Malicious PDF — malware analysis report

Static analysis result for SHA-256 775429c1649c98c4…

MALICIOUS

PDF

45.9 KB Created: 2018-11-15 18:32:23 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 904c17b411a4e31d0314172b5106ccfc SHA-1: 1492cd82e47407209643393f0b815bd7c1c98ef6 SHA-256: 775429c1649c98c4570146748eb0bc453fbe857f8c342d8a8626317658a1b55f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fighting-techniques-of-the-ancient-world-3000-b-c-to.pdf
    • http://www.gorillawalker.com/the-glories-of-mary-a-liguori-classic.pdf
    • http://www.gorillawalker.com/character-development-classroom-ready-materials-for-teaching-writing-and-literary.pdf
    • http://www.gorillawalker.com/practical-house-carpentry.pdf
    • http://www.gorillawalker.com/stop-the-violence-against-people-with-disabilities-an-international-resource.pdf
    • http://www.gorillawalker.com/christmas-with-the-millionaire-cowboy-bbw-western-holiday-romance-stepbrother.pdf
    • http://www.gorillawalker.com/learn-chinese-mandarin-through-fairy-tales-cinderella-level-1-foreign.pdf
    • http://www.gorillawalker.com/iec-60306-1-ed-1-0-b-1969-measurement-of.pdf
    • http://www.gorillawalker.com/business-management-for-business-owners-how-to-manage-your-small.pdf
    • http://www.gorillawalker.com/the-rise-of-evangelicalism-the-age-of-edwards-whitefield-and.pdf
    • http://www.gorillawalker.com/hashimoto-healing-the-holistic-treatment-of-hashimoto-s-thyroiditis.pdf
    • http://www.gorillawalker.com/assessment-of-exceptional-students-8th-edition.pdf
    • http://www.gorillawalker.com/poplars-and-willows-trees-for-society-and-the-environment.pdf
    • http://www.gorillawalker.com/just-practice-a-social-justice-approach-to-social-work-2nd.pdf
    • http://www.gorillawalker.com/veterinary-anatomy-of-domestic-mammals.pdf
    • http://www.gorillawalker.com/the-history-of-a-myth-pacariqtambo-and-the-origin-of.pdf
    • http://www.gorillawalker.com/empire-zombie-novels.pdf
    • http://www.gorillawalker.com/introducing-biblical-hebrew-hardcover.pdf
    • http://www.gorillawalker.com/acronyms-initials-abbreviations-dictionary-acronyms-initialisms-abbreviations-dictionary-4-vol.pdf
    • http://www.gorillawalker.com/building-fireplace-mantels-distinctive-projects-for-any-style-home.pdf
    • http://www.gorillawalker.com/the-wisdom-of-owls-good-advice-as-you-take-flight.pdf
    • http://www.gorillawalker.com/the-30-day-love-language-minute-devotional-volume-1.pdf
    • http://www.gorillawalker.com/how-santa-got-his-job.pdf
    • http://www.gorillawalker.com/hal-leonard-sam-bush-mandolin-bundle-pack-book-cd-dvd.pdf
    • http://www.gorillawalker.com/life-magazine-vol-72-no-9-march-10-1972.pdf
    • http://www.gorillawalker.com/working-memory-activities.pdf
    • http://www.gorillawalker.com/le-prince-french-edition.pdf
    • http://www.gorillawalker.com/wege-aus-der-arbeitslosigkeit-minipreneure-chancen-um-das-leben-neu.pdf
    • http://www.gorillawalker.com/australia-with-notes-by-the-way-on-egypt-ceylon-bombay.pdf
    • http://www.gorillawalker.com/the-art-of-frozen.pdf
    • http://www.gorillawalker.com/no-limits-the-will-to-succeed-by-phelps-michael-2009.pdf
    • http://www.gorillawalker.com/konstantins-insel-ein-erotisches-insel-abenteuer-german-edition.pdf
    • http://www.gorillawalker.com/alternative-portraiture-artistic-lighting-and-design-for-environmental-photography.pdf
    • http://www.gorillawalker.com/shadows-of-things-to-come-a-prophetic-look-at-god.pdf
    • http://www.gorillawalker.com/angry-birds-game-how-to-download-for-kindle-fire-hd.pdf
    • http://www.gorillawalker.com/o-neill-s-music-of-ireland-over-1-000-fiddle.pdf
    • http://www.gorillawalker.com/making-vocational-choices-a-theory-of-vocational-personalities-and-work.pdf
    • http://www.gorillawalker.com/the-politics-of-court-scandal-in-early-modern-england-news.pdf
    • http://www.gorillawalker.com/book-of-common-worship.pdf
    • http://www.gorillawalker.com/the-amen-corner-a-play.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.