Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d039c72632cbee5…

MALICIOUS

PDF

42.9 KB Created: 2018-12-03 16:34:58 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: 8508b5be45bd31a045e2a6feffb27ad0 SHA-1: 58e9552315ac51baaceaa79372f3735b2eaf88ce SHA-256: 5d039c72632cbee55fae9285946cf217054aad858eb147b54d819d037090b2b5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dan-graham-works-and-collected-writings.pdf
    • http://www.gorillawalker.com/first-impressions-an-amish-tale-of-pride-and-prejudice-the.pdf
    • http://www.gorillawalker.com/violin-concerto-in-b-flat-major-rv-383a-full-score.pdf
    • http://www.gorillawalker.com/australian-cricket-anecdotes.pdf
    • http://www.gorillawalker.com/iec-60244-11-ed-1-0-b-1989-methods-of.pdf
    • http://www.gorillawalker.com/how-snowshoe-hare-rescued-the-sun-a-tale-from-the.pdf
    • http://www.gorillawalker.com/so-you-re-thinking-about-kidney-transplantation-kindle-edition.pdf
    • http://www.gorillawalker.com/debrett-s-manners-for-men-what-women-really-want.pdf
    • http://www.gorillawalker.com/12-routine-exercises-shi-er-duan-jin-series-wall-charts.pdf
    • http://www.gorillawalker.com/geometry-fundamental-concepts-and-applications.pdf
    • http://www.gorillawalker.com/lighthouses-2013-hardcover-weekly-engagement-multilingual-edition.pdf
    • http://www.gorillawalker.com/la-isla-de-los-pinguinos-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/namic-chairmen-criticize-consumerists-politicians-national-association-of-mutual-insurance.pdf
    • http://www.gorillawalker.com/mergers-acquisitions-and-buyouts-36465.pdf
    • http://www.gorillawalker.com/quinoa-salad-recipes-easy-quinoa-recipes-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/portraits-in-jazz-a-piano-album.pdf
    • http://www.gorillawalker.com/por-que-noe-eligio-la-paloma-spanish-edition-of-why.pdf
    • http://www.gorillawalker.com/a-practitioner-s-guide-to-freshwater-biodiversity-conservation.pdf
    • http://www.gorillawalker.com/fostering-independent-learning-practical-strategies-to-promote-student-success-practical.pdf
    • http://www.gorillawalker.com/comunion-y-alteridad-communion-and-otherness-persona-e-iglesia-further.pdf
    • http://www.gorillawalker.com/here-i-come-and-other-stories.pdf
    • http://www.gorillawalker.com/mri-total-body-atlas.pdf
    • http://www.gorillawalker.com/the-visitors-2nd-ed.pdf
    • http://www.gorillawalker.com/mills-third-orchestra-program-album-1st-bb-trumpet.pdf
    • http://www.gorillawalker.com/basic-strategies-in-blueprint-reading-for-united-technologies-automotive-sudoc.pdf
    • http://www.gorillawalker.com/conversaciones-con-mi-hijo-un-dialogo-abierto-de-corazon-a.pdf
    • http://www.gorillawalker.com/maandag-heeft-vleugels-dutch-edition.pdf
    • http://www.gorillawalker.com/clicking-out-a-message-to-the-new-bitch-in-his.pdf
    • http://www.gorillawalker.com/don-t-stress-dinner-meals-in-freezer-for-busy-people.pdf
    • http://www.gorillawalker.com/she-talked-me-into-it-dorm-sluts-book-2.pdf
    • http://www.gorillawalker.com/home-front-american-flags-from-across-the-united-states.pdf
    • http://www.gorillawalker.com/bullen-and-leake-and-jacob-s-precedents-of-pleadings-1st.pdf
    • http://www.gorillawalker.com/dr-nirdosh-s-anti-ageing-secrets-discover-how-celebrities-stay.pdf
    • http://www.gorillawalker.com/a-guide-to-the-study-of-medieval-history-for-students.pdf
    • http://www.gorillawalker.com/memorias-del-nuevo-mundo-spanish-edition.pdf
    • http://www.gorillawalker.com/delphi-complete-works-of-edgar-allan-poe-illustrated.pdf
    • http://www.gorillawalker.com/moon-jerusalem-the-holy-land-including-tel-aviv-petra-moon.pdf
    • http://www.gorillawalker.com/library-of-congress-classification-schedules-z.pdf
    • http://www.gorillawalker.com/in-the-upper-room.pdf
    • http://www.gorillawalker.com/naming-the-stars-poems.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.