Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d4dc9fa365d1698…

MALICIOUS

PDF

40.3 KB Created: 2019-03-17 08:16:37 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.3.2 (Windows))
MD5: 926197bfea1dd29d6b9591f8e40e06a5 SHA-1: ad69f615a4b8b7471a1dba62a5a5527abdf20a93 SHA-256: 8d4dc9fa365d1698dce6bee81edff2712d6f77346f67382f40e77fd1a71bf98a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/401-k-plans.pdf
    • http://www.gorillawalker.com/orangeville-the-heart-of-dufferin-county.pdf
    • http://www.gorillawalker.com/juicing-simplified-the-simplified-series-kindle-edition.pdf
    • http://www.gorillawalker.com/team-zero.pdf
    • http://www.gorillawalker.com/provence-and-the-cote-d-azur-eyewitness-travel-guides.pdf
    • http://www.gorillawalker.com/camping-it-up-gay-erotic-romance-erotic-gem-short-by.pdf
    • http://www.gorillawalker.com/principles-of-finance-with-excel.pdf
    • http://www.gorillawalker.com/wieners-gone-wild-out-of-the-ballpark-recipes-for-extraordinary.pdf
    • http://www.gorillawalker.com/moral-dilemmas-in-the-mahabharata.pdf
    • http://www.gorillawalker.com/love-apprehension.pdf
    • http://www.gorillawalker.com/international-corporate-identity-1-v-1.pdf
    • http://www.gorillawalker.com/howard-staunton-english-world-chess-champion.pdf
    • http://www.gorillawalker.com/common-market-law-reports-2000-v-2.pdf
    • http://www.gorillawalker.com/if-i-get-to-five-what-children-can-teach-us.pdf
    • http://www.gorillawalker.com/world-champ-s-analysis-an-article-from-word-ways-html.pdf
    • http://www.gorillawalker.com/electric-language-a-philosophical-study-of-word-processing.pdf
    • http://www.gorillawalker.com/cheese-italian-pantry-collection.pdf
    • http://www.gorillawalker.com/the-mayor-s-daughter-ii-stablemate.pdf
    • http://www.gorillawalker.com/cybele-s-secret-kindle-edition.pdf
    • http://www.gorillawalker.com/special-trade-passenger-ships-1971-international-conference-english-and-french.pdf
    • http://www.gorillawalker.com/missionary-to-jamaica-kindle-edition.pdf
    • http://www.gorillawalker.com/glencoe-science-biology-student-edition-national-geographic.pdf
    • http://www.gorillawalker.com/taken-power-exchange-book-1.pdf
    • http://www.gorillawalker.com/the-work-of-the-dead-a-cultural-history-of-mortal.pdf
    • http://www.gorillawalker.com/so-you-want-to-be-in-musicals.pdf
    • http://www.gorillawalker.com/by-mr-steve-lewis-staying-alive-applying-risk-management-to.pdf
    • http://www.gorillawalker.com/daddy-is-a-doodlebug.pdf
    • http://www.gorillawalker.com/cosi-fan-tutte-vocal-score-paperback-1986-wolfgang-amadeus-mozart.pdf
    • http://www.gorillawalker.com/an-atlas-of-world-affairs-import-paperback.pdf
    • http://www.gorillawalker.com/the-climate-of-rebellion-in-the-early-modern-ottoman-empire.pdf
    • http://www.gorillawalker.com/our-new-day-begun-1861-1877-sourcebook-4-making-freedom.pdf
    • http://www.gorillawalker.com/brick-layers-ii-creative-engineering-with-lego-constructions.pdf
    • http://www.gorillawalker.com/color-science-concepts-and-methods-quantitative-data-and-formulae.pdf
    • http://www.gorillawalker.com/ancient-architecture-mesopotamia-egypt-crete-greece.pdf
    • http://www.gorillawalker.com/the-real-wolf-the-science-politics-and-economics-of-co.pdf
    • http://www.gorillawalker.com/confluences-of-medicine-in-medieval-japan-buddhist-healing-chinese-knowledge.pdf
    • http://www.gorillawalker.com/the-artemis-connection.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-angel.pdf
    • http://www.gorillawalker.com/how-to-give-good-feedback-kindle-edition.pdf
    • http://www.gorillawalker.com/creating-lasting-value-how-to-lead-manage-and-market-your.pdf
    • http://www.gorillawalker.com/pr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.