Malicious PDF — malware analysis report

Static analysis result for SHA-256 52c564a27a2bece9…

MALICIOUS

PDF

42.0 KB Created: 2019-02-13 22:34:32 +03:00 Authoring application: AdobePS5.dll Version 5.0.1 (via Acrobat Distiller 4.0 for Windows)
MD5: a1effde75f3ec517ba2a48bd5bb4d5a8 SHA-1: ff9ece3fd6e30666e59fbc220e36c6cc417175c9 SHA-256: 52c564a27a2bece96b9bd1622e8eab1925bac72c615a40833f424a1d5a4f1a5f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain (www.gorillawalker.com). This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-college-of-erotic-sciences.pdf
    • http://www.gorillawalker.com/the-faith-of-isreal-primary-sources-historical-collections.pdf
    • http://www.gorillawalker.com/ephesians-an-exegetical-commentary.pdf
    • http://www.gorillawalker.com/the-outlaws.pdf
    • http://www.gorillawalker.com/sojourners-and-settlers-the-yemeni-immigrant-experience.pdf
    • http://www.gorillawalker.com/soranus-gynecology.pdf
    • http://www.gorillawalker.com/scaasi-cut-above.pdf
    • http://www.gorillawalker.com/manga-drawing-books-how-to-draw-action-manga-learn-japanese.pdf
    • http://www.gorillawalker.com/secret-washington-d-c.pdf
    • http://www.gorillawalker.com/handbook-of-practical-critical-care-medicine.pdf
    • http://www.gorillawalker.com/sas-secret-war-in-south-east-asia-greenhill-military.pdf
    • http://www.gorillawalker.com/wake-wake-series-book-1.pdf
    • http://www.gorillawalker.com/tapping-the-sun-a-guide-to-solar-water-heating-new.pdf
    • http://www.gorillawalker.com/marriage-builder-a-blueprint-for-couples-and-counselors.pdf
    • http://www.gorillawalker.com/santa-s-sleigh-is-on-its-way-to-texas-a.pdf
    • http://www.gorillawalker.com/yo-solito-all-by-myself-look-look.pdf
    • http://www.gorillawalker.com/corso-urgente-di-politica-per-gente-decente-italian-edition.pdf
    • http://www.gorillawalker.com/learn-and-teach-vedic-mathematics.pdf
    • http://www.gorillawalker.com/sugar-ray-robinson-vs-jake-lamotta-iv.pdf
    • http://www.gorillawalker.com/the-3d-art-design-book-volume-2-2013-photoshop-3ds.pdf
    • http://www.gorillawalker.com/target-recipes.pdf
    • http://www.gorillawalker.com/the-south-beach-diet-parties-and-holidays-cookbook-healthy-recipes.pdf
    • http://www.gorillawalker.com/revelations-from-the-holy-planet-the-undreaming-chronicles-book-one.pdf
    • http://www.gorillawalker.com/lock-down.pdf
    • http://www.gorillawalker.com/larf.pdf
    • http://www.gorillawalker.com/forum-shopping-der-fliegende-gerichtsstand-bei-internetbezogenen-sachverhalten-german-edition.pdf
    • http://www.gorillawalker.com/myvyrian-archaiology-the-pre-columbian-voyages-of-the-welsh-to.pdf
    • http://www.gorillawalker.com/handbook-of-nursing-diagnosis-10e.pdf
    • http://www.gorillawalker.com/as-bill-sees-it-the-a-a-way-of-life.pdf
    • http://www.gorillawalker.com/model-railroads-go-to-war-layout-design-and-planning.pdf
    • http://www.gorillawalker.com/a-few-extra-pounds-interracial-love-bwwm-bbw.pdf
    • http://www.gorillawalker.com/vickers-industrial-hydraulics-manual-second-edition-1989.pdf
    • http://www.gorillawalker.com/ice-road-the-wickit-chronicles-paperback.pdf
    • http://www.gorillawalker.com/kissed-by-my-roommate-majoring-in-anatomy.pdf
    • http://www.gorillawalker.com/conquering-the-college-admissions-essay-in-10-steps-second-edition.pdf
    • http://www.gorillawalker.com/the-politics-of-the-provisional-art-and-ephemera-in-revolutionary.pdf
    • http://www.gorillawalker.com/vielseitigkeit-des-alten-testaments-festschrift-f-r-georg-sauer-zum.pdf
    • http://www.gorillawalker.com/the-classical-trivium-the-place-of-thomas-nashe-in-the.pdf
    • http://www.gorillawalker.com/sacred-solos-for-all-seasons.pdf
    • http://www.gorillawalker.com/international-air-power-review-vol-6.pdf
    • http://www.gorillawalker.com/manga-drawing-books-how-to-draw-action-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.