Malicious PDF — malware analysis report

Static analysis result for SHA-256 60aaade5786adcd2…

MALICIOUS

PDF

41.3 KB Created: 2018-11-30 20:34:27 +03:00 Authoring application: - (via Xerox Fiery DC250 2.0[EFI Cyclone])
MD5: 40c414c83b4a4ca886a97bdae4423030 SHA-1: 8b00a0f084316d7be543a068c5050e32715e2756 SHA-256: 60aaade5786adcd2edddbc764a205a347011b37fbf7e4c99e84750c2ef815372
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8856

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/starting-and-running-a-nonprofit-organization-2nd-edition.pdf
    • http://www.gorillawalker.com/theaters-of-the-body-a-psychoanalytic-approach-to-psychosomatic-illness.pdf
    • http://www.gorillawalker.com/as-pants-the-hart-for-cooling-streams-keyboard-opt-flute.pdf
    • http://www.gorillawalker.com/washington-s-historical-courthouses.pdf
    • http://www.gorillawalker.com/x-ray-diffraction-by-polycrystalline-materials.pdf
    • http://www.gorillawalker.com/el-abrazo-del-nilo.pdf
    • http://www.gorillawalker.com/darkstalkers-red-earth-maleficarum-vol-1.pdf
    • http://www.gorillawalker.com/scale-fingering-patterns.pdf
    • http://www.gorillawalker.com/death-stalks-a-holiday-burke-anderson-mystery-series-2-paperback.pdf
    • http://www.gorillawalker.com/alpine-tundra-life-on-the-tallest-mountain-watts-library.pdf
    • http://www.gorillawalker.com/ocean-of-letters-language-and-creolization-in-an-indian-ocean.pdf
    • http://www.gorillawalker.com/walter-libuda.pdf
    • http://www.gorillawalker.com/cambridge-checkpoints-vce-chemistry-units-3-and-4-2015-paperback.pdf
    • http://www.gorillawalker.com/mi-casa-es-tu-casa-my-house-is-your-house.pdf
    • http://www.gorillawalker.com/vienna-114-color-photographs.pdf
    • http://www.gorillawalker.com/tecnolog-a-de-los-esmaltes-spanish-edition.pdf
    • http://www.gorillawalker.com/dairy-where-does-our-food-come-from.pdf
    • http://www.gorillawalker.com/the-gospel-in-solentiname.pdf
    • http://www.gorillawalker.com/chest-surgery-clinics-of-north-america-surgery-for-emphysema-surgery.pdf
    • http://www.gorillawalker.com/a-fracture-mechanics-approach-to-weld-line-fracture-in-an.pdf
    • http://www.gorillawalker.com/around-the-shores-of-lake-superior-a-guide-to-historic.pdf
    • http://www.gorillawalker.com/affiliate-marketing-geld-verdienen-im-internet-ohne-eigene-produkte-schritt.pdf
    • http://www.gorillawalker.com/celebremos-la-recuperaci-n-gu-a-1-c-mo-ir.pdf
    • http://www.gorillawalker.com/the-fireside-book-of-chess.pdf
    • http://www.gorillawalker.com/readings-in-medieval-philosophy.pdf
    • http://www.gorillawalker.com/cook-in-israel-home-cooking-inspiration.pdf
    • http://www.gorillawalker.com/swimming-know-the-game.pdf
    • http://www.gorillawalker.com/alt-8-drama-in-africa-african-literature-today-a-review.pdf
    • http://www.gorillawalker.com/the-alkaloids-chemistry-and-pharmacology-volume-xxi-founding-editor-r.pdf
    • http://www.gorillawalker.com/fad-mania-a-history-of-american-crazes.pdf
    • http://www.gorillawalker.com/vivir-sin-el-tab-de-la-endometriosis-spanish-edition.pdf
    • http://www.gorillawalker.com/all-about-pub-signs-paperback-common.pdf
    • http://www.gorillawalker.com/cambridge-international-as-level-european-history-1789-1917-cambridge-international.pdf
    • http://www.gorillawalker.com/cooking-with-soy-kindle-edition.pdf
    • http://www.gorillawalker.com/technical-applications-of-photochemistry.pdf
    • http://www.gorillawalker.com/pathfinder-adventure-path-reign-of-winter-part-5-rasputin-must.pdf
    • http://www.gorillawalker.com/ethan-s-flight.pdf
    • http://www.gorillawalker.com/today-s-pop-rock-hits-instrumental-solos-for-strings-cello.pdf
    • http://www.gorillawalker.com/stadt-der-vergessenen-roman-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/media-transformations-in-the-post-communist-world-eastern-europe-s.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.