Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ae1c860c21c9d15…

MALICIOUS

PDF

42.6 KB Created: 2019-03-17 07:03:50 +03:00 Authoring application: Acrobat PDFMaker 6.0 for Word (via Acrobat Distiller 6.0 (Windows))
MD5: e4e662974c6d1c5c82c822c772b3b37a SHA-1: 2c582666c383de1569fdb6cf0307b139e332d929 SHA-256: 9ae1c860c21c9d154ca69b1fcfe4c9ac578cd8d0f0ffa1945e42a2aa4a7817ef
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-submission-of-little-lady-sophia-victorian-bdsm-erotica.pdf
    • http://www.gorillawalker.com/alfred-s-basic-piano-course-lesson-book-bk-1a-spanish.pdf
    • http://www.gorillawalker.com/depresi-n-no-gracias-ecologia-mental-spanish-edition.pdf
    • http://www.gorillawalker.com/handbook-for-remediation-of-petroleum-contaminated-sites-a-risk-based.pdf
    • http://www.gorillawalker.com/the-good-cook-soups.pdf
    • http://www.gorillawalker.com/buenos-aires-english-spanish-version-3rd-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/an-aarp-guide-living-with-heart-disease-everything-you-need.pdf
    • http://www.gorillawalker.com/neurological-surgery-i-spinal-cord-ii-peripheral-nerves.pdf
    • http://www.gorillawalker.com/mama-and-baby-indestructibles.pdf
    • http://www.gorillawalker.com/i-lan-in-di-sun.pdf
    • http://www.gorillawalker.com/freedom-s-wings-corey-s-diary-my-america-turtleback.pdf
    • http://www.gorillawalker.com/edward-vii-s-children.pdf
    • http://www.gorillawalker.com/the-seagull-a-comedy.pdf
    • http://www.gorillawalker.com/gateway-to-the-aesir-book-1-of-the-david-page.pdf
    • http://www.gorillawalker.com/law-of-evidence-digital.pdf
    • http://www.gorillawalker.com/studies-on-modern-scholarship.pdf
    • http://www.gorillawalker.com/cuffsy-wuffsy-volume-4.pdf
    • http://www.gorillawalker.com/embedded-enterprise-and-social-capital-international-perspectives.pdf
    • http://www.gorillawalker.com/day-6-beyond-the-5-day-pouch-test.pdf
    • http://www.gorillawalker.com/a-bilingual-concordance-to-the-targum-of-the-prophets-isaiah.pdf
    • http://www.gorillawalker.com/best-in-show-disney-princess-palace-pets-big-coloring-book.pdf
    • http://www.gorillawalker.com/post-world-war-ii-box-camera-photos-from-guam.pdf
    • http://www.gorillawalker.com/dancing-eyes-kindle-edition.pdf
    • http://www.gorillawalker.com/dog-food-recipes-dog-food-recipes-27-homemade-dog-food.pdf
    • http://www.gorillawalker.com/life-in-the-third-reich.pdf
    • http://www.gorillawalker.com/the-bounty-the-true-story-of-the-mutiny-on-the.pdf
    • http://www.gorillawalker.com/emergency-murder-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/south-africa-a-world-in-one-country-travel-guide.pdf
    • http://www.gorillawalker.com/st-petersburg-fl-city-slicker.pdf
    • http://www.gorillawalker.com/independent-learning-project-for-advanced-chemistry-the-gaseous-state-bk.pdf
    • http://www.gorillawalker.com/her-favorite-ghost.pdf
    • http://www.gorillawalker.com/tutto-su-firenze-e-la-toscana-quello-che-non-si.pdf
    • http://www.gorillawalker.com/desert-god-a-novel-of-ancient-egypt-kindle-edition.pdf
    • http://www.gorillawalker.com/no-more-bingo-dresses-using-nlp-to-cope-with-breast.pdf
    • http://www.gorillawalker.com/economic-life-of-mexican-beach-vendors-acapulco-puerto-vallarta-and.pdf
    • http://www.gorillawalker.com/answering-to-him-old-fashioned-husbands-book-1.pdf
    • http://www.gorillawalker.com/what-color-is-monday-how-autism-changed-one-family-for.pdf
    • http://www.gorillawalker.com/world-s-best-aiming-system-for-billiards-kindle-edition.pdf
    • http://www.gorillawalker.com/directory-of-state-court-clerks-and-county-courthouses-2015-state.pdf
    • http://www.gorillawalker.com/rites-of-burial.pdf
    • http://www.gorillawalker.com/buenos-aires-engli
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.