Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9e9df9e89d0e804…

MALICIOUS

PDF

39.8 KB Created: 2018-11-14 08:15:48 +03:00 Authoring application: - (via Python PDF Library - http://pybrary.net/pyPdf/)
MD5: 97e54e184f943ea0e8083e55c6a580fe SHA-1: 3d588cf1f428b0596cb0ba694d4343b3b109a763 SHA-256: a9e9df9e89d0e8044f38b2f75ee60041d60a6981bf78ad8aa4ef75bb69503009
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links pointing to PDF files on the domain 'gorillawalker.com'. This suggests the document is designed to act as a link farm, potentially for SEO manipulation or to redirect users to malicious content hosted on those linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lesbian-and-gay-parents-and-their-children-research-on-the.pdf
    • http://www.gorillawalker.com/squeeze-play-made-easy.pdf
    • http://www.gorillawalker.com/foundations-of-doctrine-in-scripture-and-experience-a-students-handbook.pdf
    • http://www.gorillawalker.com/the-complete-book-of-abs-revised-and-expanded-edition.pdf
    • http://www.gorillawalker.com/social-security-made-easy-how-to-increase-retirement-fund-by.pdf
    • http://www.gorillawalker.com/civil-service-systems-in-western-europe.pdf
    • http://www.gorillawalker.com/engines-of-extinction-episode-i-the-end-the-means-kindle.pdf
    • http://www.gorillawalker.com/triceratops-three-horned-giant-first-graphics-dinosaurs.pdf
    • http://www.gorillawalker.com/54-short-christian-plays-let-s-spread-the-gospel-dramatically.pdf
    • http://www.gorillawalker.com/employee-engagement-for-dummies.pdf
    • http://www.gorillawalker.com/tabla-de-flandes-spanish-edition.pdf
    • http://www.gorillawalker.com/launching-pad-conductor-score-parts.pdf
    • http://www.gorillawalker.com/the-secret-of-the-flying-saucer-you-choose-stories-scooby.pdf
    • http://www.gorillawalker.com/on-the-farm-sticker-colouring-book-junior-funfax.pdf
    • http://www.gorillawalker.com/business-decision-analysis-an-active-learning-approach-open-learning-foundation.pdf
    • http://www.gorillawalker.com/british-government-and-the-constitution-text-and-materials-law-in.pdf
    • http://www.gorillawalker.com/the-gaia-effect-the-remarkable-system-of-collaboration-between-gaia.pdf
    • http://www.gorillawalker.com/the-shiva-purana.pdf
    • http://www.gorillawalker.com/physics-of-lakes-advances-in-geophysical-and-environmental-mechanics-and.pdf
    • http://www.gorillawalker.com/do-not-feed-the-ducks-the-literacy-tower.pdf
    • http://www.gorillawalker.com/nonfiction-reading-comprehension-grade-5.pdf
    • http://www.gorillawalker.com/pennsylvania-mining-families-the-search-for-dignity-in-the-coalfields.pdf
    • http://www.gorillawalker.com/the-ten-commandments-bookmarks.pdf
    • http://www.gorillawalker.com/sugar-gliders-or-sugar-bears-facts-and-information-on-sugar.pdf
    • http://www.gorillawalker.com/creative-giving-understanding-planned-giving-and-endowments-in-church.pdf
    • http://www.gorillawalker.com/dark-citadel-masters-of-the-shadowlands-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/your-unique-self-the-radical-path-to-personal-enlightenment.pdf
    • http://www.gorillawalker.com/french-milk-kindle-edition.pdf
    • http://www.gorillawalker.com/running-in-the-family.pdf
    • http://www.gorillawalker.com/avizandum-statutes-on-scots-family-law-2007-08.pdf
    • http://www.gorillawalker.com/songs-1880-1904-dover-song-collections.pdf
    • http://www.gorillawalker.com/pierre-m-irving-and-washington-irving-a-collaboration-in-life.pdf
    • http://www.gorillawalker.com/de-la-cit-au-campus-40-ans-de-l-unil.pdf
    • http://www.gorillawalker.com/mustang-genesis-the-creation-of-the-pony-car.pdf
    • http://www.gorillawalker.com/sunset-ideas-for-hot-tubs-spas-home-saunas.pdf
    • http://www.gorillawalker.com/danger-on-peaks.pdf
    • http://www.gorillawalker.com/les-pecheurs-de-perles-opera-in-3-acts-vocal-score.pdf
    • http://www.gorillawalker.com/essential-oils-for-pets-a-complete-practical-guide-of-natural.pdf
    • http://www.gorillawalker.com/writing-skills-for-the-middle-east-pupil-s-book-6.pdf
    • http://www.gorillawalker.com/creative-imagery-for-nurse-healers-nurse-as-healer-series.pdf
    • http://pybrary.net/pyPdf/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.