Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e0a0d71f9fe1fcc…

MALICIOUS

PDF

45.8 KB Created: 2019-04-10 12:10:10 +03:00 Authoring application: tFPDF 1.03
MD5: 180bbcb3c948702f2da261339b43462e SHA-1: 4709c4a23ca03a71187420853de70ea68ac95275 SHA-256: 9e0a0d71f9fe1fcc18e2a8bb092168d711dc56cb63027422f246d601f89563b6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF was flagged by a critical heuristic for containing a mass external link farm, pointing to 32 different PDF files on the domain 'gorillawalker.com'. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine results or distribute potentially malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8396

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-color-handbook-of-skin-diseases-of-the-dog-and.pdf
    • http://www.gorillawalker.com/a-history-of-horrors-the-rise-and-fall-of-the.pdf
    • http://www.gorillawalker.com/constructions.pdf
    • http://www.gorillawalker.com/the-fukushima-2011-disaster.pdf
    • http://www.gorillawalker.com/gaeilge-gan-str-beginners-level-a-multimedia-irish-language-course.pdf
    • http://www.gorillawalker.com/breaking-silence-coming-out-letters.pdf
    • http://www.gorillawalker.com/satellite-encryption.pdf
    • http://www.gorillawalker.com/you-lift-me-up-overcoming-ministry-challenges.pdf
    • http://www.gorillawalker.com/cooking-for-two-fast-easy-delicious-low-calorie-cooking-for.pdf
    • http://www.gorillawalker.com/mobility-for-sap.pdf
    • http://www.gorillawalker.com/schizophrenia-sleep-and-acupuncture.pdf
    • http://www.gorillawalker.com/moral-education.pdf
    • http://www.gorillawalker.com/understanding-dental-caries-basic-and-clinical-aspects-2-volume-set.pdf
    • http://www.gorillawalker.com/the-homemade-medicine-book-3rd-edition.pdf
    • http://www.gorillawalker.com/snowboarding-to-the-extreme.pdf
    • http://www.gorillawalker.com/effectiveness-of-a-school-based-intervention-to-increase-health-knowledge.pdf
    • http://www.gorillawalker.com/decoded-enhanced-edition.pdf
    • http://www.gorillawalker.com/engineering-nature-water-development-and-the-global-spread-of-american.pdf
    • http://www.gorillawalker.com/the-fire-on-the-mountain-and-other-stories-from-ethiopia.pdf
    • http://www.gorillawalker.com/hal-leonard-mercyme-welcome-to-the-new-for-piano-vocal.pdf
    • http://www.gorillawalker.com/saving-emily-young-readers.pdf
    • http://www.gorillawalker.com/an-easy-approach-to-money-management-how-to-exploit-the.pdf
    • http://www.gorillawalker.com/civitas-by-design-building-better-communities-from-the-garden-city.pdf
    • http://www.gorillawalker.com/flash-cards-subtraction.pdf
    • http://www.gorillawalker.com/medical-research-for-hire-the-political-economy-of-pharmaceutical-clinical.pdf
    • http://www.gorillawalker.com/away-from-home-food-and-diet-quality-food-science-and.pdf
    • http://www.gorillawalker.com/between-states.pdf
    • http://www.gorillawalker.com/deacons-servant-models-in-the-church.pdf
    • http://www.gorillawalker.com/how-to-market-tourism-attractions-festivals-and-special-events-a.pdf
    • http://www.gorillawalker.com/kanji-de-manga-volume-2-the-comic-book-that-teaches.pdf
    • http://www.gorillawalker.com/the-automotive-body-volume-i-components-design-mechanical-engineering-series.pdf
    • http://www.gorillawalker.com/the-new-2015-complete-guide-to-pokemon-black-and-white.pdf
    • http://www.gorillawalker.com/a-chiroptactic-s-guide-to-life-recipes-and-remedies-that.pdf
    • http://www.gorillawalker.com/the-counter-counterinsurgency-manual-paradigm.pdf
    • http://www.gorillawalker.com/living-with-light-decorating-the-scandinavian-way.pdf
    • http://www.gorillawalker.com/cuckolding-passion-a-futa-and-her-dragon-4-futa-on.pdf
    • http://www.gorillawalker.com/happy-birthday-princess-disney-princess-step-into-reading.pdf
    • http://www.gorillawalker.com/traditional-textiles-of-cambodia-cultural-threads-and-material-heritage.pdf
    • http://www.gorillawalker.com/jesus-and-the-jewish-festivals-ancient-context-ancient-faith.pdf
    • http://www.gorillawalker.com/the-men-behind-monty.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.