Malicious PDF — malware analysis report

Static analysis result for SHA-256 7dc615f3b1fa3905…

MALICIOUS

PDF

42.5 KB Created: 2018-11-30 20:24:50 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: 6b79e80550fdc2bbf03e8a997ddce139 SHA-1: 06cc7d06ae4c8727e54d75eca580237b16afcbb8 SHA-256: 7dc615f3b1fa3905523d540d05e6412292569ec52b15d1eec52094f695d076df
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS classifier also flagged this document as malicious. The embedded URLs suggest a link farm or redirection scheme, likely intended to manipulate search engine results or distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-gillnet-s-drift-tales-of-fish-and-freedom-on.pdf
    • http://www.gorillawalker.com/a-thread-in-the-tangle-legends-of-fyrsta-book-1.pdf
    • http://www.gorillawalker.com/chemical-induction-of-cancer-structural-bases-and-biological-mechanisms-part.pdf
    • http://www.gorillawalker.com/the-new-best-of-america-for-guitar-easy-tab-deluxe.pdf
    • http://www.gorillawalker.com/life-magazine-march-9-1959.pdf
    • http://www.gorillawalker.com/encyclopedia-of-romanticism-culture-in-britain-1780s-1830s-garland-reference.pdf
    • http://www.gorillawalker.com/fill-in-smoothly-mortgage-relief-checklist-1996-isbn-4886825222-japanese.pdf
    • http://www.gorillawalker.com/technics-and-time-3-cinematic-time-and-the-question-of.pdf
    • http://www.gorillawalker.com/cemetery-of-mind-african-writers-library.pdf
    • http://www.gorillawalker.com/arming-against-hitler-france-and-the-limits-of-military-planning.pdf
    • http://www.gorillawalker.com/the-roman-army-the-legendary-soldiers-who-created-an-empire.pdf
    • http://www.gorillawalker.com/introduction-to-scholastic-philosophy-medieval-and-modern.pdf
    • http://www.gorillawalker.com/get-down-to-business-and-you-ll-get-the-job.pdf
    • http://www.gorillawalker.com/blackjack-calendar-2000-super-bikes.pdf
    • http://www.gorillawalker.com/new-topics-in-superconductivity-research.pdf
    • http://www.gorillawalker.com/snare-drum-duets-25-duets-fortwo-snare-drums-bk-cd.pdf
    • http://www.gorillawalker.com/international-neurolaw-a-comparative-analysis.pdf
    • http://www.gorillawalker.com/ball-and-roller-bearings-theory-design-and-application.pdf
    • http://www.gorillawalker.com/the-permissive-society-and-its-enemies-sixties-british-culture.pdf
    • http://www.gorillawalker.com/migration-and-international-trade-the-us-experience-since-1945.pdf
    • http://www.gorillawalker.com/exambusters-english-word-roots-vocabulary-flashcards-sat-act-gre-praxis.pdf
    • http://www.gorillawalker.com/an-apology-for-apostolic-order-and-its-advocates.pdf
    • http://www.gorillawalker.com/rough-threesome-traffic-stop-threesome-series-book-3.pdf
    • http://www.gorillawalker.com/muslim-women-throughout-the-world-a-bibliography.pdf
    • http://www.gorillawalker.com/raising-atlantis-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-ravishing-of-beauty-beauty-and-the-beast-erotica-fairy.pdf
    • http://www.gorillawalker.com/the-macedonian-privateers-gentlemen.pdf
    • http://www.gorillawalker.com/alberti-haller-ad-enumerationem-stirpium-helveticarum-emendationes-et-auctaria-romanian.pdf
    • http://www.gorillawalker.com/principles-of-financial-engineering-academic-press-advanced-finance.pdf
    • http://www.gorillawalker.com/the-goblin-pony-and-other-stories-scary-fairy-tales.pdf
    • http://www.gorillawalker.com/spring-wildflowers-of-the-san-francisco-bay-region-california-natural.pdf
    • http://www.gorillawalker.com/magic-and-mystery-in-tibet.pdf
    • http://www.gorillawalker.com/anne-bonney-my-pirate-story.pdf
    • http://www.gorillawalker.com/fiber-optic-applications-in-electrical-substations-83th0104-0.pdf
    • http://www.gorillawalker.com/programmable-logic-controllers-hardware-and-programming-laboratory-manual.pdf
    • http://www.gorillawalker.com/the-dirty-war-covert-strategies-and-tactics-used-in-political.pdf
    • http://www.gorillawalker.com/the-book-of-the-pharaohs.pdf
    • http://www.gorillawalker.com/divisions-en-chansons-french-edition.pdf
    • http://www.gorillawalker.com/management-lessons-from-mayo-clinic-inside-one-of-the-world.pdf
    • http://www.gorillawalker.com/how-to-make-it-big-as-a-consultant-4th-fourth.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.