Malicious PDF — malware analysis report

Static analysis result for SHA-256 73fcbb6c96e50f67…

MALICIOUS

PDF

43.9 KB Created: 2019-02-13 20:36:54 +03:00 Authoring application: - (via Acrobat Distiller 2.0 for Macintosh)
MD5: ca2009edfd6e500840027905694cbfe1 SHA-1: 08abb16baf251e2ee5785cc263e54e9600817857 SHA-256: 73fcbb6c96e50f67184289c15c43f9acce22426c479f3dccb426b0620ac7f53f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-spirit-knows.pdf
    • http://www.gorillawalker.com/notice-politique-statistique-commerciale-etc-sur-les-tats-unis-du.pdf
    • http://www.gorillawalker.com/livy-book-1.pdf
    • http://www.gorillawalker.com/get-started-with-flower-arranging-teach-yourself.pdf
    • http://www.gorillawalker.com/rescue-at-the-iranian-embassy-the-most-daring-sas-raid.pdf
    • http://www.gorillawalker.com/a-matter-of-life-and-death-making-the-most-of.pdf
    • http://www.gorillawalker.com/the-providence-of-fire-chronicle-of-the-unhewn-throne-book.pdf
    • http://www.gorillawalker.com/phobias-fighting-the-fear.pdf
    • http://www.gorillawalker.com/breve-historia-de-francisco-franco-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/advances-in-computational-methods-for-macromolecular-modeling.pdf
    • http://www.gorillawalker.com/benson-and-hedges-cricket-year-1997-98-benson-hedges-cricket.pdf
    • http://www.gorillawalker.com/dark-dreams-the-story-of-stephen-king-world-writers.pdf
    • http://www.gorillawalker.com/hawaii-cooks-recipes-from-roy-s-pacific-rim-kitchen.pdf
    • http://www.gorillawalker.com/cinderella-diamond-step-into-reading-disney-princess.pdf
    • http://www.gorillawalker.com/thermoelastic-models-of-continua-solid-mechanics-and-its-applications.pdf
    • http://www.gorillawalker.com/realidades-level-i-practice-workbook-with-writing-audio-and-video.pdf
    • http://www.gorillawalker.com/natural-hazards-earth-s-processes-as-hazards-disasters-catastrophes.pdf
    • http://www.gorillawalker.com/texes-middle-school-sample-test-kit-thea-ppr-ec-12.pdf
    • http://www.gorillawalker.com/scsa-exam-quicklet-sun-certified-system-adminstrator-for-solaris-10.pdf
    • http://www.gorillawalker.com/connecticut-past-and-present-the-united-states-past-and-present.pdf
    • http://www.gorillawalker.com/overview-series-abortion.pdf
    • http://www.gorillawalker.com/ethics-for-the-real-world-creating-a-personal-code-to.pdf
    • http://www.gorillawalker.com/music-and-notation-of-the-black-nag-from-country-dance.pdf
    • http://www.gorillawalker.com/the-divorce-of-catherine-of-aragon-the-story-as-told.pdf
    • http://www.gorillawalker.com/ipad-for-kids-22-kick-ass-apps-parents-should-buy.pdf
    • http://www.gorillawalker.com/the-zondervan-encyclopedia-of-the-bible-volume-5-revised-full.pdf
    • http://www.gorillawalker.com/the-toxic-time-bomb-how-the-mercury-in-your-fillings.pdf
    • http://www.gorillawalker.com/race-antiquity-and-its-legacy-ancients-moderns.pdf
    • http://www.gorillawalker.com/finally-home-home-series-volume-4.pdf
    • http://www.gorillawalker.com/the-killing-ground-ultramarines.pdf
    • http://www.gorillawalker.com/haynes-xtreme-customizing-ford-focus-haynes-manuals.pdf
    • http://www.gorillawalker.com/hash-the-queen-of-ceren-the-imprint-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/oh-maria.pdf
    • http://www.gorillawalker.com/michael-natasha-the-life-and-love-of-the-last-tsar.pdf
    • http://www.gorillawalker.com/let-s-waltz-and-polka-with-the-val-taro-musette.pdf
    • http://www.gorillawalker.com/holiday-defenders-mission-christmas-rescue-special-ops-christmas-homefront-holiday.pdf
    • http://www.gorillawalker.com/write-now-a-complete-self-teaching-program-for-better-handwriting.pdf
    • http://www.gorillawalker.com/early-civilizations-in-the-americas.pdf
    • http://www.gorillawalker.com/how-to-hire-a-contractor-a-homeowners-guide-to-dynamic.pdf
    • http://www.gorillawalker.com/extinction-star-force-series-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.