Malicious PDF — malware analysis report

Static analysis result for SHA-256 a01aefba6c934502…

MALICIOUS

PDF

42.6 KB Created: 2018-11-23 08:05:46 +03:00 Authoring application: Acrobat PDFMaker 7.0 для Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 491bef06574c85c8a10788ba511cbfd5 SHA-1: c8f6f80a1cc45d007de1ecb9029434f05671e779 SHA-256: a01aefba6c9345026ba506b4cfc1c2e7e3a3db67d05044cf3d3bca6e41770793
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a PDF_SEO_LINK_FARM heuristic firing, suggesting the document is designed to manipulate search engine rankings or distribute content through a link farm. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gods-that-walk-among-us.pdf
    • http://www.gorillawalker.com/the-snow-maiden-opera-dance-of-the-tumblers-act-iii.pdf
    • http://www.gorillawalker.com/bala-and-lake-vyrnwy-cassini-historical-map-revised-new-series.pdf
    • http://www.gorillawalker.com/paranormal-romance-tamed-by-the-billionaire-wolf-a-paranormal-werewolf.pdf
    • http://www.gorillawalker.com/mountain-biking-connecticut-a-guide-to-the-best-25-places.pdf
    • http://www.gorillawalker.com/discoveries-by-russian-land-travellers.pdf
    • http://www.gorillawalker.com/dino-crisis-prima-s-official-strategy-guide.pdf
    • http://www.gorillawalker.com/slumming-sexual-and-racial-encounters-in-american-nightlife-1885-1940.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-point-and-figure-charting-the-new.pdf
    • http://www.gorillawalker.com/becoming-quinn-jonathan-quinn-series-prequel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-singing-chick.pdf
    • http://www.gorillawalker.com/vehicle-mechanical-and-electronic-systems-engines-and-related-systems-macmillan.pdf
    • http://www.gorillawalker.com/by-analytic-theology-new-essays-in-the-philosophy-of-theology.pdf
    • http://www.gorillawalker.com/gone-an-alex-delaware-novel.pdf
    • http://www.gorillawalker.com/industrial-organic-chemistry.pdf
    • http://www.gorillawalker.com/upton-sinclair-s-self-editing-of-the-1906-edition-of.pdf
    • http://www.gorillawalker.com/the-therapeutic-state-justifying-government-at-century-s-end.pdf
    • http://www.gorillawalker.com/montreal-stories-selected-stories.pdf
    • http://www.gorillawalker.com/my-life-in-camps-during-the-war-and-more.pdf
    • http://www.gorillawalker.com/principles-of-physical-biochemistry-2nd-edition.pdf
    • http://www.gorillawalker.com/rivka-s-war.pdf
    • http://www.gorillawalker.com/moments-of-ecstasy-22-erotic-short-stories-sexy-stories-collection.pdf
    • http://www.gorillawalker.com/beyond-sinology-chinese-writing-and-the-scripts-of-culture-global.pdf
    • http://www.gorillawalker.com/dynamics-of-large-herbivore-populations-in-changing-environments.pdf
    • http://www.gorillawalker.com/i-crocodile.pdf
    • http://www.gorillawalker.com/wielder-apprentice-book-one-of-the-wielder-cycle-kindle-edition.pdf
    • http://www.gorillawalker.com/understanding-the-social-dimension-of-sustainability.pdf
    • http://www.gorillawalker.com/the-indie-producers-handbook-creative-producing-from-a-to-z.pdf
    • http://www.gorillawalker.com/how-the-other-half-lives-the-challenges-facing-clergy-spouses.pdf
    • http://www.gorillawalker.com/the-disordered-police-state-german-cameralism-as-science-and-practice.pdf
    • http://www.gorillawalker.com/u-s-government-flashcharts.pdf
    • http://www.gorillawalker.com/no-game-no-life-vol-4.pdf
    • http://www.gorillawalker.com/the-secret-thoughts-of-an-unlikely-convert-an-english-professor.pdf
    • http://www.gorillawalker.com/the-gates-of-hell-matt-drake.pdf
    • http://www.gorillawalker.com/the-problem-of-christian-anti-intellectualism-why-christians-should-study.pdf
    • http://www.gorillawalker.com/dash-diet-recipes-25-dash-diet-smoothie-recipes-for-weight.pdf
    • http://www.gorillawalker.com/copyright-versus-open-access-on-the-organisation-and-international-political.pdf
    • http://www.gorillawalker.com/pasta-and-pizza-paradigm.pdf
    • http://www.gorillawalker.com/dread-the-rastafarians-of-jamaica.pdf
    • http://www.gorillawalker.com/cambridge-igcse-geography-teacher-s-cd.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.