Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ccaade9e205c783…

MALICIOUS

PDF

43.1 KB Created: 2018-11-23 08:00:33 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: b5e41a85b2df9a550f797eec80e00d19 SHA-1: 511bc1226e0cbbf21976d4da4e89aef85affc94b SHA-256: 9ccaade9e205c783a625508f6619286509c2e001a397773e8b7f122994098603
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The primary purpose appears to be directing users to a link farm hosted on www.gorillawalker.com, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/das-ebook-profit-kraftpaket-produkt-creations-pack-5-german-edition.pdf
    • http://www.gorillawalker.com/life-in-the-ancient-indus-river-valley-peoples-of-the.pdf
    • http://www.gorillawalker.com/transmission-electron-microscopy-a-textbook-for-materials-science.pdf
    • http://www.gorillawalker.com/review-copy.pdf
    • http://www.gorillawalker.com/modified-atmosphere-packaging-for-fresh-cut-fruits-and-vegetables.pdf
    • http://www.gorillawalker.com/my-office-is-killing-me-the-sick-building-survival-guide.pdf
    • http://www.gorillawalker.com/supporting-teachers-as-learners-a-guide-for-mentors-and-coaches.pdf
    • http://www.gorillawalker.com/the-prosper-school-pathways-for-student-wellbeing-policy-and-practices.pdf
    • http://www.gorillawalker.com/crimson-shadows.pdf
    • http://www.gorillawalker.com/oscar-arias-peacemaker-and-leader-among-nations-people-who-have.pdf
    • http://www.gorillawalker.com/buddhism-for-beginners-a-practical-guide-to-mindfulness-awakening-for.pdf
    • http://www.gorillawalker.com/changed-into-his-likeness-kindle-edition.pdf
    • http://www.gorillawalker.com/u-s-department-of-commerce-coast-and-geodetic-survey-special.pdf
    • http://www.gorillawalker.com/the-ivy-portfolio-how-to-invest-like-the-top-endowments.pdf
    • http://www.gorillawalker.com/fox-in-socks.pdf
    • http://www.gorillawalker.com/the-lie-the-skyy-huntington-series-volume-1.pdf
    • http://www.gorillawalker.com/verbal-and-emotional-abuse-5-pack-june-hunt-hope-for.pdf
    • http://www.gorillawalker.com/integral-astrology-understanding-the-ancient-discipline-in-the-contemporary-world.pdf
    • http://www.gorillawalker.com/alberta-provinces-and-territories-of-canada.pdf
    • http://www.gorillawalker.com/outline-light-and-shadow-on-bud-drawspace-module-5-1.pdf
    • http://www.gorillawalker.com/maquillaje-sin-complicaciones-spanish-edition.pdf
    • http://www.gorillawalker.com/silent-assassin-a-dan-morgan-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/she-loved-everyone-but-me.pdf
    • http://www.gorillawalker.com/in-defense-of-globalization-with-a-new-afterword.pdf
    • http://www.gorillawalker.com/sisters-and-brothers-the-ultimate-guide-to-understanding-your-siblings.pdf
    • http://www.gorillawalker.com/ship-stability-for-masters-and-mates-sixth-edition.pdf
    • http://www.gorillawalker.com/alone-at-home-with-the-alpha-billionaire-taboo-bdsm-spanking.pdf
    • http://www.gorillawalker.com/next-generation-antidepressants-cambridge-medicine-kindle-edition.pdf
    • http://www.gorillawalker.com/the-ugly-pugling-wilson-the-pug-in-love.pdf
    • http://www.gorillawalker.com/click-the-forces-behind-how-we-fully-engage-with-people.pdf
    • http://www.gorillawalker.com/army-techniques-publication-atp-4-43-fm-10-67-petroleum.pdf
    • http://www.gorillawalker.com/high-school-science-reproducible-biology.pdf
    • http://www.gorillawalker.com/remarkable-lgbtq-lives.pdf
    • http://www.gorillawalker.com/rose-philippine-duchesne-a-dreamer-and-a-missionary-saints-and.pdf
    • http://www.gorillawalker.com/somalia-summary-map-sudoc-prex-3-10-4-so-5.pdf
    • http://www.gorillawalker.com/realistic-watercolor-portraits-how-to-paint-a-variety-of-ages.pdf
    • http://www.gorillawalker.com/flute-sonata-in-e-flat-major-bwv-1031-classical-play.pdf
    • http://www.gorillawalker.com/deadman-wonderland-vol-13.pdf
    • http://www.gorillawalker.com/8-degrees-of-ingredients.pdf
    • http://www.gorillawalker.com/after-the-american-century-the-ends-of-u-s-culture.pdf
    • http://www.gorillawalker.com/supporting-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.