Malicious PDF — malware analysis report

Static analysis result for SHA-256 775927139c25cf18…

MALICIOUS

PDF

41.8 KB Created: 2018-12-02 10:55:00 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: 36b6bb711878389140eeed1aa758d591 SHA-1: 45e0bb855e2adb5450c29dcf19beb55564500a3a SHA-256: 775927139c25cf184c3eff149be916fe2f0fb3d3ca4b0f1e1854c34aff2093ef
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/moving-lessons-margaret-h-doubler-and-the-beginning-of-dance.pdf
    • http://www.gorillawalker.com/plugged-rewind-agency-volume-2.pdf
    • http://www.gorillawalker.com/disciplined-for-her-sins-victorian-erotic-romance.pdf
    • http://www.gorillawalker.com/greek-mathematical-thought-and-the-origin-of-algebra-dover-books.pdf
    • http://www.gorillawalker.com/simultaneous-communication-asl-and-other-classroom-communication-modes.pdf
    • http://www.gorillawalker.com/weird-and-wonderful-dinosaur-facts.pdf
    • http://www.gorillawalker.com/title-woman-and-labour.pdf
    • http://www.gorillawalker.com/metal-men-marc-rich-and-the-10-billion-scam-kindle.pdf
    • http://www.gorillawalker.com/blues-acoustic-guitar-method-progressive.pdf
    • http://www.gorillawalker.com/the-molding-of-american-banking-men-and-ideas-1781-1910.pdf
    • http://www.gorillawalker.com/deluxe-bluegrass-mandolin-method.pdf
    • http://www.gorillawalker.com/rough-guide-iceland-5e-by-rough-guides-mar-26-2013.pdf
    • http://www.gorillawalker.com/two-worlds-one-art-literary-translation-in-russia-and-america.pdf
    • http://www.gorillawalker.com/a-first-course-in-stochastic-models.pdf
    • http://www.gorillawalker.com/new-age-vikings-the-icelandic-horse-volume-one-paperback-common.pdf
    • http://www.gorillawalker.com/the-economic-effects-of-constitutions-text-only-by-t-persson.pdf
    • http://www.gorillawalker.com/nova-nephilim-code-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/mail-order-bride-bordello-bride-western-mail-order-brides-book.pdf
    • http://www.gorillawalker.com/erotoscope-ungerer.pdf
    • http://www.gorillawalker.com/arrow-vengeance.pdf
    • http://www.gorillawalker.com/breakaway-careers-the-self-employment-resource-for-freelancers-consultants-and.pdf
    • http://www.gorillawalker.com/designing-embedded-systems-with-pic-microcontrollers-principles-and-applications.pdf
    • http://www.gorillawalker.com/malory-and-his-european-contemporaries-arthurian-studies.pdf
    • http://www.gorillawalker.com/blood-ties-the-stories-of-five-positive-women.pdf
    • http://www.gorillawalker.com/the-last-ship-a-novel.pdf
    • http://www.gorillawalker.com/dental-anatomy-dental-laboratory-technology-manuals.pdf
    • http://www.gorillawalker.com/measure-of-danger.pdf
    • http://www.gorillawalker.com/baby-blues-2015-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/by-j-david-spiceland-financial-accounting-3rd-edition-6-10.pdf
    • http://www.gorillawalker.com/the-illustrated-book-of-stockings.pdf
    • http://www.gorillawalker.com/weapons-of-mass-deliverance.pdf
    • http://www.gorillawalker.com/macular-disease-practical-strategies-for-living-with-vision-loss.pdf
    • http://www.gorillawalker.com/singapore-malaysia-brunei.pdf
    • http://www.gorillawalker.com/c-5-0-programmer-s-reference.pdf
    • http://www.gorillawalker.com/wooden-houses-from-log-cabins-to-beach-houses.pdf
    • http://www.gorillawalker.com/el-arte-de-la-paz-spanish-edition.pdf
    • http://www.gorillawalker.com/simply-sexual-the-house-of-pleasure-book-1.pdf
    • http://www.gorillawalker.com/mail-order-bride-westward-hope-clean-historical-cowboy-romance-novel.pdf
    • http://www.gorillawalker.com/good-nose-great-legs-the-art-of-wine-from-the.pdf
    • http://www.gorillawalker.com/the-isle-of-skye.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.