Malicious PDF — malware analysis report

Static analysis result for SHA-256 666c97786cf8d4b0…

MALICIOUS

PDF

45.5 KB Created: 2018-11-26 08:36:40 +03:00 Authoring application: - (via ABBYY FineReader 11)
MD5: eb7f83e0020db245483558c259b8ff40 SHA-1: 8e04113ff8f23914efacd62687de1d257c39d368 SHA-256: 666c97786cf8d4b0024e53ba5373be6621d580a18b9486c189a3e29ed59bb880
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, potentially used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mindfulness-for-beginners-how-to-live-in-the-moment-stress.pdf
    • http://www.gorillawalker.com/mimo-signals-and-systems-information-technology-transmission-processing-and-storage.pdf
    • http://www.gorillawalker.com/l-a-justice.pdf
    • http://www.gorillawalker.com/marky-ramone-punk-rock-blitzkrieg.pdf
    • http://www.gorillawalker.com/the-further-adventures-of-batman-14-all-new-adventures-of.pdf
    • http://www.gorillawalker.com/more-secrets-of-consulting-the-consultant-s-tool-kit.pdf
    • http://www.gorillawalker.com/the-digital-eye-photographic-art-in-the-electronic-age.pdf
    • http://www.gorillawalker.com/hal-leonard-young-frankenstein-vocal-selections.pdf
    • http://www.gorillawalker.com/t-cell-lymphomas-contemporary-hematology.pdf
    • http://www.gorillawalker.com/book-of-misers-al-bukhala-great-books-of-islamic-civilization.pdf
    • http://www.gorillawalker.com/bear-witness-pearson-security-1-a-bear-shifter-paranormal-romance.pdf
    • http://www.gorillawalker.com/the-bellows-genealogy-or-john-bellows-the-boy-emigrant-of.pdf
    • http://www.gorillawalker.com/additive-subgroups-of-topological-vector-spaces-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/les-collines-aux-mille-grottes-le-cycle-de-merlin-2.pdf
    • http://www.gorillawalker.com/by-andres-j-pumariega-the-handbook-of-child-and-adolescent.pdf
    • http://www.gorillawalker.com/cutting-edge-1-the-open-sicilian-1-the-cutting-edge.pdf
    • http://www.gorillawalker.com/pocket-guide-to-injectable-drugs-companion-to-hid-15th-edition.pdf
    • http://www.gorillawalker.com/secrets-in-the-stones-dr-thomas-silkstone-mystery.pdf
    • http://www.gorillawalker.com/shamanic-meditations-guided-journeys-for-insight-vision-and-healing.pdf
    • http://www.gorillawalker.com/sex-changes-a-memoir-of-marriage-gender-and-moving-on.pdf
    • http://www.gorillawalker.com/human-anatomy-taj-big-books.pdf
    • http://www.gorillawalker.com/vertigo-visions-artwork-from-the-cutting-edge-of-comics.pdf
    • http://www.gorillawalker.com/marketing-marketing.pdf
    • http://www.gorillawalker.com/developing-mathematical-reasoning-in-grades-k-12-yearbook-national-council.pdf
    • http://www.gorillawalker.com/spooky-doodles-ghostly-designs-to-complete-and-create.pdf
    • http://www.gorillawalker.com/a-wild-deer-amid-soaring-pheonixes-the-opposition-poetics-of.pdf
    • http://www.gorillawalker.com/what-is-m-e-a-guide-for-children-explaining-the.pdf
    • http://www.gorillawalker.com/mcat-test-prep-inorganic-chemistry-review-flashcards-mcat-study-guide.pdf
    • http://www.gorillawalker.com/south-america-today-a-study-of-conditions-social-political-and.pdf
    • http://www.gorillawalker.com/the-wakefield-legacy-the-untold-story-sweet-valley-saga.pdf
    • http://www.gorillawalker.com/madame-wong-s-long-life-chinese-cookbook.pdf
    • http://www.gorillawalker.com/hanya-holm-a-pioneer-in-american-dance-choreography-and-dance.pdf
    • http://www.gorillawalker.com/the-conceptual-mind-new-directions-in-the-study-of-concepts.pdf
    • http://www.gorillawalker.com/the-alpha-last-will-and-testament-kit-special-book-edition.pdf
    • http://www.gorillawalker.com/beginning-intermediate-algebra-second-edition-student-solutions-manual.pdf
    • http://www.gorillawalker.com/basic-microwaving.pdf
    • http://www.gorillawalker.com/sleep-away-the-pounds-optimize-your-sleep-and-reset-your.pdf
    • http://www.gorillawalker.com/active-and-passive-analog-filter-design-an-introduction-mcgraw-hill.pdf
    • http://www.gorillawalker.com/brief-making-and-the-use-of-law-books-classic-reprint.pdf
    • http://www.gorillawalker.com/i-walked-today-where-jesus-walked-vocal-solo.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.