Malicious PDF — malware analysis report

Static analysis result for SHA-256 8009ec83562d8863…

MALICIOUS

PDF

42.0 KB Created: 2018-11-14 10:06:56 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: 92d4ccc6b5304ebaea66350c27c8a881 SHA-1: 6317ce3c6df6503cf2466d71f1aa2c9fbd3cee6d SHA-256: 8009ec83562d88639e8f24484bffd3f052c12bfd8505b55f6e70d8729c1944aa
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-angel-salvador-de-espana-o-la-fragata-numancia-despues.pdf
    • http://www.gorillawalker.com/new-york-7th-grade-math-test-prep-common-core-learning.pdf
    • http://www.gorillawalker.com/the-actor-in-costume.pdf
    • http://www.gorillawalker.com/thorn.pdf
    • http://www.gorillawalker.com/the-dasam-granth.pdf
    • http://www.gorillawalker.com/women-of-the-french-revolution-women-in-history.pdf
    • http://www.gorillawalker.com/great-interpersonal-skills-work-readiness.pdf
    • http://www.gorillawalker.com/rhetoric-in-an-antifoundational-world-language-culture-and-pedagogy.pdf
    • http://www.gorillawalker.com/the-jungian-tarot-deck.pdf
    • http://www.gorillawalker.com/the-power-of-dres-dres-system-s-guide-to-building.pdf
    • http://www.gorillawalker.com/battletech-31-double-blind.pdf
    • http://www.gorillawalker.com/shiatsu-a-flowmotion-153-book-connect-with-your-body-s.pdf
    • http://www.gorillawalker.com/nothing-but-the-truth-dismas-hardy-book-6.pdf
    • http://www.gorillawalker.com/call-of-duty-black-ops-2-ultimate-guide-plus-multiplayer.pdf
    • http://www.gorillawalker.com/rand-mcnally-kansas-city-missouri-kansas-local-rand-mcnally-folded.pdf
    • http://www.gorillawalker.com/value-creation-through-sustainable-manufacturing.pdf
    • http://www.gorillawalker.com/the-pigman-me-a-memoir.pdf
    • http://www.gorillawalker.com/thailand-lonely-planet-diving-snorkeling-thailand.pdf
    • http://www.gorillawalker.com/the-elements-of-news-writing-2nd-edition.pdf
    • http://www.gorillawalker.com/chinese-lessons-five-classmates-and-the-story-of-the-new.pdf
    • http://www.gorillawalker.com/quick-skills-listening.pdf
    • http://www.gorillawalker.com/the-complete-acoa-sourcebook-adult-children-of-alcoholics-at-home.pdf
    • http://www.gorillawalker.com/our-catholic-faith-living-what-we-believe.pdf
    • http://www.gorillawalker.com/european-legal-history.pdf
    • http://www.gorillawalker.com/a-modern-syriac-english-dictionary-pt-1.pdf
    • http://www.gorillawalker.com/the-dynamics-of-the-upper-ocean.pdf
    • http://www.gorillawalker.com/national-5-modern-studies-2015-16-sqa-past-and-hodder.pdf
    • http://www.gorillawalker.com/world-war-ii-pacific-chronicle-of-america-s-wars.pdf
    • http://www.gorillawalker.com/civicrm-cookbook.pdf
    • http://www.gorillawalker.com/salt-marsh-webs-of-life.pdf
    • http://www.gorillawalker.com/lost-daughters-recovered-memory-therapy-and-the-people-it-hurts.pdf
    • http://www.gorillawalker.com/gnostica-et-manichaica-festschrift-fur-alois-van-tongerloo-anlasslich-des.pdf
    • http://www.gorillawalker.com/corpus-of-maya-hieroglyphic-inscriptions-v-5-pt-2-xultun.pdf
    • http://www.gorillawalker.com/smack-spanking-drawings-and-illustrations-erotic-art-classics-book-1.pdf
    • http://www.gorillawalker.com/the-story-of-thomas-jefferson.pdf
    • http://www.gorillawalker.com/research-in-chemical-kinetics.pdf
    • http://www.gorillawalker.com/a-blonde-for-murder.pdf
    • http://www.gorillawalker.com/jane-s-airports-equipment-services-2004-2005-jane-s-airport.pdf
    • http://www.gorillawalker.com/backyard-dutch-oven-cooking.pdf
    • http://www.gorillawalker.com/call-center-agent-turnover-and-retention-the-best-of-call.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.