Malicious PDF — malware analysis report

Static analysis result for SHA-256 88dd7d160c815cc7…

MALICIOUS

PDF

45.3 KB Created: 2018-12-08 04:09:36 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 5c0b652100df27fddd51b5e3e5349c4d SHA-1: 4f146a4853bda84f28fd15d8409ba5fb08f443a0 SHA-256: 88dd7d160c815cc71f469fb32c118e38847bfcbef4352d4e9f32b24837978486
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm. The primary purpose appears to be SEO manipulation or redirecting users to a large collection of other documents hosted on the same domain. The embedded URLs are all structured as links to PDF files on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8822

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/clinical-laboratory-tests-values-and-implications.pdf
    • http://www.gorillawalker.com/spell-well-2nd-edition.pdf
    • http://www.gorillawalker.com/the-exile-of-capri.pdf
    • http://www.gorillawalker.com/manual-de-t.pdf
    • http://www.gorillawalker.com/the-idea-of-africa-african-systems-of-thought.pdf
    • http://www.gorillawalker.com/colorado-the-place-of-nature-the-nature-of-place.pdf
    • http://www.gorillawalker.com/bach-flower-remedies-for-everyone.pdf
    • http://www.gorillawalker.com/the-electrical-experimenter-50-popular-electrical-news-illustrated-electrocuting-the.pdf
    • http://www.gorillawalker.com/small-animal-laparoscopy-and-thoracoscopy-avs-advances-in-veterinary-surgery.pdf
    • http://www.gorillawalker.com/the-bill-of-rights-primer-a-citizen-s-guidebook-to.pdf
    • http://www.gorillawalker.com/lennon-and-mccartney-for-cello.pdf
    • http://www.gorillawalker.com/legal-interpretation-of-tax-law-series-on-international-taxation.pdf
    • http://www.gorillawalker.com/literature-language-and-the-media-in-india.pdf
    • http://www.gorillawalker.com/helping-college-students-developing-essential-support-skills-for-student-affairs.pdf
    • http://www.gorillawalker.com/the-blasphemies-of-thomas-aikenhead-boundaries-of-belief-on-the.pdf
    • http://www.gorillawalker.com/introduction-to-concurrency-theory-transition-systems-and-ccs-texts-in.pdf
    • http://www.gorillawalker.com/ace-s-ap-exambusters-study-cards.pdf
    • http://www.gorillawalker.com/cthulhutech-unveiled-threats.pdf
    • http://www.gorillawalker.com/80-10-10-raw-food-recipes-salads-slaws-simply-delicious.pdf
    • http://www.gorillawalker.com/illustration-now-vol-3.pdf
    • http://www.gorillawalker.com/information-and-communication-technologies-in-tourism-2012-proceedings-of-the.pdf
    • http://www.gorillawalker.com/made-to-crave-devotional-60-days-to-craving-god-not.pdf
    • http://www.gorillawalker.com/determining-the-form-structures-for-preaching-elements-of-preaching.pdf
    • http://www.gorillawalker.com/white-party-white-government-race-class-and-u-s-politics.pdf
    • http://www.gorillawalker.com/backbone-of-the-whermacht-german-k98k-rifle-1934-45.pdf
    • http://www.gorillawalker.com/doctor-faustus-edited-by-sylvan-barnet.pdf
    • http://www.gorillawalker.com/forge-work-classic-reprint.pdf
    • http://www.gorillawalker.com/theoretical-nuclear-physics-nuclear-structure-wiley-classics-library-volume-1.pdf
    • http://www.gorillawalker.com/engineering-drawing-and-design-1968.pdf
    • http://www.gorillawalker.com/dictionary-of-spanish-slang-barron-s.pdf
    • http://www.gorillawalker.com/digital-painting-37-advanced-tricks-and-techniques-kindle-edition.pdf
    • http://www.gorillawalker.com/from-grandma-to-you-childcare-wisdom-for-a-new-generation.pdf
    • http://www.gorillawalker.com/the-one-hour-china-book-two-peking-university-professors-explain.pdf
    • http://www.gorillawalker.com/mini-car-2006-petprints-calendar.pdf
    • http://www.gorillawalker.com/moonwalking-with-einstein-the-art-and-science-of-remembering-everything.pdf
    • http://www.gorillawalker.com/marking-time-in-the-golden-state-women-s-imprisonment-in.pdf
    • http://www.gorillawalker.com/belwin-master-duets-saxophone.pdf
    • http://www.gorillawalker.com/essential-guide-to-business-etiquette-by-chaney-lillian-h-martin.pdf
    • http://www.gorillawalker.com/the-new-christian-charm-course-teacher-today-s-social-graces.pdf
    • http://www.gorillawalker.com/narcissism-and-politics-dreams-of-glory.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.