Malicious PDF — malware analysis report

Static analysis result for SHA-256 680add366ce58455…

MALICIOUS

PDF

47.1 KB Created: 2019-04-11 11:51:02 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: 4c80c998015f9ae2835a292c266ab012 SHA-1: 509abee7cd9f5299f0329a75a99d6237d5d1f362 SHA-256: 680add366ce5845587f81a087187b555466e05fcb2ce469d1ca9420bdf6eed0c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-development-of-emotional-competence-guilford-series-on-social-and.pdf
    • http://www.gorillawalker.com/holy-macro-it-s-2-500-excel-vba-examples-every.pdf
    • http://www.gorillawalker.com/an-introduction-to-using-gis-in-marine-biology-supplementary-workbook.pdf
    • http://www.gorillawalker.com/dealing-with-statistics-what-you-need-to-know.pdf
    • http://www.gorillawalker.com/picture-dictionary-dictionaries.pdf
    • http://www.gorillawalker.com/hunting-whitetail-tips-tips-for-hunting-deer.pdf
    • http://www.gorillawalker.com/business-organizations-texas-practice.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-locating-negotiating-and-buying-real-estate.pdf
    • http://www.gorillawalker.com/drunk-driving-defense-how-to-beat-the-rap.pdf
    • http://www.gorillawalker.com/the-wilborn-method-social-security-disability-a-guide-for-lay.pdf
    • http://www.gorillawalker.com/vlsi-design-techniques-for-analog-and-digital-circuits-mcgraw-hill.pdf
    • http://www.gorillawalker.com/gipsy-moth-circles-the-world-the-sailor-s-classics-1.pdf
    • http://www.gorillawalker.com/writing-25-writing-tips-writing-skills-for-writing-fiction-content.pdf
    • http://www.gorillawalker.com/the-creativity-of-ditko.pdf
    • http://www.gorillawalker.com/remote-sensing-of-the-mine-environment.pdf
    • http://www.gorillawalker.com/learning-python-network-programming.pdf
    • http://www.gorillawalker.com/plant-growth-substances-principles-and-applications.pdf
    • http://www.gorillawalker.com/tiny-homes-simple-shelter.pdf
    • http://www.gorillawalker.com/michelin-map-france-gironde-landes-335-maps-local-michelin-english.pdf
    • http://www.gorillawalker.com/handbook-of-hypnotic-interventions-treating-dsm-iv-and-icd-10.pdf
    • http://www.gorillawalker.com/where-the-truth-lies-franz-moewus-and-the-origins-of.pdf
    • http://www.gorillawalker.com/inventing-freedom-how-the-english-speaking-peoples-made-the-modern.pdf
    • http://www.gorillawalker.com/sngrdxz-and-the-time-monsters-book-1-of-the-snpgrdxz.pdf
    • http://www.gorillawalker.com/365-new-words-page-a-day-calendar-2004-page-a.pdf
    • http://www.gorillawalker.com/west-s-paralegal-today-the-essentials.pdf
    • http://www.gorillawalker.com/star-trek-through-a-glass-darkly-star-trek-rpg.pdf
    • http://www.gorillawalker.com/intellectual-property-and-the-safeguarding-of-traditional-cultures-legal-issues.pdf
    • http://www.gorillawalker.com/the-china-price-the-true-cost-of-chinese-competitive-advantage.pdf
    • http://www.gorillawalker.com/life-and-death-in-the-third-reich.pdf
    • http://www.gorillawalker.com/the-night-before-the-night-before-christmas.pdf
    • http://www.gorillawalker.com/toxicology-because-what-you-don-t-know-can-kill-you.pdf
    • http://www.gorillawalker.com/diagnostioco-y-tratamiento-de-los-trastornos-de-la-alimentacion-en.pdf
    • http://www.gorillawalker.com/hitler-s-olympic-summer-games-1936-a-photo-book-volume.pdf
    • http://www.gorillawalker.com/manual-of-business-french-manuals-of-business-s.pdf
    • http://www.gorillawalker.com/labels-of-distinction-microbrewery-label-design.pdf
    • http://www.gorillawalker.com/chinese-brush-painting-animals-flowers-trees.pdf
    • http://www.gorillawalker.com/1000-nederlands-cebuano-cebuano-nederlands-woordenschat-chitchat-worldwide-dutch-edition.pdf
    • http://www.gorillawalker.com/futoshiki-100-futoshiki-puzzles-in-three-different-difficulties.pdf
    • http://www.gorillawalker.com/genealogical-and-personal-memoirs-relating-to-the-families-of-boston.pdf
    • http://www.gorillawalker.com/monodies-and-on-the-relics-of-saints-the-autobiography-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.