Malicious PDF — malware analysis report

Static analysis result for SHA-256 8ad667c79cd0c6e6…

MALICIOUS

PDF

42.2 KB Created: 2018-12-15 20:04:56 +03:00 Authoring application: QuarkXPress(R) 9.0
MD5: dc03183d8beec789739b2716c8602b9c SHA-1: 604f2e766257e262401cd70c8e107be31e441446 SHA-256: 8ad667c79cd0c6e6a743146bd9296209f5b7e0497f6a7f6cd3be7d6920b52e5b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/casanova-in-training-volume-1.pdf
    • http://www.gorillawalker.com/the-integrated-medical-library.pdf
    • http://www.gorillawalker.com/for-the-common-good-state-power-and-urban-revolts-in.pdf
    • http://www.gorillawalker.com/salads-hot-cold-ultimate-cook-book.pdf
    • http://www.gorillawalker.com/kids-for-the-world-a-guidebook-for-children-s-mission.pdf
    • http://www.gorillawalker.com/modernity-britain-1957-1962.pdf
    • http://www.gorillawalker.com/korea-dynamics-of-diplomacy-and-unification-keck-center-for-international.pdf
    • http://www.gorillawalker.com/hardy-californians-a-woman-s-life-with-native-plants.pdf
    • http://www.gorillawalker.com/scotland-oxford-archaeological-guide-oxford-archaeological-guides.pdf
    • http://www.gorillawalker.com/donkey-boy.pdf
    • http://www.gorillawalker.com/the-true-history-of-the-american-revolution.pdf
    • http://www.gorillawalker.com/realizing-the-potential-of-immigrant-youth-the-jacobs-foundation-series.pdf
    • http://www.gorillawalker.com/acts-of-war-the-usurper-s-war-book-2-kindle.pdf
    • http://www.gorillawalker.com/lecture-notes-orthopaedics-and-fractures.pdf
    • http://www.gorillawalker.com/pregnant-by-the-greek-tycoon-harlequin-comics.pdf
    • http://www.gorillawalker.com/tower-stories-an-oral-history-of-9-11.pdf
    • http://www.gorillawalker.com/probiotic-therapies-mechanisms-of-action-and-interaction.pdf
    • http://www.gorillawalker.com/pennsylvania-consumer-law-baldwin-s-handbook-series.pdf
    • http://www.gorillawalker.com/apocrypha-sinaitica-cambridge-library-collection-biblical-studies.pdf
    • http://www.gorillawalker.com/psychotherapy-for-people-diagnosed-with-schizophrenia-specific-techniques-the-international.pdf
    • http://www.gorillawalker.com/insight-advance-itools-dvd-rom.pdf
    • http://www.gorillawalker.com/west-side-story-instrumental-solos-arranged-for-trombone-and-piano.pdf
    • http://www.gorillawalker.com/hydraulic-handbook-colt-industries.pdf
    • http://www.gorillawalker.com/mitch-albom-s-tuesdays-with-morrie.pdf
    • http://www.gorillawalker.com/automated-diagnostics-and-analytics-for-buildings.pdf
    • http://www.gorillawalker.com/controlling-liability-insurance-costs-state-initiatives-in-the-area-of.pdf
    • http://www.gorillawalker.com/the-creation-of-matter-the-universe-from-beginning-to-end.pdf
    • http://www.gorillawalker.com/daily-reading-comprehension-grade-6.pdf
    • http://www.gorillawalker.com/the-sacred-year-mapping-the-soulscape-of-spiritual-practice-how.pdf
    • http://www.gorillawalker.com/intrigue-me-it-s-trading-men.pdf
    • http://www.gorillawalker.com/the-successor-a-novel.pdf
    • http://www.gorillawalker.com/green-fire-stories-from-the-wild.pdf
    • http://www.gorillawalker.com/buz-trophy-picture-books.pdf
    • http://www.gorillawalker.com/out-of-time-s-abyss.pdf
    • http://www.gorillawalker.com/the-sir-roger-de-coverley-papers-from-the-spectator.pdf
    • http://www.gorillawalker.com/animal-encyclopedia-edition-of-three-students-color-pictures-fine-ivy.pdf
    • http://www.gorillawalker.com/musculoskeletal-ultrasound-for-the-extremities-a-practical-guide-to-songography.pdf
    • http://www.gorillawalker.com/charles-kingsley-his-letters-and-memoires-of-his-life-volume.pdf
    • http://www.gorillawalker.com/comparative-constitutional-traditions-teaching-texts-in-law-and-politics.pdf
    • http://www.gorillawalker.com/true-face-be-real-be-fearless-be-you-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.