Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e62d7eba7c8b69f…

MALICIOUS

PDF

44.5 KB Created: 2018-11-15 18:31:26 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: bc1259691e9763f33a8ba29cc497100b SHA-1: 4c30aed6c41edf73b3fdd13b56451f4035ceedd6 SHA-256: 5e62d7eba7c8b69f837c808bf643915aa82b4d1aa5f38d9645eb2748fac51c9c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/night-thoughts-of-a-country-landlady.pdf
    • http://www.gorillawalker.com/clementina.pdf
    • http://www.gorillawalker.com/the-stone-of-life-querns-mills-and-flour-production-in.pdf
    • http://www.gorillawalker.com/qui-n-cre-a-dios-y-respuestas-a-m-s.pdf
    • http://www.gorillawalker.com/the-boy-who-hated-toothbrushes.pdf
    • http://www.gorillawalker.com/to-the-edge-of-the-sky.pdf
    • http://www.gorillawalker.com/where-in-st-petersburg.pdf
    • http://www.gorillawalker.com/diabetic-foot-surgical-principles-and-practices.pdf
    • http://www.gorillawalker.com/basic-marquetry-and-beyond-expert-techniques-for-crafting-beautiful-images.pdf
    • http://www.gorillawalker.com/the-maryland-colony-true-books.pdf
    • http://www.gorillawalker.com/healing-our-congregation-s-history.pdf
    • http://www.gorillawalker.com/pancakes-from-morning-to-midnight.pdf
    • http://www.gorillawalker.com/calculus-1-001-practice-problems-for-dummies-free-online-practice.pdf
    • http://www.gorillawalker.com/the-qu-ran-manuscripts-in-the-al-haram-al-sharif.pdf
    • http://www.gorillawalker.com/papers-on-psycho-analysis.pdf
    • http://www.gorillawalker.com/how-to-manage-an-effective-religious-organization-the-essential-guide.pdf
    • http://www.gorillawalker.com/wage-hunters-and-gatherers-search-for-work-in-the-urban.pdf
    • http://www.gorillawalker.com/the-future-of-public-administration-around-the-world-the-minnowbrook.pdf
    • http://www.gorillawalker.com/okko-the-sand-monster-beast-quest.pdf
    • http://www.gorillawalker.com/the-world-s-wackiest-history-edge-books-library-of-weird.pdf
    • http://www.gorillawalker.com/ryokan-zen-monk-poet-of-japan.pdf
    • http://www.gorillawalker.com/afterparty.pdf
    • http://www.gorillawalker.com/honour-killing-stories-of-men-who-killed.pdf
    • http://www.gorillawalker.com/the-alchemy-of-action-kindle-edition.pdf
    • http://www.gorillawalker.com/the-gough-map-the-earliest-road-map-of-great-britain.pdf
    • http://www.gorillawalker.com/transport-systems-policy-and-planning-a-geographical-approach.pdf
    • http://www.gorillawalker.com/intro-to-social-data-for-traders-mktstk-book-1.pdf
    • http://www.gorillawalker.com/a-question-of-command-counterinsurgency-from-the-civil-war-to.pdf
    • http://www.gorillawalker.com/play-the-harmonica-improve-your-technique-kindle-edition.pdf
    • http://www.gorillawalker.com/diccionario-b-blico-del-estudiante-edici-n-revisada-y-ampliada.pdf
    • http://www.gorillawalker.com/wye-music-for-solo-flute.pdf
    • http://www.gorillawalker.com/i-want-to-be.pdf
    • http://www.gorillawalker.com/dietary-proteins-and-atherosclerosis.pdf
    • http://www.gorillawalker.com/snowboarding-science-behind-sports.pdf
    • http://www.gorillawalker.com/cornerstones-for-college-success-plus-new-mystudentsuccesslab-2012-update-access.pdf
    • http://www.gorillawalker.com/dod-travel-cards-control-weaknesses-led-to-millions-of-dollars.pdf
    • http://www.gorillawalker.com/doc-savage-death-in-silver-and-the-golden-peril.pdf
    • http://www.gorillawalker.com/di-general-sessions-examine-future-of-digital-photography-printing-photo.pdf
    • http://www.gorillawalker.com/a-picture-of-health-30-health-fitness-postcards.pdf
    • http://www.gorillawalker.com/bescherelle-anglais-le-coffret-la-grammaire-les-verbes-le-vocabulaire.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.