for-providing-annuities-for.pdf
    • http://www.gorillawalker.com/coping-with-a-hernia-overcoming-common-problems-series.pdf
    • http://www.gorillawalker.com/indexes-a-chapter-from-the-chicago-manual-of-style-15th.pdf
    • http://www.gorillawalker.com/korean-home-cooking-quick-easy-delicious-recipes-to-make-at.pdf
    • http://www.gorillawalker.com/model-law-decisions.pdf
    • http://www.gorillawalker.com/if-your-child-stutters-a-guide-for-parents.pdf
    • http://www.gorillawalker.com/slow-cooker-recipes-cookbook-the-500-most-healthy-and-delicious.pdf
    • http://www.gorillawalker.com/arithmetic-for-the-practical-worker-mathematics-library-for-practical-workers.pdf
    • http://www.gorillawalker.com/the-complete-coding-procedure-solution.pdf
    • http://www.gorillawalker.com/transfer-pricing-in-international-business-a-management-tool-for-adding.pdf
    • http://www.gorillawalker.com/max-best-friend-hero-marine.pdf
    • http://www.gorillawalker.com/digital-black-white-photography-paperback-2004-author-john-beardsworth.pdf
    • http://www.gorillawalker.com/siblings-practical-parenting.pdf
    • http://www.gorillawalker.com/the-ghosts-of-rowan-oak-william-faulkner-s-ghost-stories.pdf
    • http://www.gorillawalker.com/semiconductors-and-semimetals-volume-ii-solar-cells.pdf
    • http://www.gorillawalker.com/demons-our-changing-attitudes-to-alcohol-tobacco-and-drugs.pdf
    • http://www.gorillawalker.com/rubaiyat-of-omar-khayyam-persian-edition.pdf
    • http://www.gorillawalker.com/international-auditing-practical-resource-guide.pdf
    • http://www.gorillawalker.com/bandages.pdf
    • http://www.gorillawalker.com/la-princesa-amy-y-el-carruaje-de-oro-princess-amy.pdf
    • http://www.gorillawalker.com/making-ideas-happen-overcoming-the-obstacles-between-vision-and-reality.pdf
    • http://www.gorillawalker.com/love-connection-our-story-ultimately-his-story.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.