Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad674709527ed546…

MALICIOUS

PDF

43.5 KB Created: 2018-12-14 20:00:45 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: dc3cabd993bd4605888da853d04d47aa SHA-1: 2f124c0ff9c78f86fda46b114ab6bd2529432d2c SHA-256: ad674709527ed54672436fd2c178e40f8247be50314ba3184dca27e23f3561b8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URLs suggest a link farm or SEO spamming tactic, likely intended to drive traffic to potentially malicious content or to obscure the true malicious destination.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/basic-skills-for-the-toefl-ibt-2-reading-book-with.pdf
    • http://www.gorillawalker.com/battling-against-success-humorous-historical-fiction-set-in-alaska.pdf
    • http://www.gorillawalker.com/captured-by-the-centaur-chieftain-rogue-fantasies-book-1-kindle.pdf
    • http://www.gorillawalker.com/discover-the-immeasurable.pdf
    • http://www.gorillawalker.com/the-softball-pitching-edge-book-dvd-package.pdf
    • http://www.gorillawalker.com/bootstrapping-101-tips-to-build-your-business-with-limited-cash.pdf
    • http://www.gorillawalker.com/mozart-s-piano-concertos-text-context-interpretation.pdf
    • http://www.gorillawalker.com/medieval-tudor-needlecraft-knights-ladies-in-1-12-scale.pdf
    • http://www.gorillawalker.com/introducing-philosophy-a-text-with-integrated-readings.pdf
    • http://www.gorillawalker.com/webtutor-tm-on-blackboard-with-ebook-on-gateway-printed-access.pdf
    • http://www.gorillawalker.com/slovakia-culture-smart-the-essential-guide-to-customs-culture.pdf
    • http://www.gorillawalker.com/explore-australia-2003.pdf
    • http://www.gorillawalker.com/santa-biblia-antiguo-y-nuevo-testamentos.pdf
    • http://www.gorillawalker.com/bocetos-en-dise-o-de-productos-spanish-edition.pdf
    • http://www.gorillawalker.com/linear-algebra-for-economists-springer-texts-in-business-and-economics.pdf
    • http://www.gorillawalker.com/the-lamb-s-supper-the-mass-as-heaven-on-earth.pdf
    • http://www.gorillawalker.com/inventor-coursenotes-for-banach-jones-kalameja-s-autodesk-inventor-2012.pdf
    • http://www.gorillawalker.com/thomas-aquinas-and-the-philosophy-of-punishment-by-peter-karl.pdf
    • http://www.gorillawalker.com/handbook-of-analytical-science-and-instrumentation-volume-i.pdf
    • http://www.gorillawalker.com/head-to-toe-examination-of-the-neonate-video-saunders-physical.pdf
    • http://www.gorillawalker.com/modern-dance-band-harmony-with-three-thousand-chords.pdf
    • http://www.gorillawalker.com/sons-of-fenris-warhammer-40-000-space-wolf.pdf
    • http://www.gorillawalker.com/well-control-quiz-book-well-control-method-kindle-edition.pdf
    • http://www.gorillawalker.com/business-networking-how-to-build-an-awesome-professional-network-strategies.pdf
    • http://www.gorillawalker.com/color-in-computer-vision-fundamentals-and-applications.pdf
    • http://www.gorillawalker.com/la-ansiedad-claves-para-superarla-spanish-edition.pdf
    • http://www.gorillawalker.com/the-dream-of-the-burning-boy.pdf
    • http://www.gorillawalker.com/training-the-mind-and-cultivating-loving-kindness.pdf
    • http://www.gorillawalker.com/lonely-planet-taiwan-country-guide-travel-guide-by-lonely-planet.pdf
    • http://www.gorillawalker.com/2008-sing-the-olympic-games-sports-choral-election-paperback.pdf
    • http://www.gorillawalker.com/echo-doppler-vasculaire-et-visc.pdf
    • http://www.gorillawalker.com/counseling-survivors-of-sexual-abuse-aacc-library.pdf
    • http://www.gorillawalker.com/inicie-su-propia-corporacion-spanish-edition.pdf
    • http://www.gorillawalker.com/maddie-s-daddy.pdf
    • http://www.gorillawalker.com/measuring-success-as-jesus-did-custom-discipleship-paperback.pdf
    • http://www.gorillawalker.com/pentium-processor-system-architecture-2nd-edition.pdf
    • http://www.gorillawalker.com/customer-service-training-for-managers-supervisors-customer-service-training-series.pdf
    • http://www.gorillawalker.com/virginia-the-united-states.pdf
    • http://www.gorillawalker.com/essays-on-indian-philosophy-vol-8.pdf
    • http://www.gorillawalker.com/the-greatest-generation-hardcover.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.