Malicious PDF — malware analysis report

Static analysis result for SHA-256 913af7da527e72c2…

MALICIOUS

PDF

44.5 KB Created: 2018-11-30 20:37:13 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: ecb6ce759cefee909ab00b2be2e8fe88 SHA-1: f372cf1c838efa5bc211a326648c3cab5ed10cad SHA-256: 913af7da527e72c27350685b7e14248f1b259882a7776a2eda6c0a66031c808e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/your-guide-to-acadia-national-park.pdf
    • http://www.gorillawalker.com/the-national-interest-in-question-foreign-policy-in-multicultural-societies.pdf
    • http://www.gorillawalker.com/geosynclines-concept-and-place-within-plate-tectonics-benchmark-papers-in.pdf
    • http://www.gorillawalker.com/best-practices-for-supply-chain-consolidation.pdf
    • http://www.gorillawalker.com/share-a-great-life-with-alzheimer-s-cancer-or-any.pdf
    • http://www.gorillawalker.com/affect-and-emotion-a-new-social-science-understanding.pdf
    • http://www.gorillawalker.com/sports-betting-systems-that-win-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-masters-of-the-poster-all-256-color-plates.pdf
    • http://www.gorillawalker.com/update-on-ultrasound-an-issue-of-radiologic-clinics-1e-the.pdf
    • http://www.gorillawalker.com/making-your-mind-matter-strategies-for-increasing-practical-intelligence.pdf
    • http://www.gorillawalker.com/wild-edible-plants-of-the-western-united-states.pdf
    • http://www.gorillawalker.com/coded-limericks-fifty-brilliant-limericks-presented-in-secret-cipher-to.pdf
    • http://www.gorillawalker.com/skills-drills-and-strategies-for-badminton-the-teach-coach-play.pdf
    • http://www.gorillawalker.com/home-buyer-s-checklist-everything-you-need-to-know-but.pdf
    • http://www.gorillawalker.com/handbook-of-clinical-nuclear-medicine.pdf
    • http://www.gorillawalker.com/die-ersten-freigelassenen-der-sch-pfung-das-menschenbild-johann-gottfried.pdf
    • http://www.gorillawalker.com/lightning-nature-s-light-show.pdf
    • http://www.gorillawalker.com/personal-injuries-and-quantum-reports-1999-v-8.pdf
    • http://www.gorillawalker.com/manual-of-united-states-surveying-system-of-rectangular-surveying.pdf
    • http://www.gorillawalker.com/501-quantitative-comparison-questions-skill-builder-in-focus.pdf
    • http://www.gorillawalker.com/101-one-liner-jokes-with-two-answers-paperback.pdf
    • http://www.gorillawalker.com/das-steiner-prinzip-vom-schwergewicht-zum-wohlf-hl-ich-german.pdf
    • http://www.gorillawalker.com/dick-leibert-at-the-radio-city-music-hall-organ.pdf
    • http://www.gorillawalker.com/this-way-indonesia-this-way-guides.pdf
    • http://www.gorillawalker.com/text-book-of-electrochemistry.pdf
    • http://www.gorillawalker.com/white-nation-fantasies-of-white-supremacy-in-a-multicultural-society.pdf
    • http://www.gorillawalker.com/eye-of-terror-warhammer-40-000.pdf
    • http://www.gorillawalker.com/four-plays-candida-caesar-and-cleopatra-pygmalion-heartbreak-house.pdf
    • http://www.gorillawalker.com/francis-cauffman-history.pdf
    • http://www.gorillawalker.com/where-have-all-the-cowboys-gone-paperback-common.pdf
    • http://www.gorillawalker.com/austrian-travel-wonderland-continental-railway-handbook.pdf
    • http://www.gorillawalker.com/laws-of-ascension-companion-mind-s-eye-theatre.pdf
    • http://www.gorillawalker.com/mel-bay-presents-antonio-vivaldi-three-concerti-from-l-estro.pdf
    • http://www.gorillawalker.com/great-sandwiches-cook-s-essentials.pdf
    • http://www.gorillawalker.com/abnormal-psychology-core-concepts-2nd-edition.pdf
    • http://www.gorillawalker.com/state-of-siege-miners-strike-1984-politics-and-policing-in.pdf
    • http://www.gorillawalker.com/living-islam-out-loud-american-muslim-women-speak.pdf
    • http://www.gorillawalker.com/gabe-the-dog-who-sniffs-out-danger-hero-dog.pdf
    • http://www.gorillawalker.com/the-golden-bowl.pdf
    • http://www.gorillawalker.com/course-correction-a-story-of-rowing-and-resilience-in-the.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.