Malicious PDF — malware analysis report

Static analysis result for SHA-256 60fea4f22de19e2c…

MALICIOUS

PDF

44.6 KB Created: 2018-12-15 20:07:44 +03:00 Authoring application: Acrobat PDFMaker 10.1 для Word (via Adobe PDF Library 10.0)
MD5: 4cd303d14d25fe3f34a32afbea1c6d1f SHA-1: 34ec2938376b71299938d214c2b6fc3186ec3c81 SHA-256: 60fea4f22de19e2caec9c45b76d6fe0f90d70d097e1350ecdbedb22021e3221c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/simple-easy-candy-recipes.pdf
    • http://www.gorillawalker.com/the-difference-god-makes-a-catholic-vision-of-faith-communion.pdf
    • http://www.gorillawalker.com/get-rid-of-the-performance-review-how-companies-can-stop.pdf
    • http://www.gorillawalker.com/3d-board-mania-discover-the-world-of-radical-skateboarding-mission.pdf
    • http://www.gorillawalker.com/free-christmas-food-the-best-christmas-gift-ever-unabridged-audible.pdf
    • http://www.gorillawalker.com/school-poems-scholastic-poetry.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-picture-framing-techniques.pdf
    • http://www.gorillawalker.com/office-games-erotic-fantasies-book-1.pdf
    • http://www.gorillawalker.com/1000-basic-phrases-english-haitian-creole-chitchat-worldwide-kindle-edition.pdf
    • http://www.gorillawalker.com/bienvenue-french-1a-glencoe-french.pdf
    • http://www.gorillawalker.com/the-250-job-interview-questions-you-ll-most-likely-be.pdf
    • http://www.gorillawalker.com/dictionary-of-proverbs.pdf
    • http://www.gorillawalker.com/7-romances-op-47-i-bless-you-forests-no-5.pdf
    • http://www.gorillawalker.com/the-printing-press-as-an-agent-of-change-volumes-1.pdf
    • http://www.gorillawalker.com/frinchy-cap-tulo-dos-la-muerte-de-un-rey-spanish.pdf
    • http://www.gorillawalker.com/midrash-of-rabbi-moshe-alshich-on-the-torah-classic-torah.pdf
    • http://www.gorillawalker.com/the-power-the-secret-circle-book-3.pdf
    • http://www.gorillawalker.com/richtig-falsch-getr-umt-german-edition.pdf
    • http://www.gorillawalker.com/readings-in-the-history-of-christian-theology-volume-2-from.pdf
    • http://www.gorillawalker.com/foraging-the-rocky-mountains-finding-identifying-and-preparing-edible-wild.pdf
    • http://www.gorillawalker.com/ritmos-basicos-bateria-para-principiantes-book-cd-ritmos-basicos.pdf
    • http://www.gorillawalker.com/a-witch-in-the-family-an-award-winning-author-investigates.pdf
    • http://www.gorillawalker.com/extensible-processing-for-archives-and-special-collections-reducing-processing-backlogs.pdf
    • http://www.gorillawalker.com/six-sigma-green-black-belts-help-manufacturer-save-nearly-1.pdf
    • http://www.gorillawalker.com/the-goss-udderzook-tragedy-being-a-history-of-a-strange.pdf
    • http://www.gorillawalker.com/the-history-and-heritage-of-african-american-churches-a-way.pdf
    • http://www.gorillawalker.com/frank-bidart-s-poetry-the-substance-of-the-invisible-essays.pdf
    • http://www.gorillawalker.com/atlas-of-ct-angiography-normal-and-pathologic-findings.pdf
    • http://www.gorillawalker.com/garvey-his-work-and-impact.pdf
    • http://www.gorillawalker.com/basic-electronics-theory-and-practice.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-in-manx-gaelic-being-translations.pdf
    • http://www.gorillawalker.com/tax-expenditures.pdf
    • http://www.gorillawalker.com/breakpoint.pdf
    • http://www.gorillawalker.com/object-and-property-cambridge-studies-in-philosophy.pdf
    • http://www.gorillawalker.com/towards-a-true-christian-manliness-a-history-of-the-boys.pdf
    • http://www.gorillawalker.com/psychiatry-and-anti-psychiatry.pdf
    • http://www.gorillawalker.com/maya-vaastu-primary-source-edition-telugu-edition.pdf
    • http://www.gorillawalker.com/my-prayer-book.pdf
    • http://www.gorillawalker.com/backpack-literature-an-introduction-to-fiction-poetry-drama-and-writing.pdf
    • http://www.gorillawalker.com/medical-terminology-online-for-exploring-medical-language-access-code-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.