Malicious PDF — malware analysis report

Static analysis result for SHA-256 40a6bf37b9f0f6cc…

MALICIOUS

PDF

44.3 KB Created: 2018-11-26 20:07:09 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: 5ff9b505a24a1e0c06cca644d38bf2eb SHA-1: 43842f2c16bbfc47221ded3e78cc0bce7955e655 SHA-256: 40a6bf37b9f0f6cc93aff048cd68f110e5dd546a54ce2c0d764851a863528e1f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a PDF SEO link farm. The primary purpose appears to be to link to numerous PDF documents hosted on gorillawalker.com, likely for search engine optimization or to distribute content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/genocide-a-comprehensive-introduction-kindle-edition.pdf
    • http://www.gorillawalker.com/the-money-encyclopedia.pdf
    • http://www.gorillawalker.com/learn-to-draw-skylanders-universe.pdf
    • http://www.gorillawalker.com/structural-geology-and-geomorphology-of-the-bridgeville-area-humboldt-county.pdf
    • http://www.gorillawalker.com/the-wonga-coup-guns-thugs-and-a-ruthless-determination-to.pdf
    • http://www.gorillawalker.com/sentimental-journey-home-front-book-1-the-home-front-series.pdf
    • http://www.gorillawalker.com/good-morning-control-your-bladder-age-10-15-best-seller.pdf
    • http://www.gorillawalker.com/koala-bears-rosen-real-readers-early-emergent-paperback.pdf
    • http://www.gorillawalker.com/from-jewish-poetry-russian-edition.pdf
    • http://www.gorillawalker.com/behind-a-veil-of-ignorance-power-and-uncertainty-in-constitutional.pdf
    • http://www.gorillawalker.com/small-animal-bandaging-casting-and-splinting-techniques.pdf
    • http://www.gorillawalker.com/exposures-to-lead-and-other-metals-at-an-aircraft-repair.pdf
    • http://www.gorillawalker.com/sibling-relationships-palgrave-macmillan-2004.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-chinese-illustrated-dictionary-1-500-essential-words.pdf
    • http://www.gorillawalker.com/forms-of-power-from-domination-to-transformation.pdf
    • http://www.gorillawalker.com/the-true-colors-of-caitlynne-jackson.pdf
    • http://www.gorillawalker.com/margaret-atwood-and-the-labour-of-literary-celebrity.pdf
    • http://www.gorillawalker.com/mensa-logic-puzzles.pdf
    • http://www.gorillawalker.com/japan-a-geography.pdf
    • http://www.gorillawalker.com/rocky-schenck-photographs-southwestern-mexican-photography-series-the-wittliff-collections.pdf
    • http://www.gorillawalker.com/giving-costs-the-boot-a-federal-workers-compensation-case-management.pdf
    • http://www.gorillawalker.com/chelation-therapy-the-revolutionary-alternative-to-heart-surgery.pdf
    • http://www.gorillawalker.com/the-art-of-amy-brown-bk-1.pdf
    • http://www.gorillawalker.com/the-tycoons-how-andrew-carnegie-john-d-rockefeller-jay-gould.pdf
    • http://www.gorillawalker.com/gerontological-nursing-review-and-resource-manual.pdf
    • http://www.gorillawalker.com/saving-life-of-christ-and-the-mystery-of-godliness-the.pdf
    • http://www.gorillawalker.com/contribution-of-india-in-the-war-of-liberation-of-bangladesh.pdf
    • http://www.gorillawalker.com/dvorak-antonin-terzetto-in-c-major-op-74-two-violins.pdf
    • http://www.gorillawalker.com/boondoggle-making-bracelets-with-plastic-lace-kids-can-do-it.pdf
    • http://www.gorillawalker.com/la-france-ne-sera-plus-jamais-une-grande-puissance-tant.pdf
    • http://www.gorillawalker.com/before-during-and-after-poems.pdf
    • http://www.gorillawalker.com/bible-cover-large-black-tapestry-accents.pdf
    • http://www.gorillawalker.com/the-parasite-doctor-suzune-volume-2-hentai-manga.pdf
    • http://www.gorillawalker.com/the-sound-pattern-of-english.pdf
    • http://www.gorillawalker.com/futanari-legends-the-frozen-queen-book-2-astrid.pdf
    • http://www.gorillawalker.com/part-of-me.pdf
    • http://www.gorillawalker.com/the-art-sales-index-2001-2002-2-vol-set.pdf
    • http://www.gorillawalker.com/apple-watch-apple-watch-guide-tips-and-tricks-apple-geek.pdf
    • http://www.gorillawalker.com/9-dimension-series-futoshiki-volume-13.pdf
    • http://www.gorillawalker.com/the-molding-of-a-champion.pdf
    • http://www.gorillawalker.com/sentime
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.