Malicious PDF — malware analysis report

Static analysis result for SHA-256 647c0f53adf33fa2…

MALICIOUS

PDF

42.8 KB Created: 2018-12-14 20:47:05 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.0.0 (Windows))
MD5: b049fe11d0c4ac002ef241f8e04e3111 SHA-1: d3aa26a7cde5aaaf950f26d4b5764fe3c19b921b SHA-256: 647c0f53adf33fa200472e95cfcf41cf47b84cfeaa04e500e2aca069b302d156
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jack-daniels-and-associates-abductions-kindle-worlds-short-story-kindle.pdf
    • http://www.gorillawalker.com/demon-s-embrace-the-book-of-demons-2.pdf
    • http://www.gorillawalker.com/elemental-magic-volume-ii-the-technique-of-special-effects-animation.pdf
    • http://www.gorillawalker.com/minimizing-marriage-marriage-morality-and-the-law-studies-in-feminist.pdf
    • http://www.gorillawalker.com/the-shifting-point-1946-1987.pdf
    • http://www.gorillawalker.com/don-t-feed-the-worrybug-a-children-s-book-about.pdf
    • http://www.gorillawalker.com/optical-interactions-in-solids.pdf
    • http://www.gorillawalker.com/a-skull-in-connemara-acting-edition.pdf
    • http://www.gorillawalker.com/kelley-blue-book-used-car-guide-october-december-2010.pdf
    • http://www.gorillawalker.com/military-reform-and-society-in-new-granada-1773-1808-latin.pdf
    • http://www.gorillawalker.com/a-critical-examination-of-socialism.pdf
    • http://www.gorillawalker.com/the-prophecies-a-journey-to-the-end-of-time.pdf
    • http://www.gorillawalker.com/motor-vehicle-technology-mobility-for-prosperity-proceedings-society-of-automotive.pdf
    • http://www.gorillawalker.com/carmen-suites-nos-1-and-2-in-full-score-dover.pdf
    • http://www.gorillawalker.com/disturbing-creepy-true-stories-interestingly-creepy-series-two.pdf
    • http://www.gorillawalker.com/better-than-a-dream-kindle-edition.pdf
    • http://www.gorillawalker.com/8-keys-to-safe-trauma-recovery-take-charge-strategies-to.pdf
    • http://www.gorillawalker.com/more-b-boat-the-volleyball-spike-biomechanical-based-observation-and.pdf
    • http://www.gorillawalker.com/frommer-s-irreverent-guide-to-las-vegas-irreverent-guides.pdf
    • http://www.gorillawalker.com/the-mates-dates-guide-to-life-love-and-looking-luscious.pdf
    • http://www.gorillawalker.com/mycenas-of-the-northern-hemisphere-i-studies-in-mycenas-and.pdf
    • http://www.gorillawalker.com/fit-wie-ein-turnschuh-mit-baobab-ein-uraltes-reines-naturpulver.pdf
    • http://www.gorillawalker.com/radiation-protection-in-the-health-sciences-with-problem-solutions-manual.pdf
    • http://www.gorillawalker.com/world-class-warehousing-and-material-handling.pdf
    • http://www.gorillawalker.com/the-future-of-the-music-business-how-to-succeed-with.pdf
    • http://www.gorillawalker.com/virtual-banking-a-guide-to-innovation-and-partnering-wiley-finance.pdf
    • http://www.gorillawalker.com/ketogenic-diet-made-easy-with-other-top-diets-protein-meditterean.pdf
    • http://www.gorillawalker.com/above-all-songbook-hosanna-music.pdf
    • http://www.gorillawalker.com/doctors-jokes-quotes-and-anecdotes-2000-calendar.pdf
    • http://www.gorillawalker.com/balto-and-the-great-race-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/bloodfever.pdf
    • http://www.gorillawalker.com/letters-and-asceticism-in-fourth-century-egypt.pdf
    • http://www.gorillawalker.com/practical-egyptian-magic.pdf
    • http://www.gorillawalker.com/the-reason-i-jump-the-inner-voice-of-a-thirteen.pdf
    • http://www.gorillawalker.com/type-2-diabetes-from-diagnosis-to-a-new-way-of.pdf
    • http://www.gorillawalker.com/history-of-the-ancient-province-of-ross-the-county-palatine.pdf
    • http://www.gorillawalker.com/an-introduction-to-practical-bacteriology.pdf
    • http://www.gorillawalker.com/creative-gospel-guitar-in-tab-tablature-guitar-music-book.pdf
    • http://www.gorillawalker.com/29th-american-film-and-video-festival-june-18-23-1987.pdf
    • http://www.gorillawalker.com/michael-nyman-film-music-for-solo-piano.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.