Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9e9892551fb8b80…

MALICIOUS

PDF

47.4 KB Created: 2018-12-15 20:11:17 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: c2c16501764e32ca3a01f9b97a80cd88 SHA-1: f7c6129e14cb0d1fd41994fe2067a5ffdd4b57bd SHA-256: a9e9892551fb8b80720b1f592d82c68e943d17ed1b182c7e105e23e79983793e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a significant number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links all point to PDFs hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to manipulate search engine rankings or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-dynamic-laws-of-healing.pdf
    • http://www.gorillawalker.com/mome-winter-spring-2008-vol-10-v-10.pdf
    • http://www.gorillawalker.com/mates-five-champions-of-the-labor-right.pdf
    • http://www.gorillawalker.com/lift-off-to-personal-growth-video-and-book-lift-off.pdf
    • http://www.gorillawalker.com/social-justice-global-viewpoints.pdf
    • http://www.gorillawalker.com/sight-word-trees-50-practice-pages-that-help-kids-master.pdf
    • http://www.gorillawalker.com/lucy-larcom-a-new-england-girlhood.pdf
    • http://www.gorillawalker.com/ancient-roman-eats-kindle-edition.pdf
    • http://www.gorillawalker.com/compendium-of-strawberry-diseases-disease-compendium-series.pdf
    • http://www.gorillawalker.com/riesling-rediscovered-bold-bright-and-dry.pdf
    • http://www.gorillawalker.com/water-cures-drugs-kill-how-water-cured-incurable-diseases.pdf
    • http://www.gorillawalker.com/with-wings-the-dark-angels-volume-1.pdf
    • http://www.gorillawalker.com/authors-and-artists-for-young-adults-volume-42.pdf
    • http://www.gorillawalker.com/flamenco-guitar-method-volume-1-book-cd-dvd-pack-schott.pdf
    • http://www.gorillawalker.com/a-history-of-the-revolt-of-ali-bey-against-the.pdf
    • http://www.gorillawalker.com/routledge-library-editions-autobiography-v-s-naipaul-displacement-and-autobiography.pdf
    • http://www.gorillawalker.com/the-oatmeal-2016-wall-calendar-how-to-tell-if-your.pdf
    • http://www.gorillawalker.com/alphabet-of-ocean-animals-a-smithsonian-alphabet-book-with-audiobook.pdf
    • http://www.gorillawalker.com/the-bigger-than-average-wedding-book-perfect-weddings-lose-weight.pdf
    • http://www.gorillawalker.com/the-social-construction-of-sexuality-third-edition-contemporary-societies-series.pdf
    • http://www.gorillawalker.com/la-vraie-gloire-est-ici-blanche-french-edition.pdf
    • http://www.gorillawalker.com/pools-reflections.pdf
    • http://www.gorillawalker.com/the-children-s-hour-acting-edition.pdf
    • http://www.gorillawalker.com/kaplan-ap-english-language-and-composition-2008-edition-kaplan-ap.pdf
    • http://www.gorillawalker.com/natural-boobs-volume-19-whitney.pdf
    • http://www.gorillawalker.com/federalism-and-economic-reform-international-perspectives.pdf
    • http://www.gorillawalker.com/george-whitefield-s-sermons.pdf
    • http://www.gorillawalker.com/latin-american-postmodernisms-women-writers-and-experimentation.pdf
    • http://www.gorillawalker.com/solving-america-s-sexual-crises.pdf
    • http://www.gorillawalker.com/simultane-optimierung-von-preis-und-investitionsstrategien-ein-diskreter-kontrolltheoretischer-ansatz.pdf
    • http://www.gorillawalker.com/consumer-behavior-marketing-strategy.pdf
    • http://www.gorillawalker.com/participatory-rural-appraisal-principles-methods-and-application.pdf
    • http://www.gorillawalker.com/imperial-warriors-britain-and-the-gurkhas.pdf
    • http://www.gorillawalker.com/venice-vampires-1-an-erotic-paranormal-romance.pdf
    • http://www.gorillawalker.com/don-t-just-stand-there-how-to-be-helpful-clued.pdf
    • http://www.gorillawalker.com/reading-comprehension-veritas-prep-gmat-series.pdf
    • http://www.gorillawalker.com/wrestler-annual-spring-1989-wwe-wwf-wcw-nwo-nwa-awa.pdf
    • http://www.gorillawalker.com/programming-the-raspberry-pi-getting-started-with-python.pdf
    • http://www.gorillawalker.com/understanding-gaming-law-issues-leading-lawyers-on-understanding-recent-changes.pdf
    • http://www.gorillawalker.com/the-idiot-american-university-studies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.