Malicious PDF — malware analysis report

Static analysis result for SHA-256 95c56fbf5b1eefe7…

MALICIOUS

PDF

40.4 KB Created: 2018-12-15 20:02:23 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 9.5.5 (Windows))
MD5: 9750eab7d2a6e97f16b5220157b049e2 SHA-1: baf861718f77ac2a778fc63e9dd8afdf803177a9 SHA-256: 95c56fbf5b1eefe71dca2ca81bfd97b172383b277fc43a9b8bf75a946db39925
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to various PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a high volume of content, which can include malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/top-25-sport-club-management-kpis-of-2011-2012.pdf
    • http://www.gorillawalker.com/rideau-boating-and-road-guide-where-to-dock-shop-wine.pdf
    • http://www.gorillawalker.com/lu-xun-selected-poems.pdf
    • http://www.gorillawalker.com/the-riddle-of-erskine-childers.pdf
    • http://www.gorillawalker.com/textbook-of-temporomandibular-disorders.pdf
    • http://www.gorillawalker.com/jesus-a-story-of-enlightenment.pdf
    • http://www.gorillawalker.com/power-from-the-wind-achieving-energy-independence.pdf
    • http://www.gorillawalker.com/the-greek-state.pdf
    • http://www.gorillawalker.com/receptive-language-difficulties.pdf
    • http://www.gorillawalker.com/the-curious-researcher-a-guide-to-writing-research-papers.pdf
    • http://www.gorillawalker.com/betriebliche-instandhaltung-vdi-buch-german-edition.pdf
    • http://www.gorillawalker.com/history-and-warfare-in-renaissance-epic.pdf
    • http://www.gorillawalker.com/particle-penetration-and-radiation-effects-general-aspects-and-stopping-of.pdf
    • http://www.gorillawalker.com/new-wine-new-wineskins-how-african-american-congregations-can-reach.pdf
    • http://www.gorillawalker.com/kalimat.pdf
    • http://www.gorillawalker.com/europ.pdf
    • http://www.gorillawalker.com/blood-magick-the-cousins-o-dwyer-trilogy.pdf
    • http://www.gorillawalker.com/clay-classics-drawing-and-sizing-canework-paperback.pdf
    • http://www.gorillawalker.com/kalevala-the-epic-poem-of-finland-into-english-volume-2.pdf
    • http://www.gorillawalker.com/death-decomposition-and-detector-dogs-from-science-to-scene.pdf
    • http://www.gorillawalker.com/rand-mcnally-washington-dc-streetfinder.pdf
    • http://www.gorillawalker.com/enterprising-states-the-public-management-of-welfare-to-work.pdf
    • http://www.gorillawalker.com/soul-city-a-novel.pdf
    • http://www.gorillawalker.com/zen-wrapped-in-karma-dipped-in-chocolate-a-trip-through.pdf
    • http://www.gorillawalker.com/telford-ironbridge-and-the-wrekin-os-explorer-active-map.pdf
    • http://www.gorillawalker.com/households-bargain-price-hardcover.pdf
    • http://www.gorillawalker.com/discovering-scarfolk.pdf
    • http://www.gorillawalker.com/big-guy-and-rusty-2nd-edition.pdf
    • http://www.gorillawalker.com/acute-pancreatitis-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-jaguar-collectibles.pdf
    • http://www.gorillawalker.com/the-psychology-of-criminal-justice.pdf
    • http://www.gorillawalker.com/kvetch-as-kvetch-can-jewish-cartoons.pdf
    • http://www.gorillawalker.com/the-voice-diagnostic-protocol-a-practical-guide-to-the-diagnosis.pdf
    • http://www.gorillawalker.com/understanding-and-applying-cognitive-development-theory-new-directions-for-student.pdf
    • http://www.gorillawalker.com/extension-of-data-envelopment-analysis-with-preference-information-value-efficiency.pdf
    • http://www.gorillawalker.com/cuaderno-de-ejercicios-para-negociar-r-pido-y-bien-spanish.pdf
    • http://www.gorillawalker.com/ravenous-desires-erotic-short-stories.pdf
    • http://www.gorillawalker.com/brain-quest-1st-grade-math.pdf
    • http://www.gorillawalker.com/the-promised-city-new-york-s-jews-1870-1914-revised.pdf
    • http://www.gorillawalker.com/aging-well-exploring-the-land-of-our-later-years.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.