Malicious PDF — malware analysis report

Static analysis result for SHA-256 42e73f1e0a2f4002…

MALICIOUS

PDF

41.5 KB Created: 2018-12-14 20:22:12 +03:00 Authoring application: Adobe InDesign CS2_J (4.0.5) (via Adobe PDF Library 7.0)
MD5: cd379882d159771f2d5d98b31cad47a7 SHA-1: 295f4d83a394a06d6c8aff7f9743ef5224b33054 SHA-256: 42e73f1e0a2f400213743a9e9f0e3015ced2a80e6a3681dc90caaca0e3e633dd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier as malicious. It contains a large number of external links, specifically 32, pointing to various PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended to manipulate search engine rankings or to serve as a lure for users to download further malicious content. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tropical-reef-fishes-periplus-nature-guide-periplus-tropical-nature-guide.pdf
    • http://www.gorillawalker.com/tragic-toppings-a-donut-shop-mystery-donut-shop-mysteries.pdf
    • http://www.gorillawalker.com/al-dia-superior-libro-del-alumno-cd-2-spanish-edition.pdf
    • http://www.gorillawalker.com/3-hot-menage-stories-confessions-of-my-cheating-orgasms-bundle.pdf
    • http://www.gorillawalker.com/humphrey-s-playful-puppy-problem-humphrey-s-tiny-tales.pdf
    • http://www.gorillawalker.com/chasing-jillian-a-love-and-football-novel-digital.pdf
    • http://www.gorillawalker.com/poems-of-the-goat.pdf
    • http://www.gorillawalker.com/the-praise-worship-fake-book-b-flat-edition.pdf
    • http://www.gorillawalker.com/geneve-blay-foldex-towns-cities-maps.pdf
    • http://www.gorillawalker.com/jackson-park-cook-county-mystery.pdf
    • http://www.gorillawalker.com/sustainable-transportation-problems-and-solutions.pdf
    • http://www.gorillawalker.com/only-in-london-a-novel.pdf
    • http://www.gorillawalker.com/obama-s-globe-a-president-s-abandonment-of-us-allies.pdf
    • http://www.gorillawalker.com/a-good-handful-great-new-zealand-poems-about-sex.pdf
    • http://www.gorillawalker.com/power-from-the-wind-achieving-energy-independence-paperback.pdf
    • http://www.gorillawalker.com/hospitality-industry-handbook-on-nutrition-and-menu-planning.pdf
    • http://www.gorillawalker.com/first-book-of-chess.pdf
    • http://www.gorillawalker.com/china-oil-painting-works-exhibition-portfolio-hardcover-hardcover.pdf
    • http://www.gorillawalker.com/acoustic-guitar-solo-fingerstyle-basics-book-with-online-audio-acoustic.pdf
    • http://www.gorillawalker.com/computer-vision-three-dimensional-data-from-images.pdf
    • http://www.gorillawalker.com/math-handbook-for-wastewater-treatment-plant-operators-math-fundamentals-and.pdf
    • http://www.gorillawalker.com/river-of-ruins.pdf
    • http://www.gorillawalker.com/h2o-and-the-waters-of-forgetfulness-open-forum.pdf
    • http://www.gorillawalker.com/neal-adams-monsters-deluxe-signed-slipcased.pdf
    • http://www.gorillawalker.com/the-golden-age-of-movie-musicals-and-me.pdf
    • http://www.gorillawalker.com/history-of-arizona-vol-1-classic-reprint.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-blogging-what-to-write-about-how.pdf
    • http://www.gorillawalker.com/the-united-methodist-church-certificates-of-professing-membership-pad-of.pdf
    • http://www.gorillawalker.com/mel-bay-dulcimer-chord-book.pdf
    • http://www.gorillawalker.com/from-mud-huts-to-skyscrapers.pdf
    • http://www.gorillawalker.com/girl-s-club-girlfiend-groomed-for-servitude-three-books-of.pdf
    • http://www.gorillawalker.com/cherokee-rose-a-place-to-call-home.pdf
    • http://www.gorillawalker.com/antony-and-cleopatra-bloom-s-modern-critical-interpretations.pdf
    • http://www.gorillawalker.com/what-is-evidence-south-africa-during-the-years-of-apartheid.pdf
    • http://www.gorillawalker.com/50-big-ideas-50-ideas.pdf
    • http://www.gorillawalker.com/the-german-democratic-republic-hints-to-business-men.pdf
    • http://www.gorillawalker.com/edicts-of-ares-13-absolute-rules-of-warfare.pdf
    • http://www.gorillawalker.com/the-secreto-de-la-paz-personal-spanish-edition.pdf
    • http://www.gorillawalker.com/science-and-health-with-key-to-the-scriptures-unabridged-audible.pdf
    • http://www.gorillawalker.com/101-blender-drinks-kindle-edition.pdf
    • http://www.gorillawalker.com/3-hot-menage-stories-c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.