Malicious PDF — malware analysis report

Static analysis result for SHA-256 225a63de15b81553…

MALICIOUS

PDF

44.3 KB Created: 2018-12-15 08:15:32 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 8814262f7208a1ec1c033bfa8b4fb6b2 SHA-1: 219ee8432fb276389e1a9bfb2331fe7b05faaa72 SHA-256: 225a63de15b81553ddcd723a554ced5d2993dfdd4e1a7d7d8b47bf39deb7f08a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm or SEO poisoning attempt. The embedded URLs point to various PDF documents hosted on gorillawalker.com, likely serving as a distribution or redirection mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tell-me-who-i-am-sometimes-it-s-safer-not.pdf
    • http://www.gorillawalker.com/adoption-usage-and-global-impact-of-broadband-technologies-diffusion-practice.pdf
    • http://www.gorillawalker.com/a-home-in-the-sky-twicetold-tales.pdf
    • http://www.gorillawalker.com/casca-the-sentinel-casca-9.pdf
    • http://www.gorillawalker.com/deadly-catch-a-mac-mcclellan-mystery-mac-mcclellan-mysteries.pdf
    • http://www.gorillawalker.com/the-adirondacks-a-history-of-america-s-first-wilderness-byschneider.pdf
    • http://www.gorillawalker.com/rosabeth-moss-kanter-on-the-frontiers-of-management.pdf
    • http://www.gorillawalker.com/mechanical-electrical-equipment-for-buildings-8th-eigth-edition.pdf
    • http://www.gorillawalker.com/phnom-penh-a-cultural-history-cityscapes-kindle-edition.pdf
    • http://www.gorillawalker.com/the-second-letter-of-peter-bible-trivia-quiz-study-guide.pdf
    • http://www.gorillawalker.com/the-earth-s-ionosphere-plasma-physics-and-electrodynamics.pdf
    • http://www.gorillawalker.com/ispy-surveillance-and-power-in-the-interactive-era-culture-america.pdf
    • http://www.gorillawalker.com/lone-fathers-and-masculinities.pdf
    • http://www.gorillawalker.com/the-society-portrait-painting-prestige-and-the-pursuit-of-elegance.pdf
    • http://www.gorillawalker.com/black-and-white-2-taboo-bwwm-interracial-erotic-stories.pdf
    • http://www.gorillawalker.com/album-of-various-works-transcribed-for-guitar-kalmus-edition.pdf
    • http://www.gorillawalker.com/razzle-dazzle-doodle-art-creative-play-for-you-and-your.pdf
    • http://www.gorillawalker.com/ma-cheri-the-heart-knows-cherise.pdf
    • http://www.gorillawalker.com/pathfinder-flip-mat-bigger-basic.pdf
    • http://www.gorillawalker.com/the-small-party.pdf
    • http://www.gorillawalker.com/country-comercial-guide-hong-kong-country-commercial-guides.pdf
    • http://www.gorillawalker.com/the-icelandic-sagas-the-cambridge-manuals-of-science-and-literature.pdf
    • http://www.gorillawalker.com/design-and-technology-stage-6-toolkit.pdf
    • http://www.gorillawalker.com/texas-plants-and-animals-state-studies-texas.pdf
    • http://www.gorillawalker.com/understanding-the-hymns-we-sing.pdf
    • http://www.gorillawalker.com/tidewater-on-the-halfshell-fine-virginia-recipes.pdf
    • http://www.gorillawalker.com/children-during-the-nazi-reign-psychological-perspective-on-the-interview.pdf
    • http://www.gorillawalker.com/how-to-sketch-plants-tips-and-techniques-for-fast-fresh.pdf
    • http://www.gorillawalker.com/financial-applications-using-excel-add-in-development-in-c-c.pdf
    • http://www.gorillawalker.com/astounding-acrostic-puzzles-mensa.pdf
    • http://www.gorillawalker.com/the-perfect-meal-in-search-of-the-lost-tastes-of.pdf
    • http://www.gorillawalker.com/bees-wonder-starters.pdf
    • http://www.gorillawalker.com/mathematical-statistics-package-volumes-i-ii-basic-ideas-and-selected.pdf
    • http://www.gorillawalker.com/handbook-of-water-purification-ellis-horwood-series-in-water-and.pdf
    • http://www.gorillawalker.com/life-and-breath-the-breakthrough-guide-to-the-latest-strategies.pdf
    • http://www.gorillawalker.com/virat-kohli-reliable-rebel-kindle-edition.pdf
    • http://www.gorillawalker.com/german-responsibility-in-the-armenian-genocide-a-review-of-the.pdf
    • http://www.gorillawalker.com/the-definitive-aphra-behn-collection-her-fiction-poetry-and-drama.pdf
    • http://www.gorillawalker.com/the-lizard-king-the-essential-jim-morrison.pdf
    • http://www.gorillawalker.com/hawaii-berlitz-pocket-guides.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.