Malicious PDF — malware analysis report

Static analysis result for SHA-256 9092a7201042a54d…

MALICIOUS

PDF

44.4 KB Created: 2018-12-03 17:09:00 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: cb757045544b5843612e75e04c789b91 SHA-1: 35c01dfe4d9ddbda3fd52386f6c64937104062a2 SHA-256: 9092a7201042a54de1c0b2caccaa3347a0baed0c6203d8f70feea23a2f027db8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/philosophy-of-religion-access-to-religion-philosophy.pdf
    • http://www.gorillawalker.com/intrepid-woman-betty-lussier-s-secret-war-1942-1945.pdf
    • http://www.gorillawalker.com/law-of-the-sea-bulletin-no-65-2008-law-of.pdf
    • http://www.gorillawalker.com/official-a-d-study-guidebook-a-12-week-study-through.pdf
    • http://www.gorillawalker.com/centrestage-v-3-four-part-flexible-chamber-music-arrangements-featuring.pdf
    • http://www.gorillawalker.com/competing-with-flexible-lateral-organizations-2nd-edition.pdf
    • http://www.gorillawalker.com/the-snyder-county-quilting-bee-ii-volume-8-a-double.pdf
    • http://www.gorillawalker.com/lunch-boxes-and-snacks-over-120-healthy-recipes-from-delicious.pdf
    • http://www.gorillawalker.com/kayaking-made-easy-2nd-a-manual-for-beginners-with-tips.pdf
    • http://www.gorillawalker.com/all-my-edens-a-gardener-s-memoir.pdf
    • http://www.gorillawalker.com/the-100-series-algebra-ii.pdf
    • http://www.gorillawalker.com/aprenda-reiki-learn-reiki-spanish-edition.pdf
    • http://www.gorillawalker.com/the-ancient-egyptians-beliefs-practices.pdf
    • http://www.gorillawalker.com/stories-of-hope-living-in-serenity-with-chronic-pain-and.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-theory-of-multiply-periodic-functions-by.pdf
    • http://www.gorillawalker.com/hedging-currency-exposures-currency-risk-management-risk-management-series.pdf
    • http://www.gorillawalker.com/introduction-to-mythology-contemporary-approaches-to-classical-and-world-myths.pdf
    • http://www.gorillawalker.com/ccna-voice-portable-command-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/usaf-f-15-eagles-units-colors-and-markings-schiffer-military.pdf
    • http://www.gorillawalker.com/inflammation-and-gastrointestinal-cancers-recent-results-in-cancer-research.pdf
    • http://www.gorillawalker.com/the-best-of-east-texas.pdf
    • http://www.gorillawalker.com/bruce-lee-and-i.pdf
    • http://www.gorillawalker.com/adolf-hitler-origins-of-a-psychopath-the-nephilim-connection-a.pdf
    • http://www.gorillawalker.com/mems-and-nanotechnology-based-sensors-and-devices-for-communications-medical.pdf
    • http://www.gorillawalker.com/christ-is-risen-the-passion-and-the-resurrection-of-jesus.pdf
    • http://www.gorillawalker.com/healing-your-grieving-heart-when-someone-you-care-about-has.pdf
    • http://www.gorillawalker.com/chris-marker-memories-of-the-future.pdf
    • http://www.gorillawalker.com/the-nymphos-of-rocky-flats-a-novel.pdf
    • http://www.gorillawalker.com/imovie-4-idvd-the-missing-manual.pdf
    • http://www.gorillawalker.com/transforming-the-city-community-organizing-and-the-challenge-of-political.pdf
    • http://www.gorillawalker.com/de-ran-dan-haitian-edition.pdf
    • http://www.gorillawalker.com/ensnared-in-a-spider-s-web-a-world-war-ii.pdf
    • http://www.gorillawalker.com/luchow-s-german-cookbook.pdf
    • http://www.gorillawalker.com/college-reading-series-thinking-it-through.pdf
    • http://www.gorillawalker.com/independent-and-underground-classics-critical-survey-of-graphic-novels.pdf
    • http://www.gorillawalker.com/psychology-clinical-quickstudy-academic.pdf
    • http://www.gorillawalker.com/nauman-reiterated-electronic-mediations.pdf
    • http://www.gorillawalker.com/my-best-day-with-daddy-the-adventures-of-maya-and.pdf
    • http://www.gorillawalker.com/a-light-in-the-storm-the-civil-war-diary-of.pdf
    • http://www.gorillawalker.com/finding-art-s-place-experiments-in-contemporary-education-and-culture.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.