Malicious PDF — malware analysis report

Static analysis result for SHA-256 9c1524f2eb6628a5…

MALICIOUS

PDF

43.3 KB Created: 2019-03-17 13:09:51 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: ceb60169b4f36d4c366077607d9e83db SHA-1: 01b2643c975f7a09edaf5ce25a8b299a37747b31 SHA-256: 9c1524f2eb6628a5f3e5504186e63ae8d1bd33454cfca4e8929127c457751b91
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded URLs pointing to various PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or as a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/color-and-light-for-the-watercolor-painter-how-to-get.pdf
    • http://www.gorillawalker.com/cybill-disobedience-how-i-survived-beauty-pageants-elvis-sex-bruce.pdf
    • http://www.gorillawalker.com/small-animal-clinical-hematology.pdf
    • http://www.gorillawalker.com/the-barefoot-navigator.pdf
    • http://www.gorillawalker.com/fatal-desire-women-sexuality-and-the-english-stage-1660-1720.pdf
    • http://www.gorillawalker.com/isaac-asimov-s-science-fiction-magazine-november-1988.pdf
    • http://www.gorillawalker.com/high-blood-sugar-journal-includes-bonus-blood-pressure-chart.pdf
    • http://www.gorillawalker.com/kaplan-ap-biology.pdf
    • http://www.gorillawalker.com/61-outdoor-survival-skills-how-to-get-you-out-alive.pdf
    • http://www.gorillawalker.com/molly-s-pilgrim.pdf
    • http://www.gorillawalker.com/dorothy-dehner-a-retrospective-of-sculpture-drawings-and-paintings-an.pdf
    • http://www.gorillawalker.com/marketing-industrial-spanish-edition.pdf
    • http://www.gorillawalker.com/anna-halprin-dance-processes-forms.pdf
    • http://www.gorillawalker.com/guidebook-to-murder-a-tourist-trap-mystery-1-kindle-edition.pdf
    • http://www.gorillawalker.com/medical-instrument-design-and-development-from-requirements-to-market-placements.pdf
    • http://www.gorillawalker.com/ayiti.pdf
    • http://www.gorillawalker.com/psychology-and-gynaecological-problems.pdf
    • http://www.gorillawalker.com/hitler-s-last-levy-in-east-prussia-volkssturm-einsatz-bataillon.pdf
    • http://www.gorillawalker.com/far-out-fashion-bringing-1960s-and-1970s-flair-to-your.pdf
    • http://www.gorillawalker.com/gravitation-and-cosmology-principles-and-applications-of-the-general-theory.pdf
    • http://www.gorillawalker.com/quaid-i-azam-mohammad-ali-jinnah-his-personalities-and-his.pdf
    • http://www.gorillawalker.com/socrates-in-90-minutes-philosophers-in-90-minutes-series.pdf
    • http://www.gorillawalker.com/iec-60068-2-61-ed-1-0-b-1991-environmental.pdf
    • http://www.gorillawalker.com/william-burroughs-the-algebra-of-need-critical-appraisals-series.pdf
    • http://www.gorillawalker.com/vending-machines-in-philippines-market-snapshot-to-2015-download-pdf.pdf
    • http://www.gorillawalker.com/foods-of-russia-taste-of-culture.pdf
    • http://www.gorillawalker.com/with-all-josie-s-heart-mills-boon-love-inspired.pdf
    • http://www.gorillawalker.com/globally-responsible-leadership-managing-according-to-the-un-global-compact.pdf
    • http://www.gorillawalker.com/equity-and-trusts-150-leading-cases.pdf
    • http://www.gorillawalker.com/rabindranath-tagore-and-the-challenge-of-today.pdf
    • http://www.gorillawalker.com/scottish-firsts-a-celebration-of-innovation-and-achievement.pdf
    • http://www.gorillawalker.com/holt-algebra-1-cuaderno-de-trabajo-de-resolucion-de-problemas.pdf
    • http://www.gorillawalker.com/a-life-at-full-speed-a-journal-of-struggle-and.pdf
    • http://www.gorillawalker.com/ryan-baker-ugley-and-the-silver-scales.pdf
    • http://www.gorillawalker.com/blood-on-the-shores-soviet-naval-commandos-in-world-war.pdf
    • http://www.gorillawalker.com/hadrian-s-wall-path-british-walking-guide-planning-places-to.pdf
    • http://www.gorillawalker.com/investment-management-law-and-regulation.pdf
    • http://www.gorillawalker.com/the-boer-war-1899-1902.pdf
    • http://www.gorillawalker.com/tabe-secrets-study-guide-tabe-exam-review-for-the-test.pdf
    • http://www.gorillawalker.com/harcourt-science-student-edition-grade-2-2008.pdf
    • http://www.gorillawalker.com/fatal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.