Malicious PDF — malware analysis report

Static analysis result for SHA-256 30a8a2d49277f5d9…

MALICIOUS

PDF

40.1 KB Created: 2018-12-14 20:07:22 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 806dd8a08f8cda39447a08e8947f623b SHA-1: 8cce52c394ca374186a79b692fa8d8ce2d20d573 SHA-256: 30a8a2d49277f5d95c2a38474962af3c3b962576082893c85935eed79809781f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded links to external PDF documents hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a wide array of potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wickedpedia-point-horror.pdf
    • http://www.gorillawalker.com/the-violent-stepfather-a-true-story-of-child-abuse-kindle.pdf
    • http://www.gorillawalker.com/a-battle-for-the-soul-of-islam-an-american-muslim.pdf
    • http://www.gorillawalker.com/george-romney-1734-1802.pdf
    • http://www.gorillawalker.com/gun-lady-volume-1.pdf
    • http://www.gorillawalker.com/graphical-player-2011.pdf
    • http://www.gorillawalker.com/journey-to-noah-s-ark-board-book-bible-train-adventures.pdf
    • http://www.gorillawalker.com/finanzas-para-el-marketing-y-las-ventas-c.pdf
    • http://www.gorillawalker.com/saruprani-a-collin-carter-mystery-volume-4-paperback.pdf
    • http://www.gorillawalker.com/subfile-technique-for-rpg-400-programmers-ringbound-the-fastpath.pdf
    • http://www.gorillawalker.com/inside-america-s-concentration-camps-two-centuries-of-internment-and.pdf
    • http://www.gorillawalker.com/the-long-season.pdf
    • http://www.gorillawalker.com/women-in-parliament-the-irish-experience-1918-2000.pdf
    • http://www.gorillawalker.com/schroeder-s-antiques-price-guide-2011-29th-edition.pdf
    • http://www.gorillawalker.com/do-i-need-it-or-do-i-want-it-making.pdf
    • http://www.gorillawalker.com/building-an-empire-the-most-complete-blueprint-to-building-a.pdf
    • http://www.gorillawalker.com/poesia-lirica-spanish-edition.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-celtic-wisdom.pdf
    • http://www.gorillawalker.com/pride-and-prejudice-saddleback-classics.pdf
    • http://www.gorillawalker.com/artes-medical-inc-developer-of-artecoll-responds-opinion-response-to.pdf
    • http://www.gorillawalker.com/the-art-of-the-japanese-sword-the-craft-of-swordmaking.pdf
    • http://www.gorillawalker.com/glimpse-of-guatemala-and-some-notes-on-the-ancient-monuments.pdf
    • http://www.gorillawalker.com/my-angels-are-come-mom-s-choice-awards-recipient.pdf
    • http://www.gorillawalker.com/sleisenger-and-fordtran-s-gastrointestinal-and-liver-disease-2-volume.pdf
    • http://www.gorillawalker.com/the-brand-name-carbohydrate-gram-counter.pdf
    • http://www.gorillawalker.com/the-realms-of-the-gods-the-immortals-book-4.pdf
    • http://www.gorillawalker.com/a-time-for-haste.pdf
    • http://www.gorillawalker.com/ileeria-s-sacrifice-the-chosen-one-series-ileeria-the-chosen.pdf
    • http://www.gorillawalker.com/the-great-unexpected.pdf
    • http://www.gorillawalker.com/the-nazi-impact-on-a-german-village.pdf
    • http://www.gorillawalker.com/understanding-the-linux-kernel-3th-third-edition-text-only.pdf
    • http://www.gorillawalker.com/pipe-fitting-and-piping-handbook.pdf
    • http://www.gorillawalker.com/embedded-systems-introduction-to-arm-cortex-tm-m-microcontrollers-fifth.pdf
    • http://www.gorillawalker.com/express-japanese-learn-to-speak-and-understand-japanese-with-pimsleur.pdf
    • http://www.gorillawalker.com/nursery-rhymes-with-book-s-rock-n-learn.pdf
    • http://www.gorillawalker.com/researching-african-american-genealogy-in-alabama-a-resource-guide.pdf
    • http://www.gorillawalker.com/garfield-in-the-fast-lane.pdf
    • http://www.gorillawalker.com/a-student-of-weather.pdf
    • http://www.gorillawalker.com/pushing-the-limits-a-student-teacher-romance.pdf
    • http://www.gorillawalker.com/micronesia-and-palau-other-places-travel-guide.pdf
    • http://www.gorillawalker.com/saruprani-a-collin-carter-my
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.