Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f8283ca9500bf10…

MALICIOUS

PDF

41.8 KB Created: 2018-12-15 21:26:03 +03:00 Authoring application: ABBYY FineReader 8.0 Professional Edition
MD5: 47c10894f2d28e8ffe727493d46b09b4 SHA-1: ff48e07120aaf4ccc729eb18cf42205c99d0fbfe SHA-256: 5f8283ca9500bf100a528a452d0c6e8dba6af1ac4153063f5eb8e6a28acd7899
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/grooming-gossip-and-the-evolution-of-language.pdf
    • http://www.gorillawalker.com/the-pantomime-valley.pdf
    • http://www.gorillawalker.com/magazine-design-that-works-secrets-for-successful-magazine-design-that.pdf
    • http://www.gorillawalker.com/symmetries-high-risk-books.pdf
    • http://www.gorillawalker.com/meditation-for-stress.pdf
    • http://www.gorillawalker.com/tattoo-secrets-of-a-strange-art-as-practised-among-the.pdf
    • http://www.gorillawalker.com/language-mind-and-computation.pdf
    • http://www.gorillawalker.com/description-of-bayne-s-gigantic-panorama-of-a-voyage-to.pdf
    • http://www.gorillawalker.com/orders-is-orders-stories-from-the-golden-age.pdf
    • http://www.gorillawalker.com/elastomeric-polymers-with-high-rate-sensitivity-applications-in-blast-shockwave.pdf
    • http://www.gorillawalker.com/la-oca-boba-the-silly-goose-spanish-edition.pdf
    • http://www.gorillawalker.com/schwere-panzer-in-detail-heavy-tanks-in-detail.pdf
    • http://www.gorillawalker.com/space-crabapples.pdf
    • http://www.gorillawalker.com/rogue-the-plagued-trilogy-volume-1.pdf
    • http://www.gorillawalker.com/who-classification-of-tumours-of-soft-tissue-and-bone-iarc.pdf
    • http://www.gorillawalker.com/afterblight-chronicles-culled.pdf
    • http://www.gorillawalker.com/get-it-the-irish-driving-test.pdf
    • http://www.gorillawalker.com/quantifying-the-agri-food-supply-chain-wageningen-ur-frontis-series.pdf
    • http://www.gorillawalker.com/aqa-business-studies-for-a2-aqa-a-level-business.pdf
    • http://www.gorillawalker.com/moving-to-arizona-the-complete-arizona-answer-book.pdf
    • http://www.gorillawalker.com/the-kikkoman-chronicles-a-global-company-with-a-japanese-soul.pdf
    • http://www.gorillawalker.com/introducing-evolutionary-psychology-a-graphic-guide.pdf
    • http://www.gorillawalker.com/cost-benefit-analysis-concepts-and-practice-2nd-second-edition.pdf
    • http://www.gorillawalker.com/cd-r-dvd-disc-recording-demystified.pdf
    • http://www.gorillawalker.com/assault-troopers-extinction-wars-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/nativity-scenes-suite-for-string-orchestra-full-score.pdf
    • http://www.gorillawalker.com/the-english-journey-journal-of-a-visit-to-france-and.pdf
    • http://www.gorillawalker.com/networking-futures-the-movements-against-corporate-globalization-experimental-futures.pdf
    • http://www.gorillawalker.com/lietuvos-istorines-geografijos-ir-kartografijos-bruozai.pdf
    • http://www.gorillawalker.com/le-pelerinage-de-vie-humaine-french-edition.pdf
    • http://www.gorillawalker.com/industrial-relations-systems-harvard-business-school-press-classics.pdf
    • http://www.gorillawalker.com/the-mediterranean-diet-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-acromegaly.pdf
    • http://www.gorillawalker.com/the-company-town-the-industrial-edens-and-satanic-mills-that.pdf
    • http://www.gorillawalker.com/el-baron-rampante.pdf
    • http://www.gorillawalker.com/the-little-book-of-derry.pdf
    • http://www.gorillawalker.com/immunologists-and-virologists-great-scientists-cavendish-square.pdf
    • http://www.gorillawalker.com/the-axe-factor-a-jimm-juree-mystery-jimm-juree-mysteries.pdf
    • http://www.gorillawalker.com/diary-and-letters-of-wilhelm-muller-1903.pdf
    • http://www.gorillawalker.com/head-and-neuroanatomy-thieme-atlas-of-anatomy-reprint-edition-by.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.