Malicious PDF — malware analysis report

Static analysis result for SHA-256 773f52505ab03a0d…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 20:46:47 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 5288e7426a8992aa964ade7abfedc4f1 SHA-1: 3f656c304a98bcafd6b9c48c6326f83a8390fc06 SHA-256: 773f52505ab03a0de6f48a076005bc6d7eb067950a07431d8f4b6cb9b743b277
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, potentially for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-momentum-factor-how-to-keep-your-team-motivated-through.pdf
    • http://www.gorillawalker.com/the-ancient-history-of-the-egyptians-carthaginians-assyrians-babylonians-medes.pdf
    • http://www.gorillawalker.com/auntie-mame-acting-edition.pdf
    • http://www.gorillawalker.com/one-flew-over-the-cuckoo-s-nest-penguin-classics-deluxe.pdf
    • http://www.gorillawalker.com/topical-antioxidant-soothes-shaving-irritation-ethnic-dermatology-an-article-from.pdf
    • http://www.gorillawalker.com/exponential-sums-and-differential-equations-am-124.pdf
    • http://www.gorillawalker.com/christians-udsigt-fra-et-fyr-tanker-og-tegninger-danish-edition.pdf
    • http://www.gorillawalker.com/financialization-in-crisis-historical-materialism-books-haymarket-books.pdf
    • http://www.gorillawalker.com/recorder-express.pdf
    • http://www.gorillawalker.com/digital-wedding-photography-art-business-style.pdf
    • http://www.gorillawalker.com/scotland-during-the-plantation-of-ulster-the-people-of-ayrshire.pdf
    • http://www.gorillawalker.com/invisible-kingdoms-jewish-tales-of-angels-spirits-and-demons.pdf
    • http://www.gorillawalker.com/visual-research-a-concise-introduction-to-thinking-visually.pdf
    • http://www.gorillawalker.com/mississippi-gulf-coast-biloxi-gulfport-pascagou-rand-mcnally-folded-map.pdf
    • http://www.gorillawalker.com/songs-for-while-i-m-away-the-words-and-lyrics.pdf
    • http://www.gorillawalker.com/the-railway-man-kindle-edition.pdf
    • http://www.gorillawalker.com/accidental-lily.pdf
    • http://www.gorillawalker.com/king-rocker.pdf
    • http://www.gorillawalker.com/essentials-of-geology-fourth-edition.pdf
    • http://www.gorillawalker.com/the-international-encyclopedia-of-physical-chemistry-and-chemical-physics-topic.pdf
    • http://www.gorillawalker.com/women-s-car-diy-if-you-need-something-done-do.pdf
    • http://www.gorillawalker.com/rare-earths-science-technology-production-and-use.pdf
    • http://www.gorillawalker.com/clara-finstere-vergangenheit-band-3-german-edition.pdf
    • http://www.gorillawalker.com/commentary-on-luke-spurgeon-commentary-series-kindle-edition.pdf
    • http://www.gorillawalker.com/new-improvements-of-lung-cancer-surgical-pathology-chinese-edition.pdf
    • http://www.gorillawalker.com/ship-models-from-kits-basic-and-advanced-techniques-for-small.pdf
    • http://www.gorillawalker.com/images-that-injure-pictorial-stereotypes-in-the-media.pdf
    • http://www.gorillawalker.com/the-pacific-crossing-guide-rcc-pilotage-foundation-with-ocean-cruising.pdf
    • http://www.gorillawalker.com/2001-professional-s-guide-to-purchase-and-sale-of-a.pdf
    • http://www.gorillawalker.com/japan-s-holy-war-the-ideology-of-radical-shinto-ultranationalism.pdf
    • http://www.gorillawalker.com/simple-narrative.pdf
    • http://www.gorillawalker.com/a-life-lived-outdoors-reflections-of-a-maine-sportsman.pdf
    • http://www.gorillawalker.com/always-a-yankee.pdf
    • http://www.gorillawalker.com/ferlinghetti-portrait.pdf
    • http://www.gorillawalker.com/operations-and-supply-management-the-core-operations-and-decision-sciences.pdf
    • http://www.gorillawalker.com/overcoming-runaway-blood-sugar-practical-help-for-people-fighting-fatigue.pdf
    • http://www.gorillawalker.com/the-worst-case-scenario-survival-handbook-middle-school-worst-case.pdf
    • http://www.gorillawalker.com/the-magnificent-mountain-women-adventures-in-the-colorado-rockies.pdf
    • http://www.gorillawalker.com/the-fairy-kingdom.pdf
    • http://www.gorillawalker.com/china-space-weapons-and-u-s-security-council-on-foreign.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.