Malicious PDF — malware analysis report

Static analysis result for SHA-256 a96c826ce29d331a…

MALICIOUS

PDF

43.1 KB Created: 2018-11-26 08:22:55 +03:00 Authoring application: AH XSL Formatter V6.1 MR5a for Windows (x64) : 6.1.10.15867 (via Antenna House PDF Output Library 6.1.472 (Windows (x64)))
MD5: c816e4dc0e7696a81adafa9030880cae SHA-1: ecb36b0df28445ebadd6a21dbe09b25843a0b86c SHA-256: a96c826ce29d331a5a8132508b1fa7ff54b85a54725e8776d40de40b37d5ca47
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files hosted on gorillawalker.com. This suggests a link farm or SEO poisoning attack designed to lure users into downloading potentially malicious content. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/microbiology-laboratory-theory-application-brief-2nd-edition.pdf
    • http://www.gorillawalker.com/teen-health-course-3-chapter-14-fast-files-drugs.pdf
    • http://www.gorillawalker.com/riqueza-comunitaria-cientifica-una-nueva-naci-n-una-nueva-rep.pdf
    • http://www.gorillawalker.com/harvest-of-despair-life-and-death-in-ukraine-under-nazi.pdf
    • http://www.gorillawalker.com/the-color-factor-the-economics-of-african-american-well-being.pdf
    • http://www.gorillawalker.com/vivaldi-antonio-concerto-in-g-minor-op-12-no1-rv.pdf
    • http://www.gorillawalker.com/the-last-viking-viking-ii.pdf
    • http://www.gorillawalker.com/the-simon-and-schuster-picture-dictionary-of-phonics-from-a.pdf
    • http://www.gorillawalker.com/living-with-adhd.pdf
    • http://www.gorillawalker.com/the-emerging-republican-majority-the-james-madison-library-in-american.pdf
    • http://www.gorillawalker.com/oil-money-politics-and-power-in-the-21st-century-kindle.pdf
    • http://www.gorillawalker.com/wrigley-field-the-long-life-and-contentious-times-of-the.pdf
    • http://www.gorillawalker.com/striptease-the-untold-history-of-the-girlie-show.pdf
    • http://www.gorillawalker.com/the-hymnody-of-the-christian-church.pdf
    • http://www.gorillawalker.com/piano-concerto-op-20-kalmus-edition.pdf
    • http://www.gorillawalker.com/adventures-in-python-adventures-in-kindle-edition.pdf
    • http://www.gorillawalker.com/the-african-jihad.pdf
    • http://www.gorillawalker.com/beyond-the-b-b-c.pdf
    • http://www.gorillawalker.com/jazz-keyboard-toolbox.pdf
    • http://www.gorillawalker.com/the-berenstain-bears-blaze-a-trail.pdf
    • http://www.gorillawalker.com/buddhism-and-the-twelve-steps-a-recovery-workbook-for-individuals.pdf
    • http://www.gorillawalker.com/the-orthodox-church-penguin-religion.pdf
    • http://www.gorillawalker.com/on-the-day-i-died.pdf
    • http://www.gorillawalker.com/moving-the-mountain-the-women-s-movement-in-america-since.pdf
    • http://www.gorillawalker.com/el-rey-ya-viene-prep-rate-para-encontrarte-con-jes.pdf
    • http://www.gorillawalker.com/voyages-of-discovery-time-frame-ad-1400-1500.pdf
    • http://www.gorillawalker.com/what-color-que-color-chubby-board-books-spanish-and-english.pdf
    • http://www.gorillawalker.com/philippines-travel-map-globetrotter-travel-map.pdf
    • http://www.gorillawalker.com/claims-adjuster-exam-flashcard-study-system-claims-adjuster-test-practice.pdf
    • http://www.gorillawalker.com/unstoppable-gospel-living-out-the-world-changing-vision-of-jesus.pdf
    • http://www.gorillawalker.com/when-will-you-rage-werewolf-the-apocalypse.pdf
    • http://www.gorillawalker.com/the-art-of-marriage-small-group-study-dvd-leader-kit.pdf
    • http://www.gorillawalker.com/greatest-stories-ever-told-vols-i-iii.pdf
    • http://www.gorillawalker.com/the-terror-of-terre-haute-bud-taylor-and-the-1920s.pdf
    • http://www.gorillawalker.com/remote-sensing-the-image-chain-approach.pdf
    • http://www.gorillawalker.com/computing-for-comparative-microbial-genomics-bioinformatics-for-microbiologists-computational-biology.pdf
    • http://www.gorillawalker.com/coronation-march-op-65-original-orchestra-full-score-a6454.pdf
    • http://www.gorillawalker.com/photography-as-meditation-tap-into-the-source-of-your-creativity.pdf
    • http://www.gorillawalker.com/imaging-and-urodynamics-of-the-lower-urinary-tract-kindle-edition.pdf
    • http://www.gorillawalker.com/where-white-men-fear-to-tread-the-autobiography-of-russell.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.