Malicious PDF — malware analysis report

Static analysis result for SHA-256 69647020314f6bf4…

MALICIOUS

PDF

44.6 KB Created: 2018-12-03 17:03:16 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: b79c7bb5eba321c17029de276f794a34 SHA-1: 3aa1d05aab514796b812c3d9cc46d0489b75bfef SHA-256: 69647020314f6bf4a85f94f9abb1c12d5fcc576071bd46305e34eaf806b9cd59
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/big-nate-game-on.pdf
    • http://www.gorillawalker.com/a-discussion-of-the-diagnosis-and-treatment-of-osteoporosis.pdf
    • http://www.gorillawalker.com/batman-secrets.pdf
    • http://www.gorillawalker.com/fitskiing-your-guide-to-peak-skiing-fitness-hardcover.pdf
    • http://www.gorillawalker.com/from-pole-to-pole-roald-amundsen-s-journey-in-flight.pdf
    • http://www.gorillawalker.com/engaged-to-three-men-an-erotic-romance.pdf
    • http://www.gorillawalker.com/the-hospital-executive-s-guide-to-physician-staffing.pdf
    • http://www.gorillawalker.com/managing-oneself-harvard-business-review-classics.pdf
    • http://www.gorillawalker.com/chasing-tradewinds-the-island-breeze-novella-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-flight-of-big-horse-the-trail-of-war-in.pdf
    • http://www.gorillawalker.com/the-mysterious-benedict-society-mr-benedict-s-book-of-perplexing.pdf
    • http://www.gorillawalker.com/he-was-irresistible.pdf
    • http://www.gorillawalker.com/nigeria-magic-of-a-land-grand-livres.pdf
    • http://www.gorillawalker.com/the-world-s-best-books-a-key-to-the-treasures.pdf
    • http://www.gorillawalker.com/revelation-revealed.pdf
    • http://www.gorillawalker.com/biography-magazine-january-2002-sela-ward-jill-hennessy-orson-welles.pdf
    • http://www.gorillawalker.com/farewell-song-hesperus-worldwide.pdf
    • http://www.gorillawalker.com/memmler-s-the-human-body-in-health-and-disease-softbound.pdf
    • http://www.gorillawalker.com/the-little-black-songbook-of-donovan.pdf
    • http://www.gorillawalker.com/under-the-loving-care-of-the-fatherly-leader-north-korea.pdf
    • http://www.gorillawalker.com/problem-solving-in-physiology.pdf
    • http://www.gorillawalker.com/hilary-putnam-realism-reason-and-the-uses-of-uncertainty.pdf
    • http://www.gorillawalker.com/acting-and-stage-movement-a-complete-handbook-for-amateurs-and.pdf
    • http://www.gorillawalker.com/the-scholastic-culture-of-the-middle-ages-1000-1300.pdf
    • http://www.gorillawalker.com/plants-that-merit-attention-shrubs.pdf
    • http://www.gorillawalker.com/interdisciplinary-connections-to-special-education-part-a-advances-in-special.pdf
    • http://www.gorillawalker.com/long-term-care-policy-lessons-from-overseas-an-interview-with.pdf
    • http://www.gorillawalker.com/the-correspondence-of-w-e-b-du-bois-vol-3.pdf
    • http://www.gorillawalker.com/divine-sayings-the-mishkat-al-anwar-of-ibn-arabi.pdf
    • http://www.gorillawalker.com/uncommon-marriage-learning-about-lasting-love-and-overcoming-life-s.pdf
    • http://www.gorillawalker.com/multimedia-cartography.pdf
    • http://www.gorillawalker.com/prague-marco-polo-city-maps.pdf
    • http://www.gorillawalker.com/russian-olive-to-red-king.pdf
    • http://www.gorillawalker.com/community-that-is-christian.pdf
    • http://www.gorillawalker.com/making-change-a-transformational-guide-to-christian-money-management.pdf
    • http://www.gorillawalker.com/manchuria-and-korea.pdf
    • http://www.gorillawalker.com/irritable-bowel-syndrome-the-ultimate-guide-to-eliminating-ibs-and.pdf
    • http://www.gorillawalker.com/biographical-directory-of-the-council-of-economic-advisers.pdf
    • http://www.gorillawalker.com/applied-reactor-physics.pdf
    • http://www.gorillawalker.com/ethiopia-and-sudan-warfare-politics-and-famine-hearing-before-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.