Malicious PDF — malware analysis report

Static analysis result for SHA-256 65012b4e2dd26fb0…

MALICIOUS

PDF

43.6 KB Created: 2018-11-30 20:03:55 +03:00 Authoring application: God (via Robotic Despoiler 1.0 for Windoze)
MD5: 76e08de586392ea99dc1cb363e4cb134 SHA-1: e567aeaeb746d3d658ddcf98150e347ce6ec0cd3 SHA-256: 65012b4e2dd26fb062d82534f4b8dd86a20873644cbc2cc68e01f22e41f239e4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seminars-in-organic-synthesis-volume-10.pdf
    • http://www.gorillawalker.com/duo-kindle-edition.pdf
    • http://www.gorillawalker.com/reviews-in-plant-cytogenetics.pdf
    • http://www.gorillawalker.com/the-slaves-who-defeated-napoleon-toussaint-louverture-and-the-haitian.pdf
    • http://www.gorillawalker.com/architecture-in-britain-ireland-600-1500.pdf
    • http://www.gorillawalker.com/street-turbocharginghp1488-design-fabrication-installation-and-tuning-of-high-performance.pdf
    • http://www.gorillawalker.com/showcase-presents-warlord-vol-1.pdf
    • http://www.gorillawalker.com/the-hounds-of-love.pdf
    • http://www.gorillawalker.com/pastry-cook.pdf
    • http://www.gorillawalker.com/the-assurance-sciences-an-introduction-to-quality-control-and-reliability.pdf
    • http://www.gorillawalker.com/visual-communications-in-a-digital-age-an-introduction-to-photography.pdf
    • http://www.gorillawalker.com/political-agency-and-gender-in-india-routledge-edinburgh-south-asian.pdf
    • http://www.gorillawalker.com/formulary-of-perfumery-the-kegan-paul-library-of-culinary-history.pdf
    • http://www.gorillawalker.com/working-with-emotions-responding-to-the-challenge-of-difficult-pupil.pdf
    • http://www.gorillawalker.com/the-curry-secret-how-to-cook-real-indian-restaurant-meals.pdf
    • http://www.gorillawalker.com/billiards-screw-side-and-top-some-useful-tips-on-how.pdf
    • http://www.gorillawalker.com/odontolog.pdf
    • http://www.gorillawalker.com/sex-machines-and-navels-fiction-fantasy-and-history-in-the.pdf
    • http://www.gorillawalker.com/simple-soldering-a-beginner-s-guide-to-jewelry-making.pdf
    • http://www.gorillawalker.com/handbook-of-organization-theory-and-management-the-philosophical-approach.pdf
    • http://www.gorillawalker.com/buster-s-backyard-bar-b-q-knockout-diabetes-diet-kindle.pdf
    • http://www.gorillawalker.com/lost-languages-the-enigma-of-the-world-s-undeciphered-scripts.pdf
    • http://www.gorillawalker.com/the-baby-is-here-daniel-tiger-s-neighborhood.pdf
    • http://www.gorillawalker.com/living-with-grief-loss-in-later-life.pdf
    • http://www.gorillawalker.com/managed-futures-for-institutional-investors-analysis-and-portfolio-construction.pdf
    • http://www.gorillawalker.com/the-mosquito-coast-penguin-essentials.pdf
    • http://www.gorillawalker.com/jewish-gourmet-cooking.pdf
    • http://www.gorillawalker.com/the-keepers-of-the-house.pdf
    • http://www.gorillawalker.com/the-tactical-guide-for-building-a-pmo-kindle-edition.pdf
    • http://www.gorillawalker.com/a-history-of-the-future.pdf
    • http://www.gorillawalker.com/nursing-orientation-program-builder-tools-for-a-successful-new-hire.pdf
    • http://www.gorillawalker.com/philippines-travel-maps-international-adventure-map-national-geographic-adventure-travel.pdf
    • http://www.gorillawalker.com/el-deficit-publico-y-la-politica-fiscal-en-venezuela-1980.pdf
    • http://www.gorillawalker.com/bushmen-in-a-victorian-world-the-remarkable-story-of-the.pdf
    • http://www.gorillawalker.com/blood-moon-an-erotic-vampire-novella.pdf
    • http://www.gorillawalker.com/the-blackwell-companion-to-law-and-society.pdf
    • http://www.gorillawalker.com/how-to-be-an-indie-kid-a-memoir-of-a.pdf
    • http://www.gorillawalker.com/measuring-scholarly-impact-methods-and-practice.pdf
    • http://www.gorillawalker.com/medusa-s-coil-and-others.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.