Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a2d54bf42cfe0a4…

MALICIOUS

PDF

47.3 KB Created: 2019-04-10 12:10:09 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: 318bf8fea6da74cc6903bc55ceb8a16b SHA-1: e761adb01a77931df298fa715d75b8a1b5ac2dac SHA-256: 9a2d54bf42cfe0a4a75b9eeb6b924ad6a2de995403645edd3edd91681e643cc4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, indicating a link farm. The primary heuristic firing, PDF_SEO_LINK_FARM, confirms the presence of 32 external PDF links, with the first one being http://www.gorillawalker.com/the-eczema-itch-buster-most-skincare-companies-don-t-want.pdf. This suggests the document's purpose is to lure users into clicking these links, likely leading to phishing or malware download sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-eczema-itch-buster-most-skincare-companies-don-t-want.pdf
    • http://www.gorillawalker.com/sculpting-with-light-techniques-for-portrait-photographers.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-stewart-redlin-watson-s-college-algebra.pdf
    • http://www.gorillawalker.com/the-blood-vivicanti-part-6-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-know-the-spring-flowers-pictured-key-nature-series.pdf
    • http://www.gorillawalker.com/annual-report-of-the-mutual-life-insurance-company-of-new.pdf
    • http://www.gorillawalker.com/the-modern-american-novel-and-the-movies.pdf
    • http://www.gorillawalker.com/the-boys-book-of-the-west.pdf
    • http://www.gorillawalker.com/easy-classical-double-bass-piano-duets-featuring-music-of-brahms.pdf
    • http://www.gorillawalker.com/music-minus-one-trombone-teachers-partner-basic-trombone.pdf
    • http://www.gorillawalker.com/nation-dance-religion-identity-and-cultural-difference-in-the-caribbean.pdf
    • http://www.gorillawalker.com/cyber-infrastructure-protection.pdf
    • http://www.gorillawalker.com/lords-of-the-land-indigenous-property-rights-and-the-jurisprudence.pdf
    • http://www.gorillawalker.com/fundamentals-of-historical-geology.pdf
    • http://www.gorillawalker.com/new-myaccountinglab-with-pearson-etext-standalone-access-card-for-horngren.pdf
    • http://www.gorillawalker.com/the-reboot-with-joe-juice-diet-cookbook-juice-smoothie-and.pdf
    • http://www.gorillawalker.com/fast-forwarding-higher-education-institutions-for-global-challenges-perspectives-and.pdf
    • http://www.gorillawalker.com/story-myth-and-celebration-in-old-french-narrative-poetry-1050.pdf
    • http://www.gorillawalker.com/screen-to-screen-selling-how-to-increase-sales-productivity-and.pdf
    • http://www.gorillawalker.com/setting-goals-getting-goals-achieve-your-full-potential-through-goal.pdf
    • http://www.gorillawalker.com/cover-letters-ereport-20-samples-just-for-you.pdf
    • http://www.gorillawalker.com/the-toxicology-of-carbon-nanotubes.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-improving-your-photography-77-tips-and.pdf
    • http://www.gorillawalker.com/hybrid-modernities-architecture-and-representation-at-the-1931-colonial-exposition.pdf
    • http://www.gorillawalker.com/historical-atlas-of-arizona.pdf
    • http://www.gorillawalker.com/bikini-girls-8-bikini-girls-nudity-girls-with-big-butt.pdf
    • http://www.gorillawalker.com/dream-jobs-in-coaching-great-careers-in-the-sports-industry.pdf
    • http://www.gorillawalker.com/freelancer.pdf
    • http://www.gorillawalker.com/corpus-csir-gb-volume-1-fasc-8-roman-sculpture-from.pdf
    • http://www.gorillawalker.com/rhodes-and-the-dodecanese-leisure-map-holiday-maps.pdf
    • http://www.gorillawalker.com/milk-money-cash-cows-and-the-death-of-the-american.pdf
    • http://www.gorillawalker.com/handbook-of-biblical-chronology-principles-of-time-reckoning-in-the.pdf
    • http://www.gorillawalker.com/nouvelles-cd-french-edition.pdf
    • http://www.gorillawalker.com/good-housekeeping-400-calorie-meals-easy-mix-and-match-recipes.pdf
    • http://www.gorillawalker.com/what-s-up-south-world-map.pdf
    • http://www.gorillawalker.com/applied-electrochemistry-and-welding-a-practical-treatise-on-commercial-chemistry.pdf
    • http://www.gorillawalker.com/detour-s-san-francisco.pdf
    • http://www.gorillawalker.com/the-legal-lampoon-a-biased-unfair-and-completely-accurate-law.pdf
    • http://www.gorillawalker.com/terapias-de-psicolog.pdf
    • http://www.gorillawalker.com/lean-supply-chain-management-a-handbook-for-strategic-procurement.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.