Malicious PDF — malware analysis report

Static analysis result for SHA-256 3ddf0aa1ac8dad62…

MALICIOUS

PDF

33.6 KB Created: 2020-01-17 19:19:41 +03:00 Authoring application: Word (via Acrobat PDFMaker 15 for Word)
MD5: a6310285b49655e0a27cdc708e0bc1a3 SHA-1: 491e1ee58e7bae8c3ee69bb0d9e017d17e0deb70 SHA-256: 3ddf0aa1ac8dad62338e799ee2dc63b01ff12694e96c6da8de5d2dd56ad6c7cf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-navajo-treaty-of-1868-treaty-between-the-united-states.pdf
    • http://www.gorillawalker.com/advanced-mpls-design-and-implementation-ccie-professional-development.pdf
    • http://www.gorillawalker.com/remaking-the-chinese-leviathan-market-transition-and-the-politics-of.pdf
    • http://www.gorillawalker.com/starlight-kindle-edition.pdf
    • http://www.gorillawalker.com/illustrated-catholic-bible.pdf
    • http://www.gorillawalker.com/charles-colin-vacchiano-trumpet-routines.pdf
    • http://www.gorillawalker.com/tsum-tsum-book-of-haiku.pdf
    • http://www.gorillawalker.com/scientific-american-supplement-no-312-december-24-1881.pdf
    • http://www.gorillawalker.com/resources-for-teaching-gerontology-pub.pdf
    • http://www.gorillawalker.com/the-call-of-the-wild-spanish-edition.pdf
    • http://www.gorillawalker.com/microwave-cooking-everyday-dinners-in-half-an-hour-vol-5.pdf
    • http://www.gorillawalker.com/the-silk-the-shears-and-marina-or-about-biography-writings.pdf
    • http://www.gorillawalker.com/fractional-distillation-laboratory-scale-chemistry-through-pilot-plant-operations.pdf
    • http://www.gorillawalker.com/python-learn-the-basics-fast-from-python-programming-experts-python.pdf
    • http://www.gorillawalker.com/300-progressive-sight-reading-exercises-for-saxophone-large-print-version.pdf
    • http://www.gorillawalker.com/no-boundary-eastern-and-western-approaches-to-personal-growth.pdf
    • http://www.gorillawalker.com/sex-attack.pdf
    • http://www.gorillawalker.com/the-all-england-law-reports-1998-vol-4.pdf
    • http://www.gorillawalker.com/surface-preparation-techniques-for-adhesive-bonding-materials-science-and-process.pdf
    • http://www.gorillawalker.com/elate-na-fame-traditional-and-modern-greek-cousine.pdf
    • http://www.gorillawalker.com/frozen-fever-read-along-storybook-and-cd.pdf
    • http://www.gorillawalker.com/rude-and-barbarous-kingdom-russia-in-the-accounts-of-sixteenth.pdf
    • http://www.gorillawalker.com/concerto-for-three-trumpets-score-parts-eighth-note-publications.pdf
    • http://www.gorillawalker.com/c-mo-dibujar-manga-naya-el-hada-libros-de-dibujo.pdf
    • http://www.gorillawalker.com/neoconstitucionalismos-neoconstitutionalism-spanish-edition.pdf
    • http://www.gorillawalker.com/with-personality-disorder-kept-alive-2012-isbn-4286132188-japanese-import.pdf
    • http://www.gorillawalker.com/the-curtain-maker-of-beirut-conversations-with-the-lebanese.pdf
    • http://www.gorillawalker.com/runaway-train-activity-books.pdf
    • http://www.gorillawalker.com/king-richard-the-second-in-plain-and-simple-english-a.pdf
    • http://www.gorillawalker.com/only-the-strong-survive-the-odyssey-of-allen-iverson.pdf
    • http://www.gorillawalker.com/canada-2013-world-today-stryker.pdf
    • http://www.gorillawalker.com/i-quit-stop-pretending-everything-is-fine-and-change-your.pdf
    • http://www.gorillawalker.com/ernest-hemingway-critiques-of-four-major-novels.pdf
    • http://www.gorillawalker.com/blood-aces-the-wild-ride-of-benny-binion-the-texas.pdf
    • http://www.gorillawalker.com/berlin-victory-in-europe-images-of-war.pdf
    • http://www.gorillawalker.com/basic-portrait-techniques.pdf
    • http://www.gorillawalker.com/wallace-stevens-a-dual-life-as-poet-and-insurance-executive.pdf
    • http://www.gorillawalker.com/soups-a-pyramid-paperback-new-pyramid.pdf
    • http://www.gorillawalker.com/youth-unemployment-and-joblessness-causes-consequences-responses-adapt-labour-studies.pdf
    • http://www.gorillawalker.com/breakfast-brunch-over-70-ideas-and-menus-for-starting-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.