Malicious PDF — malware analysis report

Static analysis result for SHA-256 8215bcb3b995fda2…

MALICIOUS

PDF

39.8 KB Created: 2019-01-06 08:09:10 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Publisher (via Acrobat Distiller 7.0 (Windows))
MD5: 70b2c12ac4c5b1429cd0cc7080b78809 SHA-1: 2ce090b60ec22a082d5932c90c9c31e89a38fac6 SHA-256: 8215bcb3b995fda29492f213710196c0dbf7438ae3053996d06648f0682bb931
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8869

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gulf-of-mexico-origin-waters-and-biota-volume-4-ecosystem.pdf
    • http://www.gorillawalker.com/virtual-ethnography.pdf
    • http://www.gorillawalker.com/mathematics-reference-book-for-scientists-and-engineers.pdf
    • http://www.gorillawalker.com/home-care-compliance-manual-2nd-edition-ahlcc-compliance-series.pdf
    • http://www.gorillawalker.com/cal-99-angel-calendar.pdf
    • http://www.gorillawalker.com/samurai-backpacker-ukrainetriestialvaniaberalusmacedonia-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fables-of-phaedrus.pdf
    • http://www.gorillawalker.com/great-mitzvah-fair.pdf
    • http://www.gorillawalker.com/trafficked-briefings.pdf
    • http://www.gorillawalker.com/basset-hound-puppies-2013-7x7-mini-wall.pdf
    • http://www.gorillawalker.com/neuroglycobiology-molecular-and-cellular-neurobiology.pdf
    • http://www.gorillawalker.com/the-hypnotist.pdf
    • http://www.gorillawalker.com/the-trumpet-of-the-swan.pdf
    • http://www.gorillawalker.com/teach-yourself-visually-access-2010.pdf
    • http://www.gorillawalker.com/shared-entrepreneurship-a-path-to-engaged-employee-ownership.pdf
    • http://www.gorillawalker.com/menu-math-the-hamburger-hut-addition-and-subtraction.pdf
    • http://www.gorillawalker.com/writing-eyewitness-guides.pdf
    • http://www.gorillawalker.com/the-little-book-of-gin-cocktails-little-book-of-cocktails.pdf
    • http://www.gorillawalker.com/nascar-illustrated-magazine-november-2012-attention-deficit.pdf
    • http://www.gorillawalker.com/how-to-reduce-your-carbon-footprint-energy-revolution.pdf
    • http://www.gorillawalker.com/captain-roy-brown-a-true-story-of-the-great-war.pdf
    • http://www.gorillawalker.com/netheril-empire-of-magic-advanced-dungeons-dragons-forgotten-realms.pdf
    • http://www.gorillawalker.com/wind-rider-book-2-return-of-the-dragons-kindle-edition.pdf
    • http://www.gorillawalker.com/practical-home-veterinarian-vintage.pdf
    • http://www.gorillawalker.com/cornerstones-for-college-success-books-a-la-carte-edition-7th.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-top-50-math-skills-for-ged-success.pdf
    • http://www.gorillawalker.com/fidel-castro-the-cuban-revolution-for-kids-the-amazing-and.pdf
    • http://www.gorillawalker.com/reminiscences-of-a-stock-operator.pdf
    • http://www.gorillawalker.com/symphonic-repertoire-for-the-bass-clarinet-vol-2.pdf
    • http://www.gorillawalker.com/the-official-pocket-guide-to-diabetic-exchanges-choose-your-foods.pdf
    • http://www.gorillawalker.com/authoritative-guide-to-lionel-s-promotional-outfits-1960-1969-lionel.pdf
    • http://www.gorillawalker.com/henry-the-navigator-famous-explorers.pdf
    • http://www.gorillawalker.com/397-journal-writing-prompts-ideas-your-secret-checklist-to-journaling.pdf
    • http://www.gorillawalker.com/working-with-sources-exercises-for-a-writer-s-reference.pdf
    • http://www.gorillawalker.com/casey-and-derek-on-the-ice.pdf
    • http://www.gorillawalker.com/above-and-beneath-the-ocean-create-your-world.pdf
    • http://www.gorillawalker.com/cajun-healthy.pdf
    • http://www.gorillawalker.com/women-s-pictures-feminism-and-cinema.pdf
    • http://www.gorillawalker.com/the-old-world-palestine-syria-and-asia-minor-travel-incidents.pdf
    • http://www.gorillawalker.com/the-allure-of-gnosticism-the-gnostic-experience-in-jungian-philosophy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.