Malicious PDF — malware analysis report

Static analysis result for SHA-256 81cb19afb7edf4c4…

MALICIOUS

PDF

43.8 KB Created: 2018-12-14 20:23:12 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: c98aaa45e8ef12bfc550ea570fdda489 SHA-1: e81710add43c14a96ce8ff232e854672f329632d SHA-256: 81cb19afb7edf4c46583821b0cc71ab7769b36d37795d46c63dcdfebdf26409a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to various PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or SEO spam technique, likely intended to drive traffic or distribute further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/siperianhusky-rekikoira-finnish-edition.pdf
    • http://www.gorillawalker.com/pirates-of-the-pacific-1575-1742.pdf
    • http://www.gorillawalker.com/fundamentals-of-clinical-hematology-1e.pdf
    • http://www.gorillawalker.com/a-fool-and-his-honey-aurora-teagarden-mysteries-no-6.pdf
    • http://www.gorillawalker.com/the-perspective-of-the-acting-person-essays-in-the-renewal.pdf
    • http://www.gorillawalker.com/love-and-war-in-the-apennines.pdf
    • http://www.gorillawalker.com/houghton-mifflin-harcourt-escalate-english-browse-student-magazine-grade-7.pdf
    • http://www.gorillawalker.com/diary-of-a-wimpy-herobrine-an-unofficial-minecraft-book-minecraft.pdf
    • http://www.gorillawalker.com/human-body-systems-2nd-edition.pdf
    • http://www.gorillawalker.com/the-cartography-of-sudden-death-a-tor-com-original.pdf
    • http://www.gorillawalker.com/free-thought-and-official-propaganda-primary-source-edition.pdf
    • http://www.gorillawalker.com/microsurgery-advances-simulations-and-applications.pdf
    • http://www.gorillawalker.com/the-fruit-of-her-womb.pdf
    • http://www.gorillawalker.com/as-if-god-existed-religion-and-liberty-in-the-history.pdf
    • http://www.gorillawalker.com/the-man-who-found-captain-scott-antarctic-explorer-and-war.pdf
    • http://www.gorillawalker.com/sports-and-entertainment-law-materials-prepared-for-a-continuing-legal.pdf
    • http://www.gorillawalker.com/my-friends.pdf
    • http://www.gorillawalker.com/emergencias-medicas-en-odontologia-medical-emergencies-in-dentistry-spanish-edition.pdf
    • http://www.gorillawalker.com/newton-rules-biology-a-physical-approach-to-biological-problems-paperback.pdf
    • http://www.gorillawalker.com/wet-work-a-dominick-candiotti-suspense-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/from-the-soil-to-the-stomach.pdf
    • http://www.gorillawalker.com/plant-biology-and-biotechnology-volume-ii-plant-genomics-and-biotechnology.pdf
    • http://www.gorillawalker.com/seabirds-of-the-world-photographic-handbooks.pdf
    • http://www.gorillawalker.com/richmond-castle-and-easby-abbey.pdf
    • http://www.gorillawalker.com/la-energia-del-viento-wind-energy-exploremos-la-ciencia-let.pdf
    • http://www.gorillawalker.com/coast-to-coast-walk-the-classic-walk-across-northern-england.pdf
    • http://www.gorillawalker.com/ghost-in-the-machine-ryan-s-journal-skeleton-creek-no.pdf
    • http://www.gorillawalker.com/the-assassination-of-martin-luther-king-jr-library-of-political.pdf
    • http://www.gorillawalker.com/asl-skills-development.pdf
    • http://www.gorillawalker.com/iphigenia-in-aulis.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-finite-element-method-mcgraw-hill-series.pdf
    • http://www.gorillawalker.com/a-law-dictionary-and-glossary-primarily.pdf
    • http://www.gorillawalker.com/the-piercing-bible.pdf
    • http://www.gorillawalker.com/tales-from-first-base-kindle-edition.pdf
    • http://www.gorillawalker.com/the-meaning-of-star-trek.pdf
    • http://www.gorillawalker.com/city-breaks-in-rome-venice-and-florence.pdf
    • http://www.gorillawalker.com/catalog-no-10.pdf
    • http://www.gorillawalker.com/oralidades-y-escrituras-ind-genas-en-el-amazonas-colombiano-una.pdf
    • http://www.gorillawalker.com/1001-grundl-ggande-fraser-svenska-jiddisch-swedish-edition.pdf
    • http://www.gorillawalker.com/alexanders-fest-oder-die-gewalt-der-musik-cantata-full-score.pdf
    • http://www.gorillawalker.com/houghton-mifflin-harcourt-escalate-eng
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.