Malicious PDF — malware analysis report

Static analysis result for SHA-256 8eb2914fcba021fc…

MALICIOUS

PDF

41.6 KB Created: 2018-12-14 20:01:00 +03:00 Authoring application: - (via Acrobat Distiller 7.0 (Windows))
MD5: bc8415ba749979e05a6a145753aafc56 SHA-1: 7ce08eb967ec389c910eae5c40b78d295a9e938a SHA-256: 8eb2914fcba021fc934c76ed98b21950fe895d5205ae07e0c8c981850a9a4b5e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious documents. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-far-is-it-to-bethlehem-the-plays-and-poetry.pdf
    • http://www.gorillawalker.com/hedge-fund-structure-regulation-and-performance-around-the-world.pdf
    • http://www.gorillawalker.com/the-young-magician-vol-1.pdf
    • http://www.gorillawalker.com/practitioner-s-guide-to-dynamic-assessment-guilford-school-practitioner.pdf
    • http://www.gorillawalker.com/the-man-and-the-moon.pdf
    • http://www.gorillawalker.com/the-never-ending-days-of-being-dead.pdf
    • http://www.gorillawalker.com/the-new-settler-interviews.pdf
    • http://www.gorillawalker.com/word-is-an-egg.pdf
    • http://www.gorillawalker.com/la-libertad-de-no-tener-spanish-edition.pdf
    • http://www.gorillawalker.com/the-control-book-kindle-edition.pdf
    • http://www.gorillawalker.com/research-ethics-committees-data-protection-and-medical-research-in-european.pdf
    • http://www.gorillawalker.com/the-international-political-economy-of-the-environment-critical-perspectives-international.pdf
    • http://www.gorillawalker.com/reaching-children-through-play-therapy-an-experiential-approach.pdf
    • http://www.gorillawalker.com/mathematics-for-3d-game-programming-and-computer-graphics-third-edition.pdf
    • http://www.gorillawalker.com/ecuador-case-study-maps.pdf
    • http://www.gorillawalker.com/pirate-trials-famous-murderous-pirates-book-series-the-lives-and.pdf
    • http://www.gorillawalker.com/you-animal-you-charlotte-cory.pdf
    • http://www.gorillawalker.com/prepper-s-shtf-stockpile-the-ultimate-disaster-preparedness-and-survival.pdf
    • http://www.gorillawalker.com/get-your-ex-back-9-things-your-ex-needs-you.pdf
    • http://www.gorillawalker.com/how-to-build-hot-rod-chassis.pdf
    • http://www.gorillawalker.com/virginia-bed-breakfast-cookbook.pdf
    • http://www.gorillawalker.com/the-gay-agenda-claiming-space-identity-and-justice-counterpoints-english.pdf
    • http://www.gorillawalker.com/266-million-winning-lottery-recipes-l-l-hawaiian-barbecue-cookbook.pdf
    • http://www.gorillawalker.com/daily-life-arithmetics-grade-six.pdf
    • http://www.gorillawalker.com/the-price-of-temptation.pdf
    • http://www.gorillawalker.com/exam-facts-cfa-chartered-financial-analyst-level-1-exam-study.pdf
    • http://www.gorillawalker.com/introduction-to-the-qur-an-the-new-edinburgh-islamic-surveys.pdf
    • http://www.gorillawalker.com/drug-information-for-teens.pdf
    • http://www.gorillawalker.com/the-viking-achievement-the-society-and-culture-of-early-medieval.pdf
    • http://www.gorillawalker.com/galerius-and-the-will-of-diocletian-roman-imperial-biographies.pdf
    • http://www.gorillawalker.com/speaking-of-slavery-color-ethnicity-and-human-bondage-in-italy.pdf
    • http://www.gorillawalker.com/what-could-he-be-thinking-how-a-man-s-mind.pdf
    • http://www.gorillawalker.com/to-whisper-her-name-a-belle-meade-plantation-novel.pdf
    • http://www.gorillawalker.com/the-evolution-of-the-black-rifle-20-years-of-upgrades.pdf
    • http://www.gorillawalker.com/international-gaap-2012-generally-accepted-accounting-practice-under-international-financial.pdf
    • http://www.gorillawalker.com/plant-transformation-technologies.pdf
    • http://www.gorillawalker.com/engineering-drawing-and-design-student-edition-2002-6th-sixfth-edition.pdf
    • http://www.gorillawalker.com/bratislava-audio-tour-kindle-edition.pdf
    • http://www.gorillawalker.com/bonaparte-in-egypt-and-the-egyptians-of-to-day.pdf
    • http://www.gorillawalker.com/pastoral-answers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.