Malicious PDF — malware analysis report

Static analysis result for SHA-256 49f127995c01181a…

MALICIOUS

PDF

44.7 KB Created: 2018-11-26 20:12:27 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 9d8c4d79fd93d93a8d11570ae98e5a68 SHA-1: e4c0a3386590a0c0ddf7f0234f770d12a3c44eae SHA-256: 49f127995c01181a661554d3eff9e0d935923d9b1bcc22b374516815b34471c5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. These links point to various PDF documents hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a collection of links, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/africa-geographies-of-change.pdf
    • http://www.gorillawalker.com/sailing-101-201-and-301-student-manual.pdf
    • http://www.gorillawalker.com/information-technology-and-organizational-transformation-innovation-for-the-21st-century.pdf
    • http://www.gorillawalker.com/tracking-the-charlatans-an-environmental-columnist-s-refutational-handbook-for.pdf
    • http://www.gorillawalker.com/church-hymnal-maroon-shape-notes.pdf
    • http://www.gorillawalker.com/holt-mcdougal-accelerated-analytic-geometry-b-advanced-algebra-georgia-teacher.pdf
    • http://www.gorillawalker.com/nuclear-war-survival-skills-upgraded-2012-edition-red-dog-nuclear.pdf
    • http://www.gorillawalker.com/civil-litigation-for-the-new-millennium-a-guide-for-paralegals.pdf
    • http://www.gorillawalker.com/misunderstood-stories-theological-commentary-on-genesis-1-11.pdf
    • http://www.gorillawalker.com/sydney-on-screen-where-adventurers-roam-kindle-edition.pdf
    • http://www.gorillawalker.com/las-verdaderas-confesiones-de-charlotte-doyle-spanish-edition.pdf
    • http://www.gorillawalker.com/psychiatric-and-mental-health-nursing-demystified-demystified-nursing.pdf
    • http://www.gorillawalker.com/fantasia-on-a-theme-by-thomas-tallis-full-score-a8191.pdf
    • http://www.gorillawalker.com/monsters-dinosaurs-ghosts-modern-plays.pdf
    • http://www.gorillawalker.com/the-transformative-ceo-impact-lessons-from-industry-game-changers.pdf
    • http://www.gorillawalker.com/by-katie-dibenedetto-diy-placenta-edibles-smoothies-tinctures-chocolates-volume.pdf
    • http://www.gorillawalker.com/super-safari-level-1-class-audio-cds-2.pdf
    • http://www.gorillawalker.com/surgical-intensive-care-medicine.pdf
    • http://www.gorillawalker.com/horn-radiators-of-complex-configuration.pdf
    • http://www.gorillawalker.com/atlantis-devil-s-sea-volume-3.pdf
    • http://www.gorillawalker.com/meye-ketewa-anaa-philipp-winterberg-ne-nadja-wichmann-anansesem-ho.pdf
    • http://www.gorillawalker.com/nemesis-resident-evil-5.pdf
    • http://www.gorillawalker.com/ilts-assessment-of-professional-teaching-188-exam-flashcard-study-system.pdf
    • http://www.gorillawalker.com/la-verit-della-suora-storta-italian-edition.pdf
    • http://www.gorillawalker.com/terapia-con-mandalas-masters-salud-spanish-edition.pdf
    • http://www.gorillawalker.com/okavango-africa-s-last-eden.pdf
    • http://www.gorillawalker.com/three-steps-forward-two-steps-back-persevering-through-pressure.pdf
    • http://www.gorillawalker.com/bienvenido-dolor-spanish-edition.pdf
    • http://www.gorillawalker.com/star-trek-the-motion-picture-stardate-calendar-1980.pdf
    • http://www.gorillawalker.com/autobiography-of-malcolm-x-cliffs-notes.pdf
    • http://www.gorillawalker.com/blow-up-and-other-stories.pdf
    • http://www.gorillawalker.com/if-you-bite-devour-one-another-paperback.pdf
    • http://www.gorillawalker.com/spectroscopic-atmospheric-monitoring-technologies-19-20-june-1997-munich-frg.pdf
    • http://www.gorillawalker.com/information-systems-outsourcing-reasons-in-the-largest-spanish-firms-an.pdf
    • http://www.gorillawalker.com/the-mughal-state-1526-1750-oxford-in-india-readings-them.pdf
    • http://www.gorillawalker.com/ocean-and-seabed-acoustics-a-theory-of-wave-propagation.pdf
    • http://www.gorillawalker.com/foot-fetish-1-100-photos.pdf
    • http://www.gorillawalker.com/50-interviews-video-marketing-pioneers-how-america-s-most-skilled.pdf
    • http://www.gorillawalker.com/the-romance-of-tristan-the-tale-of-tristan-s-madness.pdf
    • http://www.gorillawalker.com/the-economics-of-banking.pdf
    • http://www.gorillawalker.com/tracking-the-charlatans-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.