Malicious PDF — malware analysis report

Static analysis result for SHA-256 84908328dc92f416…

MALICIOUS

PDF

44.8 KB Created: 2018-11-15 18:32:50 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: 9dcf25040ad93c9396d0194bd66fa6e1 SHA-1: 179876f3c11c0e43b0ef84f3ca72e5678c992fb5 SHA-256: 84908328dc92f4160477734c8de73597663d7295b2ffd0f8f11baba78b6f332c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious documents. No scripts were extracted, and the document body was unreadable, so the primary evidence comes from the PDF structure and embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bacon-nation-125-irresistible-recipes.pdf
    • http://www.gorillawalker.com/the-effects-of-low-dose-radiation-new-aspects-of-radiobiological.pdf
    • http://www.gorillawalker.com/child-welfare-profiles-of-current-and-former-older-foster-youth.pdf
    • http://www.gorillawalker.com/the-seduction-bid-mills-boon-comics.pdf
    • http://www.gorillawalker.com/dr-whitaker-s-guide-to-natural-healing-america-s-leading.pdf
    • http://www.gorillawalker.com/naive-set-theory-the-university-series-in-undergraduate-mathematics.pdf
    • http://www.gorillawalker.com/summy-birchard-learning-together-for-cello-book-cd.pdf
    • http://www.gorillawalker.com/supercinema-film-philosophy-for-the-digital-age.pdf
    • http://www.gorillawalker.com/through-the-trees-the-poetic-end-to-a-toxic-relationship.pdf
    • http://www.gorillawalker.com/runaway-horses-the-sea-of-fertility.pdf
    • http://www.gorillawalker.com/the-silver-branch-the-roman-britain-trilogy-book-2.pdf
    • http://www.gorillawalker.com/czech-republic-european-union-hardcover-children.pdf
    • http://www.gorillawalker.com/kaplan-s-usmle-step-1-lecture-notes-2015.pdf
    • http://www.gorillawalker.com/environment-under-fire-monthly-review-press-classic-titles.pdf
    • http://www.gorillawalker.com/exploring-leadership-for-college-students-who-want-to-make-a.pdf
    • http://www.gorillawalker.com/dinosaur-herawrsies-a-coloring-book-for-dinosaur-fans.pdf
    • http://www.gorillawalker.com/am-i-small-ene-tenese-nane-children-s-picture-book.pdf
    • http://www.gorillawalker.com/detail-in-typography.pdf
    • http://www.gorillawalker.com/hellboy-tome-12-la-fianc-e-de-l-enfer-french.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-me-cfs-paperback-common.pdf
    • http://www.gorillawalker.com/stone-desert-a-naturalist-s-exploration-of-canyonlands-national-park.pdf
    • http://www.gorillawalker.com/audra.pdf
    • http://www.gorillawalker.com/the-thom-hartmann-reader-bk-currents.pdf
    • http://www.gorillawalker.com/chronic-fatigue-syndrome-diet-stop-feeling-tired-and-start-living.pdf
    • http://www.gorillawalker.com/geology-of-the-solitario-trans-pecos-texas-special-paper-geological.pdf
    • http://www.gorillawalker.com/introduction-to-health-behavior-theory-paperback.pdf
    • http://www.gorillawalker.com/full-stack-mobile-app-with-ionic-framework-kindle-edition.pdf
    • http://www.gorillawalker.com/larding-the-lean-earth-soil-and-society-in-nineteenth-century.pdf
    • http://www.gorillawalker.com/the-baffled-parent-s-guide-to-great-basketball-plays.pdf
    • http://www.gorillawalker.com/timed-readings-plus-in-literature-book-5.pdf
    • http://www.gorillawalker.com/handy-charting-guidelines-for-nursing-facilities-from-long-term-care.pdf
    • http://www.gorillawalker.com/the-zoo-a-musical-folly-vocal-score-arranged-by-roderick.pdf
    • http://www.gorillawalker.com/ravaged-by-beasts-in-the-basement-a-brutal-mmf-short.pdf
    • http://www.gorillawalker.com/storied-independent-automakers-nash-hudson-and-american-motors-unabridged-audible.pdf
    • http://www.gorillawalker.com/maghella-n-16-la-dolce-abortina-italian-edition.pdf
    • http://www.gorillawalker.com/no-justice-without-a-struggle-the-national-unemployed-workers-movement.pdf
    • http://www.gorillawalker.com/aerodynamics-volume-1-constituting-the-first-volume-of-a-complete.pdf
    • http://www.gorillawalker.com/pressure-ulcers-in-the-elderly.pdf
    • http://www.gorillawalker.com/the-coming-of-the-book-the-impact-of-printing-1450.pdf
    • http://www.gorillawalker.com/hacking-with-swift-project-18-iad-and-debugging-kindle-edition.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.