Malicious PDF — malware analysis report

Static analysis result for SHA-256 7f9eedfefa064489…

MALICIOUS

PDF

40.2 KB Created: 2018-12-15 20:01:21 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: c271e4135549718dc9cdb23f6557e276 SHA-1: 1c8c36c0488f9fa885398b42cda998e7fad1f426 SHA-256: 7f9eedfefa0644892698339a487d880027cefb2bd2512e94a530487d82c1c61e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-chisolm-massacre-a-picture-of-home-rule-in-mississippi.pdf
    • http://www.gorillawalker.com/this-is-where-i-came-in-black-america-in-the.pdf
    • http://www.gorillawalker.com/the-home-satellite-tv-installation-and-troubleshooting-manual-1986.pdf
    • http://www.gorillawalker.com/managing-energy-price-risk-third-edition.pdf
    • http://www.gorillawalker.com/taste-of-a-stranger-a-hot-wife-story.pdf
    • http://www.gorillawalker.com/the-penguin-history-of-latin-america.pdf
    • http://www.gorillawalker.com/mile-high-fantasy-sin-city-secrets-vol-3.pdf
    • http://www.gorillawalker.com/controller-area-network-prototyping-with-arduino-creating-can-monitoring-diagnostics.pdf
    • http://www.gorillawalker.com/the-use-of-nursery-culture-to-enhance-storage-and-crop.pdf
    • http://www.gorillawalker.com/how-much-do-you-know-about-football-pocket-merlins.pdf
    • http://www.gorillawalker.com/hanoi-street-food.pdf
    • http://www.gorillawalker.com/kai-lan-s-great-trip-to-china-ni-hao-kai.pdf
    • http://www.gorillawalker.com/fracture-of-brittle-solids-cambridge-solid-state-science-series.pdf
    • http://www.gorillawalker.com/el-circulo-de-la-sabiduria-vol-2-spanish-edition.pdf
    • http://www.gorillawalker.com/experiences-of-china.pdf
    • http://www.gorillawalker.com/measure-for-measure-new-variorum-edition-of-shakespeare.pdf
    • http://www.gorillawalker.com/the-science-of-psychology-modules-2nd-edition.pdf
    • http://www.gorillawalker.com/the-rash-adventurer-a-life-of-john-pendlebury.pdf
    • http://www.gorillawalker.com/you-a-sex-change-adventure.pdf
    • http://www.gorillawalker.com/beyond-talent-creating-a-successful-career-in-music-by-beeching.pdf
    • http://www.gorillawalker.com/the-black-book-diary-of-a-teenage-stud-vol-ii.pdf
    • http://www.gorillawalker.com/an-incident-at-krechetovka-station-matryona-s-house-we-never.pdf
    • http://www.gorillawalker.com/guia-informativa-de-guayaquil-y-su-region-duran-salinas-playas.pdf
    • http://www.gorillawalker.com/gerontological-nursing-byeliopoulos.pdf
    • http://www.gorillawalker.com/methods-in-chemical-ecology-volume-2-bioassay-methods.pdf
    • http://www.gorillawalker.com/to-end-all-telescopes.pdf
    • http://www.gorillawalker.com/social-studies-activities-a-to-z.pdf
    • http://www.gorillawalker.com/communication-in-nursing-7e-by-julia-balzer-riley-nov-23.pdf
    • http://www.gorillawalker.com/normandy-insight-guide-insight-guides.pdf
    • http://www.gorillawalker.com/james-a-garfield-twentieth-president-of-the-united-states-encyclopedia.pdf
    • http://www.gorillawalker.com/nursing-care-of-the-older-adult.pdf
    • http://www.gorillawalker.com/the-market-gurus-stock-investing-strategies-you-can-use-from.pdf
    • http://www.gorillawalker.com/maisy-va-a-la-biblioteca-spanish-edition.pdf
    • http://www.gorillawalker.com/medicare-explained-kindle-edition.pdf
    • http://www.gorillawalker.com/thirteen-ways-of-looking-fiction.pdf
    • http://www.gorillawalker.com/birth-control-global-viewpoints.pdf
    • http://www.gorillawalker.com/books-initially-art-acrylic-painting-essentials-paperback.pdf
    • http://www.gorillawalker.com/cycles-of-profit.pdf
    • http://www.gorillawalker.com/c-m-wielands-s-mmtliche-werke-german-edition.pdf
    • http://www.gorillawalker.com/junior-worldmark-encyclopedia-of-world-cultures-9-volume-set.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.