Malicious PDF — malware analysis report

Static analysis result for SHA-256 88abd124c07aea3c…

MALICIOUS

PDF

42.3 KB Created: 2018-12-15 08:31:38 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 7593c837cd7f8ff56a03169a47c9fc23 SHA-1: 53003325dd655e22945e7e352fdd94dfddddd600 SHA-256: 88abd124c07aea3c43a3a19adb0d75764632f0680421b05ff1209db393467545
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged the document as malicious, supporting this assessment. No scripts were extracted, but the sheer volume of links suggests a coordinated effort to drive traffic or distribute content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/colecci-n-de-leyes-decretos-y-rdenes-publicadas-en-el.pdf
    • http://www.gorillawalker.com/silken-prey-a-lucas-davenport-novel.pdf
    • http://www.gorillawalker.com/altar-boyz-vocal-selections.pdf
    • http://www.gorillawalker.com/vancouver-travel-guide-top-attractions-hotels-food-places-shopping-streets.pdf
    • http://www.gorillawalker.com/norway-distoguide-mathematical-linguistics-automatic-language-processing.pdf
    • http://www.gorillawalker.com/earth-a-walker-saga-book-7.pdf
    • http://www.gorillawalker.com/sun-signs.pdf
    • http://www.gorillawalker.com/woelfels-dental-anatomy.pdf
    • http://www.gorillawalker.com/low-wage-work-in-the-wealthy-world-russell-sage-foundation.pdf
    • http://www.gorillawalker.com/the-world-of-mathematics-4-volumes-set.pdf
    • http://www.gorillawalker.com/surveying-theory-practice.pdf
    • http://www.gorillawalker.com/christian-marriage-casti-connumbii.pdf
    • http://www.gorillawalker.com/saunders-review-of-dental-hygiene-by-margaret-j-fehrenbach-jane.pdf
    • http://www.gorillawalker.com/the-pirate-king.pdf
    • http://www.gorillawalker.com/fallen-eyes-book-four-of-salt-lake-after-dark-kindle.pdf
    • http://www.gorillawalker.com/consolidated-hamburger-japanese-edition.pdf
    • http://www.gorillawalker.com/rigolo-1-resource-pack.pdf
    • http://www.gorillawalker.com/mrs-milburn-s-diaries-an-englishwoman-s-day-to-day.pdf
    • http://www.gorillawalker.com/the-private-diary-of-dr-john-dee-and-the-catalogue.pdf
    • http://www.gorillawalker.com/pupil-s-concertos-nos-1-5-complete-violin-and-piano.pdf
    • http://www.gorillawalker.com/nights-over-egypt-an-eye-of-the-storm-short.pdf
    • http://www.gorillawalker.com/the-dawn-of-islamic-literalism-rise-of-the-crescent-moon.pdf
    • http://www.gorillawalker.com/hardball-how-politics-is-played-told-by-one-who-knows.pdf
    • http://www.gorillawalker.com/who-can-catch-the-moon-heartfelt-humorous-and-compelling-stories.pdf
    • http://www.gorillawalker.com/one-hour-to-simple-songwriting-skills-writing-songs-is-easier.pdf
    • http://www.gorillawalker.com/the-spider-master-of-men-3-no-3.pdf
    • http://www.gorillawalker.com/4-amazing-performance-and-health-increasing-niacin-protocols-by-logan.pdf
    • http://www.gorillawalker.com/final-environmental-impact-statement-for-an-early-site-permit-at.pdf
    • http://www.gorillawalker.com/ariana-grande-from-actress-to-chart-topping-singer-pop-culture.pdf
    • http://www.gorillawalker.com/cooking-from-the-heart-my-favorite-lessons-learned-along-the.pdf
    • http://www.gorillawalker.com/hindu-dharma.pdf
    • http://www.gorillawalker.com/el-fant-stico-viaje-al-big-bang-the-fantastic-journey.pdf
    • http://www.gorillawalker.com/the-pepperdogs-a-novel.pdf
    • http://www.gorillawalker.com/tulsa-the-great-american-city.pdf
    • http://www.gorillawalker.com/the-dead-sea-scrolls-in-english-pelican.pdf
    • http://www.gorillawalker.com/pat-babs-kindle-edition.pdf
    • http://www.gorillawalker.com/anglais-francais-animaux-de-compagnie-version-noir-blanc-weasel-volume.pdf
    • http://www.gorillawalker.com/snowboard-standoff-sports-illustrated-kids-graphic-novels-kindle-edition.pdf
    • http://www.gorillawalker.com/videolab-4-0.pdf
    • http://www.gorillawalker.com/java-an-introduction-to-problem-solving-and-programming-6th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.