Malicious PDF — malware analysis report

Static analysis result for SHA-256 8fa274b6ad55c61e…

MALICIOUS

PDF

41.7 KB Created: 2019-02-12 19:46:39 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: d0543acd1f977aae6f86c14d9d51bed2 SHA-1: d9265a55b506beb94dfe7d1df4daff2f729a6d45 SHA-256: 8fa274b6ad55c61ed6b6340789dca990d164b7b60af38087e71a4a888c5c6baf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs pointing to external PDF documents. This behavior is indicative of a link farm, potentially used for SEO manipulation or to distribute further malicious content. The primary domain hosting these links is www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/proceedings-of-the-2nd-european-workshop-on-periodontology.pdf
    • http://www.gorillawalker.com/memory-and-testimony-in-the-child-witness-multicultural-aspects-of.pdf
    • http://www.gorillawalker.com/edmonia-lewis-wildfire-in-marble.pdf
    • http://www.gorillawalker.com/ten-fun-things-to-do-in-lyon.pdf
    • http://www.gorillawalker.com/illness-as-narrative-pitt-comp-literacy-culture.pdf
    • http://www.gorillawalker.com/there-ain-t-no-black-in-the-union-jack-routledge.pdf
    • http://www.gorillawalker.com/the-forensic-science-of-c-s-i.pdf
    • http://www.gorillawalker.com/happenstance-a-novella-series-part-three-kindle-edition.pdf
    • http://www.gorillawalker.com/thomas-quick-the-making-of-a-serial-killer.pdf
    • http://www.gorillawalker.com/sex-on-the-brain-12-lessons-to-enhance-your-love.pdf
    • http://www.gorillawalker.com/2009-new-york-city-wall-calendar.pdf
    • http://www.gorillawalker.com/viral-replication.pdf
    • http://www.gorillawalker.com/the-ultimate-philippines-travel-guide-how-to-get-the-most.pdf
    • http://www.gorillawalker.com/handbook-of-household-and-structural-insect-pests-handbook-series.pdf
    • http://www.gorillawalker.com/illicit-mates-paranormal-gay-werewolf-shifter-romance-fated-date-agency.pdf
    • http://www.gorillawalker.com/pediatric-and-adolescent-gynecology-evidence-based-clinical-practice-endocrine-development.pdf
    • http://www.gorillawalker.com/la-conspiracion-98-un-pacto-secreto-para-llevar-a-hugo.pdf
    • http://www.gorillawalker.com/business-to-business-marketing-im-facility-management-ein-handbuch-f.pdf
    • http://www.gorillawalker.com/rpg-tnt-101-dynamite-tips-n-techniques-with-rpg-iv.pdf
    • http://www.gorillawalker.com/the-invisible-man-a-grotesque-romance-classic-science-fiction-the.pdf
    • http://www.gorillawalker.com/my-meditation-on-the-gospel.pdf
    • http://www.gorillawalker.com/pretty-ponies-barbie-hologramatic-sticker-book.pdf
    • http://www.gorillawalker.com/moonglow-darkest-london-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-broadway-travellers-travels-in-persia-1627-1629.pdf
    • http://www.gorillawalker.com/ad-381.pdf
    • http://www.gorillawalker.com/advanced-concepts-for-blues-guitar-soloing-book-cd.pdf
    • http://www.gorillawalker.com/essential-radiology-clinical-presentation-pathophysiology-imaging.pdf
    • http://www.gorillawalker.com/learnsmart-standalone-access-card-for-physical-geology.pdf
    • http://www.gorillawalker.com/black-beauty-oxford-children-s-classics.pdf
    • http://www.gorillawalker.com/in-the-stormy-red-sky-lt-leary.pdf
    • http://www.gorillawalker.com/grand-european-tours-tour-4-paris-and-ch.pdf
    • http://www.gorillawalker.com/sorrento-and-its-delicacies-kindle-edition.pdf
    • http://www.gorillawalker.com/flamenco-gypsy-dance-and-music-from-andalusia-hardcover.pdf
    • http://www.gorillawalker.com/manufacturing-consent-the-political-economy-of-the-mass-media.pdf
    • http://www.gorillawalker.com/environment-and-health-protecting-our-common-future.pdf
    • http://www.gorillawalker.com/something-red.pdf
    • http://www.gorillawalker.com/dragon-ball-z-it-s-over-9-000-cosmovisiones-en.pdf
    • http://www.gorillawalker.com/making-ronald-reagan-casting-an-american-president.pdf
    • http://www.gorillawalker.com/great-lakes-shipping-ports-cargoes-photo-gallery.pdf
    • http://www.gorillawalker.com/100-deadly-skills-the-seal-operative-s-survival-guide.pdf
    • http://www.gorillawalker.com/2009-new-york-city-w
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.