Malicious PDF — malware analysis report

Static analysis result for SHA-256 37126b4da3b915cd…

MALICIOUS

PDF

42.3 KB Created: 2018-12-02 20:18:04 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: d8e3b56532f613abcc7df98796e832f7 SHA-1: e07a820d469762e9bf4e569cdacaa075f4621549 SHA-256: 37126b4da3b915cd693df0a05a6b77fbfda8a28d716c8bbfd2e7d489bab57d99
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDFs hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/apple-pro-training-series-xsan-quick-reference-guide-2nd-edition.pdf
    • http://www.gorillawalker.com/london-walks-and-sightseeing-shakespeare-and-others-on-the-south.pdf
    • http://www.gorillawalker.com/jay-z-turtleback-school-library-binding-edition-hip-hop-biographies.pdf
    • http://www.gorillawalker.com/china-life-insurance-development-report-2007-chinese-edition.pdf
    • http://www.gorillawalker.com/practical-radiographic-imaging.pdf
    • http://www.gorillawalker.com/sadie-s-mate-space-wars-book-2.pdf
    • http://www.gorillawalker.com/welding-metallurgy-carbon-and-alloy-steels-volume-1-fundamentals.pdf
    • http://www.gorillawalker.com/colorectal-cancer-prevention-epidemiology-and-screening-vol-13.pdf
    • http://www.gorillawalker.com/buenos-aires-the-pampas-footprint-focus.pdf
    • http://www.gorillawalker.com/interviewing-for-a-network-engineer-position-volume-1.pdf
    • http://www.gorillawalker.com/definitions-conversions-and-calculations-for-occupational-safety-and-health-professionals.pdf
    • http://www.gorillawalker.com/world-film-locations-marseilles-intellect-books-world-film-locations.pdf
    • http://www.gorillawalker.com/the-bride-next-door-mills-boon-love-inspired-historical-texas.pdf
    • http://www.gorillawalker.com/korean-folk-tales-for-children.pdf
    • http://www.gorillawalker.com/times-food-guide-pune-2014.pdf
    • http://www.gorillawalker.com/heart-of-the-ocean.pdf
    • http://www.gorillawalker.com/backhoe-loaders-big-backhoe-loaders-digging-dirt-on-the-jobsite.pdf
    • http://www.gorillawalker.com/aaa-essential-thailand-aaa-essential-guides-thailand.pdf
    • http://www.gorillawalker.com/si-yu-ki-buddhist-records-of-the-western-world-volume.pdf
    • http://www.gorillawalker.com/sauerkraut-suspenders-and-the-swiss-a-political-history-of-green.pdf
    • http://www.gorillawalker.com/totmotiviert-das-ende-der-motivationsl-ge-und-was-menschen-wirklich.pdf
    • http://www.gorillawalker.com/oregon-history-student-workbook-volume-1.pdf
    • http://www.gorillawalker.com/beginning-nfc-near-field-communication-with-arduino-android-and-phonegap.pdf
    • http://www.gorillawalker.com/the-storm-seal.pdf
    • http://www.gorillawalker.com/roadside-geology-of-arizona.pdf
    • http://www.gorillawalker.com/inquiry-into-life-laboratory-manual-12th-edition-special-edition-for.pdf
    • http://www.gorillawalker.com/intermediate-quantum-mechanics-lecture-notes-and-supplements-in-physics.pdf
    • http://www.gorillawalker.com/skiing-for-beginners-types-equipment-techniques-book.pdf
    • http://www.gorillawalker.com/the-top-100-formula-one-drivers-of-all-time.pdf
    • http://www.gorillawalker.com/petroleum-refining-technology-and-economics-fifth-edition.pdf
    • http://www.gorillawalker.com/videofluoroscopy-a-multidisciplinary-team-approach.pdf
    • http://www.gorillawalker.com/authentic-calypso-the-song-the-music-the-dance.pdf
    • http://www.gorillawalker.com/lidia-s-italian-table-more-than-200-recipes-from-the.pdf
    • http://www.gorillawalker.com/canadian-legal-education-annual-review-2009.pdf
    • http://www.gorillawalker.com/a-guide-book-of-morgan-silver-dollars-official-red-book.pdf
    • http://www.gorillawalker.com/what-did-i-do-the-unauthorized-autobiography-of-larry-rivers.pdf
    • http://www.gorillawalker.com/neuroradiology-key-differential-diagnoses-and-clinical-questions-expert-consult-online.pdf
    • http://www.gorillawalker.com/competition-policy-and-regional-integration-in-developing-countries.pdf
    • http://www.gorillawalker.com/carl-fischer-compatible-duets-for-winds-tuba-book.pdf
    • http://www.gorillawalker.com/nos-tomamos-la-palabra-spanish-edition.pdf
    • http://www.gorillawalker.com/welding-metallurgy-carb
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.