Malicious PDF — malware analysis report

Static analysis result for SHA-256 a379fc44510b190d…

MALICIOUS

PDF

43.4 KB Created: 2018-12-11 20:47:20 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: f8d4996cea0c54773c13cd35722af515 SHA-1: 146b59f634844dcfd2245fba8ddb06d6b10a25cc SHA-256: a379fc44510b190d449611c864ec6466034988b448303edfbaceaeb5e1317cf1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links (32 detected) to various PDF documents hosted on gorillawalker.com. This technique is often used for SEO manipulation or to serve as a link farm for distributing malicious payloads or phishing content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/guia-pr-ctica-de-ventas-kam-y-trade-marketing-para.pdf
    • http://www.gorillawalker.com/lips-unsealed-a-memoir.pdf
    • http://www.gorillawalker.com/getting-started-with-kanban.pdf
    • http://www.gorillawalker.com/party-spirit-in-a-frontier-republic-democratic-politics-in-ohio.pdf
    • http://www.gorillawalker.com/milady-s-standard-cosmetology-study-summary-vietnamese-vietnamese-edition.pdf
    • http://www.gorillawalker.com/instrumentation-for-the-operating-room-pageburst-e-book-on-vitalsource.pdf
    • http://www.gorillawalker.com/the-algal-ridges-and-coral-reefs-of-st-croix-and.pdf
    • http://www.gorillawalker.com/transactions-of-the-royal-society-of-tropical-medicine-and-hygiene.pdf
    • http://www.gorillawalker.com/thomas-and-beulah-carnegie-mellon-poetry-series.pdf
    • http://www.gorillawalker.com/the-sun-early-bird-astronomy.pdf
    • http://www.gorillawalker.com/the-buried-city-of-pompeii-picturebook.pdf
    • http://www.gorillawalker.com/kelly-victoria-s-song-lyrics-song-lyrics-from-our-hearts.pdf
    • http://www.gorillawalker.com/beyond-the-black-hole-kindle-edition.pdf
    • http://www.gorillawalker.com/iris-and-walter-true-friends.pdf
    • http://www.gorillawalker.com/sea-scribe-a-covert-christian-mission-suspense-kindle-edition.pdf
    • http://www.gorillawalker.com/hermanos-vinculos-que-dejan-huella-spanish-edition.pdf
    • http://www.gorillawalker.com/ghosts-of-thua-thien-an-american-soldier-s-memoir-of.pdf
    • http://www.gorillawalker.com/behavioral-safety-approach-for-workplace-accidents-prevention-lessons-from-indian.pdf
    • http://www.gorillawalker.com/othello-young-reading-series-three.pdf
    • http://www.gorillawalker.com/nixon-s-secrets-the-rise-fall-and-untold-truth-about.pdf
    • http://www.gorillawalker.com/a-handbook-on-anti-dumping-investigations.pdf
    • http://www.gorillawalker.com/ethical-legal-and-social-issues-in-medical-informatics.pdf
    • http://www.gorillawalker.com/the-value-of-friends-a-story-about-helping-friends-in.pdf
    • http://www.gorillawalker.com/south-western-federal-taxation-2016-corporations-partnerships-estates-and-trusts.pdf
    • http://www.gorillawalker.com/matlab-codes-for-finite-element-analysis-solids-and-structures-solid.pdf
    • http://www.gorillawalker.com/custom-enrichment-module-behavior-change-workbook.pdf
    • http://www.gorillawalker.com/minireference-library-2-volume-set.pdf
    • http://www.gorillawalker.com/grouting-in-rock-and-concrete.pdf
    • http://www.gorillawalker.com/cheese-best-of-british.pdf
    • http://www.gorillawalker.com/the-other-half-of-the-sky-kindle-edition.pdf
    • http://www.gorillawalker.com/do-it-yourself-house-that-jack-built-picture-puffin.pdf
    • http://www.gorillawalker.com/south-ukraine-business-and-industrial-directory-world-business-law-handbook.pdf
    • http://www.gorillawalker.com/mars-the-red-planet.pdf
    • http://www.gorillawalker.com/oral-history-series-children-of-los-alamos-an-oral-history.pdf
    • http://www.gorillawalker.com/course-design-of-machinery-mechanical-engineering-chinese-edition.pdf
    • http://www.gorillawalker.com/witches-runes-volume-6-paperback.pdf
    • http://www.gorillawalker.com/wen-xuan-or-selections-of-refined-literature-volume-2-rhapsodies.pdf
    • http://www.gorillawalker.com/looking-at-the-liturgy.pdf
    • http://www.gorillawalker.com/peace-conflict-and-violence-peace-psychology-for-the-21st-century.pdf
    • http://www.gorillawalker.com/something-rich-and-strange-tales-from-the-sea.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.