Malicious PDF — malware analysis report

Static analysis result for SHA-256 5fe19c1dd84c1ddb…

MALICIOUS

PDF

43.8 KB Created: 2019-04-08 04:53:23 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 0f474ed5da231ec47fbb1e1fe8a0dfa4 SHA-1: 4b5a7ff44bb023153e8025c0115f7ab7e381b878 SHA-256: 5fe19c1dd84c1ddb87b9c94801cb18b338fd7a351fc05ddb21735fb246e8b052
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, potentially malicious. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/regresion-pls-en-las-ciencias-experimentales-pls-regression-in-experimental.pdf
    • http://www.gorillawalker.com/nhs-staff-earnings-estimates-to-june-2015-provisional-statistics-digital.pdf
    • http://www.gorillawalker.com/adaptive-technologies-for-training-and-education.pdf
    • http://www.gorillawalker.com/greek-religion-archaic-and-classical-ancient-world-kindle-edition.pdf
    • http://www.gorillawalker.com/lara-takes-charge-helping-kids-understand-diabetes.pdf
    • http://www.gorillawalker.com/advanced-textiles-for-health-and-well-being.pdf
    • http://www.gorillawalker.com/cities-of-ambition.pdf
    • http://www.gorillawalker.com/the-treasure-of-nugget-mountain.pdf
    • http://www.gorillawalker.com/the-bodyguard-the-bridegroom.pdf
    • http://www.gorillawalker.com/narrative-of-the-incas.pdf
    • http://www.gorillawalker.com/silicon-processing-for-the-vlsi-era-vol-2-process-integration.pdf
    • http://www.gorillawalker.com/the-bedford-row-conspiracy.pdf
    • http://www.gorillawalker.com/crackers-in-the-glade-life-and-times-in-the-old.pdf
    • http://www.gorillawalker.com/dibujo-y-pinto-super-heroes-spanish-edition.pdf
    • http://www.gorillawalker.com/el-asma-en-un-minuto-lo-que-usted-necesita-saber.pdf
    • http://www.gorillawalker.com/classics-unfolded-pride-and-prejudice.pdf
    • http://www.gorillawalker.com/homeowners-guide-to-carpentry-and-cabinetry.pdf
    • http://www.gorillawalker.com/construction-law-update-2003.pdf
    • http://www.gorillawalker.com/mozart-adagio-and-rondo-k-617-for-glass-harmonica-piano.pdf
    • http://www.gorillawalker.com/futavillainess-complete-kindle-edition.pdf
    • http://www.gorillawalker.com/building-for-life-designing-and-understanding-the-human-nature-connection.pdf
    • http://www.gorillawalker.com/north-korea-the-politics-of-regime-survival.pdf
    • http://www.gorillawalker.com/a-dictionary-of-scientific-terms-pronunciation-derivation-and-definition-of.pdf
    • http://www.gorillawalker.com/broken-toy-suncoast-society-siren-publishing-sensations-kindle-edition.pdf
    • http://www.gorillawalker.com/terra-antarctica-looking-into-the-emptiest-continent.pdf
    • http://www.gorillawalker.com/taming-the-storm-mighty-storm.pdf
    • http://www.gorillawalker.com/water-contamination-emergencies-can-we-cope-special-publication.pdf
    • http://www.gorillawalker.com/loving-the-essence-of-being-a-butterfly-in-dementia-care.pdf
    • http://www.gorillawalker.com/geography-the-world-and-its-people-volume-2-student-edition.pdf
    • http://www.gorillawalker.com/america-burning-the-report-of-the-national-commission-on-fire.pdf
    • http://www.gorillawalker.com/the-escape-artist.pdf
    • http://www.gorillawalker.com/from-rumspringa-to-marriage-an-excerpt-from-the-amish-the.pdf
    • http://www.gorillawalker.com/evangelho-de-lucas-jesus-o-filho-do-homem-li.pdf
    • http://www.gorillawalker.com/frontiers-of-characterization-metrology-for-nanoelectronics-2011-aip-conference-proceedings.pdf
    • http://www.gorillawalker.com/cornwall-jigsaw.pdf
    • http://www.gorillawalker.com/review-of-nurse-anesthesia-book-with-cd-rom-for-windows.pdf
    • http://www.gorillawalker.com/how-great-thou-art-harp-solo.pdf
    • http://www.gorillawalker.com/suburban-pleasures.pdf
    • http://www.gorillawalker.com/fathom-dynamic-data-software-version-2-student-edition.pdf
    • http://www.gorillawalker.com/puerto-rican-mandolin-method-samuel-ramos.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.