Malicious PDF — malware analysis report

Static analysis result for SHA-256 7208819da3b7da95…

MALICIOUS

PDF

41.4 KB Created: 2018-12-14 20:07:20 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: 03eac3a718ac8e2a53f96f1ab02ad197 SHA-1: 4ad3d7f42362d975d3fdfa0d37b1eed4257ef8d0 SHA-256: 7208819da3b7da9596036812fe00d753b4ab7407fd405911b87ffc5d4cb55a00
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on 'gorillawalker.com'. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended for SEO manipulation or to redirect users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bare-bones-bowling.pdf
    • http://www.gorillawalker.com/just-for-pleasure.pdf
    • http://www.gorillawalker.com/the-elements-of-murder-a-history-of-poison.pdf
    • http://www.gorillawalker.com/paleo-sleep-like-a-caveman-how-to-use-the-paleo.pdf
    • http://www.gorillawalker.com/souvenir-of-the-battlefield-of-bull-run-battles-of-july.pdf
    • http://www.gorillawalker.com/la-dieta-dash-controle-su-hipertensi-n-con-la-dieta.pdf
    • http://www.gorillawalker.com/data-protection-compliance-in-the-uk-a-pocket-guide.pdf
    • http://www.gorillawalker.com/management-control-systems.pdf
    • http://www.gorillawalker.com/near-death-to-near-deaf-kindle-edition.pdf
    • http://www.gorillawalker.com/confidante-the-brothel-confidante-trilogy-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/auf-den-f-hrten-ber-hmter-w-lfe.pdf
    • http://www.gorillawalker.com/parrots-2015.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-36-parks-forests-and-public.pdf
    • http://www.gorillawalker.com/old-wine-in-new-skins-the-role-of-tradition-in.pdf
    • http://www.gorillawalker.com/blast-hong-kong-new-plays-selection-2013-kindle-edition.pdf
    • http://www.gorillawalker.com/gran-metodo-de-tuba.pdf
    • http://www.gorillawalker.com/the-maidstone-college-year-book-1985.pdf
    • http://www.gorillawalker.com/complete-solutions-manual-to-accompany-zill-s-a-first-course.pdf
    • http://www.gorillawalker.com/inside-intelligence.pdf
    • http://www.gorillawalker.com/2016-lippincott-pocket-drug-guide-for-nurses.pdf
    • http://www.gorillawalker.com/nursing-older-people-a-guide-to-practice-in-care-homes.pdf
    • http://www.gorillawalker.com/dinosaur-poems-scholastic-poetry.pdf
    • http://www.gorillawalker.com/creative-unity-hardcover.pdf
    • http://www.gorillawalker.com/intermediate-algebra-11th-eleventh-edition-bybittinger.pdf
    • http://www.gorillawalker.com/malabar-muslim-cookery-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-systematic-theology.pdf
    • http://www.gorillawalker.com/strongman-competition-composite-guide-to.pdf
    • http://www.gorillawalker.com/introduction-to-hydro-energy-systems-green-energy-and-technology-kindle.pdf
    • http://www.gorillawalker.com/evaluating-library-instruction-sample-questions-forms-and-strategies-for-practical.pdf
    • http://www.gorillawalker.com/indirect-taxation-in-developing-economies-the-johns-hopkins-studies-in.pdf
    • http://www.gorillawalker.com/barbara-hepworth-creative-lives.pdf
    • http://www.gorillawalker.com/meditation-transformation-and-dream-yoga.pdf
    • http://www.gorillawalker.com/the-smart-swarm-how-understanding-flocks-schools-and-colonies-can.pdf
    • http://www.gorillawalker.com/why-we-run-kindle-edition.pdf
    • http://www.gorillawalker.com/law-science-liberalism-and-the-american-way-of-warfare-the.pdf
    • http://www.gorillawalker.com/travel-map-rio-de-janeiro-globetrotter-travel-map.pdf
    • http://www.gorillawalker.com/structural-dynamics-for-the-practising-engineer-1st-edition-hardcover-by.pdf
    • http://www.gorillawalker.com/focke-wulf-fw-190a-an-illustrated-history-of-the-luftwaffe.pdf
    • http://www.gorillawalker.com/sonata-no-2-in-g-minor-by-felix-mendelssohn-for.pdf
    • http://www.gorillawalker.com/speak-french-with-michel-thomas-speak-with-michel-thomas.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.