Malicious PDF — malware analysis report

Static analysis result for SHA-256 446f9bd91ccb1474…

MALICIOUS

PDF

43.7 KB Created: 2019-03-19 15:26:08 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 26f04926e69d03a69f3215d32c53a747 SHA-1: 2bc65dec046b5862690a8c83451f910a4b1e9aa1 SHA-256: 446f9bd91ccb147446ecc744589a7ab7236c0e2508b805603f941a8189777fbd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used to manipulate search engine rankings or to distribute malicious content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-write-publish-a-scientific-paper-5th-edition.pdf
    • http://www.gorillawalker.com/develop-and-deliver-effective-presentations-a-10-step-process-to.pdf
    • http://www.gorillawalker.com/nazism-and-german-society-1933-1945-rewriting-histories.pdf
    • http://www.gorillawalker.com/coin-of-the-year-celebrating-three-decades-of-the-best.pdf
    • http://www.gorillawalker.com/an-introduction-to-drugs-and-the-neuroscience-of-behavior-explore.pdf
    • http://www.gorillawalker.com/rethinking-trinitarian-theology-disputed-questions-and-contemporary-issues-in-trinitarian.pdf
    • http://www.gorillawalker.com/slips-and-slipware-complete-potter.pdf
    • http://www.gorillawalker.com/murphy-f-i-s-t-s-book-2.pdf
    • http://www.gorillawalker.com/1001-frasi-di-base-italiano-islandese-italian-edition.pdf
    • http://www.gorillawalker.com/gangs-of-jamaica-the-babylonian-wars-jamaica-insula-book-6.pdf
    • http://www.gorillawalker.com/realty-radio.pdf
    • http://www.gorillawalker.com/a-lethal-inheritance-a-mother-uncovers-the-science-behind-three.pdf
    • http://www.gorillawalker.com/fundamentals-of-noise-control-engineering.pdf
    • http://www.gorillawalker.com/silete-venti-hwv-242-full-score-a7758.pdf
    • http://www.gorillawalker.com/glucovance-glyburide-metformin-used-along-with-diet-and-exercise-to.pdf
    • http://www.gorillawalker.com/customary-laws-of-sri-lanka-in-their-historical-cultural-background.pdf
    • http://www.gorillawalker.com/starfish-and-coffee.pdf
    • http://www.gorillawalker.com/the-best-ever-guide-to-demotivation-for-architects-how-to.pdf
    • http://www.gorillawalker.com/moving-lives-twentieth-century-women-s-travel-writing.pdf
    • http://www.gorillawalker.com/destined-for-love-love-in-bloom-the-bradens-book-two.pdf
    • http://www.gorillawalker.com/nessa-s-two-shifters-wolf-s-pass-shifters-1-siren.pdf
    • http://www.gorillawalker.com/starting-electronics-construction-techniques-equipment-and-projects.pdf
    • http://www.gorillawalker.com/firefighters-from-the-heart-true-stories-and-lessons-learned.pdf
    • http://www.gorillawalker.com/instructional-effectiveness-of-video-media.pdf
    • http://www.gorillawalker.com/how-intelligence-happens.pdf
    • http://www.gorillawalker.com/villages-in-the-city.pdf
    • http://www.gorillawalker.com/the-cuckold-accident-she-takes-it-all-cuckold-voyeur-cheating.pdf
    • http://www.gorillawalker.com/living-simply-through-the-day-spiritual-survival-in-a-complex.pdf
    • http://www.gorillawalker.com/chambers-english-dictionary-advanced-learnerb4s-spanish-edition.pdf
    • http://www.gorillawalker.com/your-guide-to-eczema-a-hodder-arnold-publication.pdf
    • http://www.gorillawalker.com/steve-the-minecraft-maze-runner-a-minecraft-parody-of-the.pdf
    • http://www.gorillawalker.com/beside-sylvia-kindle-edition.pdf
    • http://www.gorillawalker.com/buckminster-fuller-s-universe-his-life-and-work.pdf
    • http://www.gorillawalker.com/moral-leadership-and-ethical-decision-making.pdf
    • http://www.gorillawalker.com/kubotan-keychain-instrument-of-attitude-adjustment.pdf
    • http://www.gorillawalker.com/conflict-of-laws-bar-finals-s.pdf
    • http://www.gorillawalker.com/child-labor-a-global-crisis.pdf
    • http://www.gorillawalker.com/esposa-por-la-ma.pdf
    • http://www.gorillawalker.com/counter-hack-a-step-by-step-guide-to-computer-attacks.pdf
    • http://www.gorillawalker.com/garabatos-spanish-edition.pdf
    • http://www.gorillawalker.com/rethinking-trinitarian-theology-disputed-questions-and-contemporary-issues-in-trin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.