Malicious PDF — malware analysis report

Static analysis result for SHA-256 386ce80911f077e0…

MALICIOUS

PDF

44.0 KB Created: 2018-11-14 11:21:01 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: e030e1013b5e3209605a87eb55e5dd8e SHA-1: 96fb34b0b2091d1ecc058bf2ff97edeb256f1382 SHA-256: 386ce80911f077e09e224878d50fc12d7bd320099673183569193a975c8b3196
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or distribution mechanism. The embedded URLs point to various PDF documents hosted on gorillawalker.com, indicating a potential SEO manipulation or content distribution scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/history-and-philosophy-of-modern-mathematics-volume-xi-minnesota-studies.pdf
    • http://www.gorillawalker.com/genealogical-record-of-the-descendants-of-david-sage-a-native.pdf
    • http://www.gorillawalker.com/the-black-god-and-goddess-of-the-bible-the-african.pdf
    • http://www.gorillawalker.com/cocker-spaniels-2016-calendar.pdf
    • http://www.gorillawalker.com/magazine-of-fantasy-and-science-fiction-june-1977-volume-52.pdf
    • http://www.gorillawalker.com/the-fortunate-adversities-of-william-bligh-american-university-studies-series.pdf
    • http://www.gorillawalker.com/moon-called-patricia-briggs-mercy-thompson.pdf
    • http://www.gorillawalker.com/secure-target.pdf
    • http://www.gorillawalker.com/popular-science-1944-october.pdf
    • http://www.gorillawalker.com/procurement-with-sap-mm-practical-guide.pdf
    • http://www.gorillawalker.com/modoc-the-true-story-of-the-greatest-elephant-that-ever.pdf
    • http://www.gorillawalker.com/goosebumps-most-wanted-1-planet-of-the-lawn-gnomes.pdf
    • http://www.gorillawalker.com/the-techie-stuff-setting-up-your-hair-care-treatment-items.pdf
    • http://www.gorillawalker.com/star-trek-the-next-generation-role-playing-game-narrator-s.pdf
    • http://www.gorillawalker.com/the-2011-import-and-export-market-for-blankets-and-traveling.pdf
    • http://www.gorillawalker.com/aerosol-optical-depth-model-assessment-with-high-resolution-multiple-angle.pdf
    • http://www.gorillawalker.com/chris-rice-the-living-room-sessions-by-chris-rice-jun.pdf
    • http://www.gorillawalker.com/prospero-and-caliban-the-psychology-of-colonization.pdf
    • http://www.gorillawalker.com/complicated-creatures-part-one-in-a-romantic-suspense-series-volume.pdf
    • http://www.gorillawalker.com/conceiving-persons-ethnographies-of-procreation-fertility-and-growth-london-school.pdf
    • http://www.gorillawalker.com/milf-the-milf-on-the-bed-naughty-mother-taboo-older.pdf
    • http://www.gorillawalker.com/the-h-word-and-others-boomers-for-boomers-book-5.pdf
    • http://www.gorillawalker.com/the-manual-of-manufacturing-meat-quality.pdf
    • http://www.gorillawalker.com/incestuous-families-an-ecological-approach-to-understanding-and-treatment-norton.pdf
    • http://www.gorillawalker.com/pre-algebra-studentworks-plus-cd-rom.pdf
    • http://www.gorillawalker.com/proportional-assist-ventilation-guidelines-standards-for-using-pavtm-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-greek-philosophy-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mgh-cardiology-board-review.pdf
    • http://www.gorillawalker.com/the-outdoor-photographer-s-bible-doubleday-outdoor-bibles.pdf
    • http://www.gorillawalker.com/class-dismissed-pa.pdf
    • http://www.gorillawalker.com/apuleius-metamorphoses-the-golden-ass-volume-ii-books-7-11.pdf
    • http://www.gorillawalker.com/regency-gardens-shire-library.pdf
    • http://www.gorillawalker.com/statistical-size-distributions-in-economics-and-actuarial-sciences.pdf
    • http://www.gorillawalker.com/the-bible-an-introduction.pdf
    • http://www.gorillawalker.com/marketing-yourself-and-your-career-personal-growth-and-development-collection.pdf
    • http://www.gorillawalker.com/horizons-6th-edition.pdf
    • http://www.gorillawalker.com/smart-biosensor-technology-optical-science-and-engineering.pdf
    • http://www.gorillawalker.com/influencia-britanica-en-el-salitre-origen-naturaleza-y-decadencia-coleccion.pdf
    • http://www.gorillawalker.com/hockey-opposites-my-first-nhl-book.pdf
    • http://www.gorillawalker.com/callings-twenty-centuries-of-christian-wisdom-on-vocation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.