Malicious PDF — malware analysis report

Static analysis result for SHA-256 938cea91e3963170…

MALICIOUS

PDF

43.7 KB Created: 2018-11-23 08:00:23 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 9a65583407f0819307df96a53bac450e SHA-1: 34edbe6267be8158fd691c398878ade8e19962b3 SHA-256: 938cea91e3963170ac33e56c30bf89a331e911d05564433d279cba80d11addd9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'www.gorillawalker.com'. This is indicative of a link farm, a common technique for SEO manipulation or to distribute a large volume of content, potentially malicious. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mass-communication-law-in-hawaii.pdf
    • http://www.gorillawalker.com/vintage-restaurant-handcrafted-cuisine-from-a-sun-valley-favorite.pdf
    • http://www.gorillawalker.com/swim-kindle-edition.pdf
    • http://www.gorillawalker.com/alfred-s-basic-guitar-music-writing-book.pdf
    • http://www.gorillawalker.com/fundamentals-of-chemistry-math-toolkit.pdf
    • http://www.gorillawalker.com/manual-de-traduccion-frances-castellano-teoria-y-practica-de-la.pdf
    • http://www.gorillawalker.com/understanding-hieroglyphs.pdf
    • http://www.gorillawalker.com/die-design-engineering-korean-edition.pdf
    • http://www.gorillawalker.com/dinosaurs-kid-s-book-about-plesiosaurs-from-the-triassic-jurassic.pdf
    • http://www.gorillawalker.com/aria-il-vecchiotto-cerca-moglie-no-17-from-il-barbiere.pdf
    • http://www.gorillawalker.com/whole-foods-to-thrive-nutrient-dense-plant-based-recipes-for.pdf
    • http://www.gorillawalker.com/fantasia-in-c-minor-by-wolfgang-amadeus-mozart-for-solo.pdf
    • http://www.gorillawalker.com/tales-of-arthur-adventure-stories-from-the-arthurian-legend.pdf
    • http://www.gorillawalker.com/the-prepper-s-guide-to-economic-collapse-survival-how-to.pdf
    • http://www.gorillawalker.com/f-r-elise-sheet-simply-classics-solos.pdf
    • http://www.gorillawalker.com/quantum-shift-theological-and-pastoral-implications-of-contemporary-developments-in.pdf
    • http://www.gorillawalker.com/goliath.pdf
    • http://www.gorillawalker.com/dubai-the-story-of-the-world-s-fastest-city-kindle.pdf
    • http://www.gorillawalker.com/haiku-meditation-at-night-a-haiku-collection-book-3-kindle.pdf
    • http://www.gorillawalker.com/organization-development-in-health-care-addison-wesley-series-on-organization.pdf
    • http://www.gorillawalker.com/effective-innovation.pdf
    • http://www.gorillawalker.com/the-sutra-of-the-forty-two-sections-the-infinite-life.pdf
    • http://www.gorillawalker.com/the-credit-anstalt-crisis-of-1931-studies-in-macroeconomic-history.pdf
    • http://www.gorillawalker.com/private-worlds-200-years-of-american-still-life-painting-december.pdf
    • http://www.gorillawalker.com/golden-retrievers-a-practical-guide-for-owners-and-breeders.pdf
    • http://www.gorillawalker.com/synodal-examiners-and-parish-priest-consultors-1943-cua-studies-in.pdf
    • http://www.gorillawalker.com/the-diamond-mystery-1-the-whodunit-detective-agency.pdf
    • http://www.gorillawalker.com/the-devil-s-agent.pdf
    • http://www.gorillawalker.com/pigs-can-t-fly.pdf
    • http://www.gorillawalker.com/conscientious-equity-an-american-entrepreneur-s-solutions-to-the-world.pdf
    • http://www.gorillawalker.com/homoeopathy-the-potent-force-of-the-minute-dose.pdf
    • http://www.gorillawalker.com/destiny-navy-justice.pdf
    • http://www.gorillawalker.com/teach-yourself-bluegrass-mandolin.pdf
    • http://www.gorillawalker.com/fanfare-prelude-on-aurelia-handbell-score-handbell-3-5-sheet.pdf
    • http://www.gorillawalker.com/math-olympiad-contest-problems-for-elementary-and-middle-schools-vol.pdf
    • http://www.gorillawalker.com/soils-in-construction-5th-edition.pdf
    • http://www.gorillawalker.com/lactase-enzyme-from-lactobacillus-bacteria-a-simple-technique-to-isolate.pdf
    • http://www.gorillawalker.com/atlas-building-products-company-petitioner-v-diamond-block-gravel-company.pdf
    • http://www.gorillawalker.com/commoner-diseases-of-the-skin-national-medical-monographs.pdf
    • http://www.gorillawalker.com/beginning-php-and-mysql-from-novice-to-professional.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.