Malicious PDF — malware analysis report

Static analysis result for SHA-256 76981ef108448d31…

MALICIOUS

PDF

45.1 KB Created: 2019-03-17 11:01:25 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 8016e68394822d9bb3898f10e0c3672e SHA-1: 6ab76aea7158b6a4910d15ddb10add408277e282 SHA-256: 76981ef108448d31b017aff22a06e1f0ea8b1cfc49b34dcf032ff8a871d724df
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a link farm or SEO manipulation tactic. The primary purpose appears to be directing users to a large collection of PDF files hosted on gorillawalker.com, likely as a distribution or redirection mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/art-of-polish-cooking-hardback-common.pdf
    • http://www.gorillawalker.com/the-underdogs-a-novel-of-the-mexican-revolution.pdf
    • http://www.gorillawalker.com/azulejo-study-guide-for-the-ap-spanish-literature-course-spanish.pdf
    • http://www.gorillawalker.com/yekl-and-the-imported-bridegroom-and-other-stories-of-the.pdf
    • http://www.gorillawalker.com/a-sociology-of-black-clergy-in-the-state-of-illinois.pdf
    • http://www.gorillawalker.com/endangered-species-issues-today-series.pdf
    • http://www.gorillawalker.com/differential-diagnosis-and-management-for-the-chiropractor-third-edition-protocols.pdf
    • http://www.gorillawalker.com/hellhound-on-his-trail-the-electrifying-account-of-the-largest.pdf
    • http://www.gorillawalker.com/jacques-cousteau-s-amazon-journey.pdf
    • http://www.gorillawalker.com/butterfly-fun-activity-book-dover-little-activity-books.pdf
    • http://www.gorillawalker.com/tattoo-meanings-tattoo-design-symbolism-kindle-edition.pdf
    • http://www.gorillawalker.com/first-course-in-probability-a-7th-edition.pdf
    • http://www.gorillawalker.com/miffy-s-birthday.pdf
    • http://www.gorillawalker.com/jock-jams-super-book-trombone-book.pdf
    • http://www.gorillawalker.com/bombers-military-experience-in-the-air.pdf
    • http://www.gorillawalker.com/the-summer-of-love.pdf
    • http://www.gorillawalker.com/natural-pathways-in-panama.pdf
    • http://www.gorillawalker.com/sermon-outlines-for-busy-pastors-holiday-box-set-easter-sermons.pdf
    • http://www.gorillawalker.com/treating-traumatized-children-risk-resilience-and-recovery.pdf
    • http://www.gorillawalker.com/the-brooklyn-thrill-kill-gang-and-the-great-comic-book.pdf
    • http://www.gorillawalker.com/fordlandia-the-rise-and-fall-of-henry-ford-s-forgotten.pdf
    • http://www.gorillawalker.com/in-the-hollow-of-his-hand-the-story-of-artist.pdf
    • http://www.gorillawalker.com/applied-parallel-computing-state-of-the-art-in-scientific-computing.pdf
    • http://www.gorillawalker.com/the-goddess-as-role-model-sita-and-radha-in-scripture.pdf
    • http://www.gorillawalker.com/easy-classical-duets-for-trombone-piano-japanese-edition.pdf
    • http://www.gorillawalker.com/index-guide-for-travelers-in-the-philippine-islands.pdf
    • http://www.gorillawalker.com/house-dust-mites-a-threat-to-human-health-kindle-edition.pdf
    • http://www.gorillawalker.com/tomatito-s-paseo-de-los-castanos-score-volume-2-the.pdf
    • http://www.gorillawalker.com/chefs-of-the-coast.pdf
    • http://www.gorillawalker.com/the-portland-edge-challenges-and-successes-in-growing-communities.pdf
    • http://www.gorillawalker.com/analysis-of-fractional-stochastic-processes-advances-and-applications-proceedings-of.pdf
    • http://www.gorillawalker.com/the-collected-works-of-william-makepeace-thackeray-18-novels-and.pdf
    • http://www.gorillawalker.com/amending-the-endangered-species-act-of-1973-hearings-before-the.pdf
    • http://www.gorillawalker.com/samurai-fearsome-fighters.pdf
    • http://www.gorillawalker.com/doors-2014-calendar.pdf
    • http://www.gorillawalker.com/cucina-of-le-marche-a-chef-s-treasury-of-recipes.pdf
    • http://www.gorillawalker.com/college-typewriting-with-personal-problems.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-wind.pdf
    • http://www.gorillawalker.com/brittany-2000-petit-fute-travel-guides.pdf
    • http://www.gorillawalker.com/summer-bridge-math-grades-1-2.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.