Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa4e30f508f1d552…

MALICIOUS

PDF

43.3 KB Created: 2019-03-17 10:25:24 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: 428328606d441cb0ad7f60305afbcca4 SHA-1: 4e688cfd5ddf49f1cf5f8074f7a0799c7adee8fa SHA-256: aa4e30f508f1d55288acf6a207dfdbdfae0487fee7b2b66f4e494c55629c49fc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, but the heuristic firings strongly suggest a malicious intent related to link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/warships-inside-out-weapons-of-war.pdf
    • http://www.gorillawalker.com/1-1-3-changing-the-equation-with-the-booming-hispanic.pdf
    • http://www.gorillawalker.com/native-pragmatism-rethinking-the-roots-of-american-philosophy.pdf
    • http://www.gorillawalker.com/billy-budd-and-other-tales-signet-classics.pdf
    • http://www.gorillawalker.com/affect-imagery-consciousness-vol-ii-the-negative-affects.pdf
    • http://www.gorillawalker.com/1000-basic-phrases-japanese-khmer-chitchat-worldwide-japanese-edition-kindle.pdf
    • http://www.gorillawalker.com/mosby-s-radiography-online-radiologic-physics-2e-mosby-s-radiography.pdf
    • http://www.gorillawalker.com/how-to-solve-word-problems-grades-4-5.pdf
    • http://www.gorillawalker.com/winning-back-your-market-the-inside-stories-of-the-companies.pdf
    • http://www.gorillawalker.com/a-dictionary-of-english-and-romanian-equivalent-proverbs.pdf
    • http://www.gorillawalker.com/european-cinema-reader.pdf
    • http://www.gorillawalker.com/finding-my-feet-my-autobiography.pdf
    • http://www.gorillawalker.com/judge-john-breckenridge-waldo-diaries-and-letters-from-the-high.pdf
    • http://www.gorillawalker.com/male-and-female-circumcision-religious-medical-social-and-legal-debate.pdf
    • http://www.gorillawalker.com/proyect-for-improving-the-navigability-of-the-river-uruguay-between.pdf
    • http://www.gorillawalker.com/p-lerinage-sciences-et-soufisme-l-art-islamique-en-cisjordanie.pdf
    • http://www.gorillawalker.com/samurai-sudoku-leicht-band-2-159-r-tsel-volume-2.pdf
    • http://www.gorillawalker.com/building-surveys-sixth-edition.pdf
    • http://www.gorillawalker.com/urology-house-officer-series.pdf
    • http://www.gorillawalker.com/the-law-on-financial-derivatives.pdf
    • http://www.gorillawalker.com/mathematical-analysis-an-introduction-to-functions-of-several-variables.pdf
    • http://www.gorillawalker.com/alkaloids-chemical-and-biological-perspectives.pdf
    • http://www.gorillawalker.com/handbook-of-gendered-careers-in-management-getting-in-getting-on.pdf
    • http://www.gorillawalker.com/the-bottom-line-on-integrity.pdf
    • http://www.gorillawalker.com/choreography-super-master-dvd-greatest-hits-vol-3-kodansha-dvd.pdf
    • http://www.gorillawalker.com/short-selling-with-the-o-neil-disciples-turn-to-the.pdf
    • http://www.gorillawalker.com/listening-to-god-junior-high-group-study-help-young-teens.pdf
    • http://www.gorillawalker.com/de-nada-stas-a-hippies-los-j-venes-rebeldes-en.pdf
    • http://www.gorillawalker.com/hidden-dragons-hidden-series-book-4.pdf
    • http://www.gorillawalker.com/the-power-of-a-true-intercessor.pdf
    • http://www.gorillawalker.com/the-listener.pdf
    • http://www.gorillawalker.com/great-whiskies.pdf
    • http://www.gorillawalker.com/flexible-working-new-network-technologies.pdf
    • http://www.gorillawalker.com/the-sewing-machine-embroiderer-s-bible-get-the-most-from.pdf
    • http://www.gorillawalker.com/tarot-of-the-orishas-book.pdf
    • http://www.gorillawalker.com/cranio-fascial-dynamics.pdf
    • http://www.gorillawalker.com/nicolaus-copernicus-the-earth-is-a-planet.pdf
    • http://www.gorillawalker.com/textbook-of-diagnostic-sonography-pageburst-e-book-on-kno-retail.pdf
    • http://www.gorillawalker.com/clinical-and-inflammatory-evaluation-of-perioscopy-tm-on-patients-with.pdf
    • http://www.gorillawalker.com/pediatric-obesity-clinical-decision-support-chart-5210.pdf
    • http://www.gorillawalker.com/mosby-s-radiography-online-radiologic-physics-2e-mos
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.