Malicious PDF — malware analysis report

Static analysis result for SHA-256 41a35458568598c5…

MALICIOUS

PDF

42.3 KB Created: 2018-11-30 01:48:54 +03:00 Authoring application: Adobe Acrobat 8.13 (via Adobe Acrobat 8.13 Image Conversion Plug-in)
MD5: 298618236643a8a1fc2af1e210ebf2c5 SHA-1: 34b0e0e73b310462b800fd2adfa0a0a8a6921200 SHA-256: 41a35458568598c5320da00592575a85d393c5b05d90dadd35b5718a6cefa2c6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to the same domain, www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the file as malicious. The embedded URLs suggest a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, to unsuspecting users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/alcina-hwv-34-overture-oboe-1-part-qty-4-a8955.pdf
    • http://www.gorillawalker.com/made-in-los-angeles-materials-processes-and-the-birth-of.pdf
    • http://www.gorillawalker.com/viking-pirates-and-christian-princes-dynasty-religion-and-empire-in.pdf
    • http://www.gorillawalker.com/our-reunion.pdf
    • http://www.gorillawalker.com/the-bible-where-do-you-find-it-and-what-does.pdf
    • http://www.gorillawalker.com/temporary-permanence-my-life-in-america-based-on-experiences-of.pdf
    • http://www.gorillawalker.com/70-412-configuring-advanced-windows-server-2012-services-r2-lab.pdf
    • http://www.gorillawalker.com/the-dirtiest-girl-in-london-a-cj-erotic-quickie.pdf
    • http://www.gorillawalker.com/sugar-creek-1-tessa-s-chosen-sugar-creek-1-siren.pdf
    • http://www.gorillawalker.com/london-louise-nicholson-s-definitive-guide.pdf
    • http://www.gorillawalker.com/i-d-rather-we-got-casinos-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/designs-in-nature-the-incredible-art-of-ernst-haeckel.pdf
    • http://www.gorillawalker.com/the-lean-change-method-managing-agile-organizational-transformation-using-kanban.pdf
    • http://www.gorillawalker.com/through-the-british-museum-with-the-bible-day-one-travel.pdf
    • http://www.gorillawalker.com/trizophrenia-inside-the-minds-of-a-triathlete.pdf
    • http://www.gorillawalker.com/advances-in-decision-analysis-from-foundations-to-applications.pdf
    • http://www.gorillawalker.com/bonnets-and-bugles-series-kindle-edition.pdf
    • http://www.gorillawalker.com/the-grandfather-clause.pdf
    • http://www.gorillawalker.com/the-invisible-man-a-grotesque-romance-campfire-graphic-novels.pdf
    • http://www.gorillawalker.com/selected-urdu-poetry-ahmed-faraz-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mla-guidelines.pdf
    • http://www.gorillawalker.com/the-mechanism-of-bolt-loading-sudoc-nas-1-15-108377.pdf
    • http://www.gorillawalker.com/the-law-of-the-land-kindle-edition.pdf
    • http://www.gorillawalker.com/the-roads-to-congress-2010.pdf
    • http://www.gorillawalker.com/pig-keeping-manual.pdf
    • http://www.gorillawalker.com/unmasking-the-lone-ranger.pdf
    • http://www.gorillawalker.com/2g-n-42-hildundk-2g-international-architecture-review-series-spanish.pdf
    • http://www.gorillawalker.com/sikorsky-h-34-an-illustrated-history-schiffer-military-aviation-history.pdf
    • http://www.gorillawalker.com/the-rogue-s-march-john-riley-and-the-st-patrick.pdf
    • http://www.gorillawalker.com/a-book-of-set-theory-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/saving-the-world-turtleback-school-library-binding-edition-best-of.pdf
    • http://www.gorillawalker.com/cambridge-igcse-german-foreign-language.pdf
    • http://www.gorillawalker.com/modern-dance-techniques-and-teaching.pdf
    • http://www.gorillawalker.com/albert-einstein-creator-and-rebel.pdf
    • http://www.gorillawalker.com/how-shall-we-reach-them-defending-and-communicating-the-christian.pdf
    • http://www.gorillawalker.com/3-pi-ces-pour-orchestre-op-96-valse-lyrique-no.pdf
    • http://www.gorillawalker.com/2-episoden-aus-lenau-s-faust-s-110-der-tanz.pdf
    • http://www.gorillawalker.com/fuzzy-modeling-with-spatial-information-for-geographic-problems.pdf
    • http://www.gorillawalker.com/blaze-midnight-fire-volume-3.pdf
    • http://www.gorillawalker.com/step-aside-pops-a-hark-a-vagrant-collection.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.