Malicious PDF — malware analysis report

Static analysis result for SHA-256 62166fca8b93d222…

MALICIOUS

PDF

41.7 KB Created: 2018-11-30 20:34:26 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 5b18bc64e07f10e8f4a3f361341403b9 SHA-1: 71164ad864eef0118006879ba4353f39a8afd4e9 SHA-256: 62166fca8b93d222e38d4a4e861551ecfbdf0feaa509f685e2d4858511348c76
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/innocenti-lambretta.pdf
    • http://www.gorillawalker.com/the-white-lotus-discourses-on-fragmentary-notes-of-bodhidharma-s.pdf
    • http://www.gorillawalker.com/east-kalimantan-the-decline-of-a-commercial-aristocracy.pdf
    • http://www.gorillawalker.com/talon-kindle-edition.pdf
    • http://www.gorillawalker.com/tea-time-board-buddies.pdf
    • http://www.gorillawalker.com/twinkle-dives-in-butterfly-meadow.pdf
    • http://www.gorillawalker.com/score-reliability-contemporary-thinking-on-reliability-issues.pdf
    • http://www.gorillawalker.com/advanced-analytic-number-theory-l-functions-mathematical-surveys-monographs-mathematical.pdf
    • http://www.gorillawalker.com/prepared-food-baking-mix-manufacturing-in-the-us-industry-market.pdf
    • http://www.gorillawalker.com/samuel-barber-remembered-a-centenary-tribute-eastman-studies-in-music.pdf
    • http://www.gorillawalker.com/milking-the-cougar-taboo-lacto-erotica.pdf
    • http://www.gorillawalker.com/intermediate-grammar-from-form-to-meaning-and-use-student-book.pdf
    • http://www.gorillawalker.com/organize-a-party-create-an-event.pdf
    • http://www.gorillawalker.com/the-prevention-of-suicide-in-prison-cognitive-behavioural-approaches-advances.pdf
    • http://www.gorillawalker.com/confessions-of-a-serial-killer.pdf
    • http://www.gorillawalker.com/the-fairy-queen-kalmus-edition.pdf
    • http://www.gorillawalker.com/absolute-beginner-s-guide-to-minecraft-mods-programming-kindle-edition.pdf
    • http://www.gorillawalker.com/borderline-personality-disorder-understanding-the-unconscious-function-of-deliberate-self.pdf
    • http://www.gorillawalker.com/your-heart-bridgestone-science-library.pdf
    • http://www.gorillawalker.com/smart-about-cities-visualising-the-challenge-for-21st-century-urbanism.pdf
    • http://www.gorillawalker.com/manuel-de-godoy-y-la-reina-mar-a-luisa-spanish.pdf
    • http://www.gorillawalker.com/correspondence-of-william-shirley-governor-of-massachusetts-and-military-commander.pdf
    • http://www.gorillawalker.com/first-frcr-anatomy-mock-papers.pdf
    • http://www.gorillawalker.com/sierra-nevada-the-naturalist-s-companion-revised-edition.pdf
    • http://www.gorillawalker.com/private-bodies-public-texts-race-gender-and-a-cultural-bioethics.pdf
    • http://www.gorillawalker.com/inspector-logan-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/too-many-cats-level-k-we-both-read-level-k.pdf
    • http://www.gorillawalker.com/bill-o-reilly-s-legends-and-lies-the-real-west.pdf
    • http://www.gorillawalker.com/first-strike-stability-deterrence-after-containment-contributions-in-military-studies.pdf
    • http://www.gorillawalker.com/wiley-pathways-small-business-accounting.pdf
    • http://www.gorillawalker.com/ultimate-yo-momma-jokes-the-expanded-pack-kindle-edition.pdf
    • http://www.gorillawalker.com/praise-the-lord-every-land-and-nation-organ-or-piano.pdf
    • http://www.gorillawalker.com/prison-or-bondage-lesbian-bdsm-erotica.pdf
    • http://www.gorillawalker.com/professor-grammar-s-punctuation-packets-fun-reproducible-learning-packets-that.pdf
    • http://www.gorillawalker.com/lonely-planet-wales.pdf
    • http://www.gorillawalker.com/50-mba-essays-that-worked-volume-2-50-essays-that.pdf
    • http://www.gorillawalker.com/el-cuarto-de-las-muchachas-spanish-edition.pdf
    • http://www.gorillawalker.com/nazis-in-pre-war-london-1930-150-1939-the-fate.pdf
    • http://www.gorillawalker.com/clean-eating-the-beginner-s-guide-to-the-benefits-of.pdf
    • http://www.gorillawalker.com/begin-again-believe-again-embracing-the-courage-to-love-with.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.