Malicious PDF — malware analysis report

Static analysis result for SHA-256 af0c269a5787847a…

MALICIOUS

PDF

41.7 KB Created: 2018-11-15 18:32:34 +03:00 Authoring application: PrimoPDF http://www.primopdf.com/ (via PrimoPDF)
MD5: 3088fba5784eae9de5b02b844080f3b6 SHA-1: cb01b5d7514af1f41d1da1e2f078915e002aff30 SHA-256: af0c269a5787847a9c39a8ed9d0b0a54ff108e786d55217f988ec23a58584616
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a link farm. This suggests a social engineering tactic to direct users to potentially malicious or unwanted content hosted on the 'gorillawalker.com' domain. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/365-discoveries-and-inventions.pdf
    • http://www.gorillawalker.com/easy-cross-stitch-series-4-borders.pdf
    • http://www.gorillawalker.com/stunning-stained-glass-coloring-book-volume-2-art-filled-fun.pdf
    • http://www.gorillawalker.com/but-some-of-us-are-brave-all-the-women-are.pdf
    • http://www.gorillawalker.com/the-third-rail-confronting-our-pension-failures.pdf
    • http://www.gorillawalker.com/pressure-cooker-recipes-wonderfully-delicious-and-simple-recipes-for-fast.pdf
    • http://www.gorillawalker.com/31-no-foo-foo-chicken-recipes-delicious-family-friendly-chicken.pdf
    • http://www.gorillawalker.com/mysogenetic-bonobo-world.pdf
    • http://www.gorillawalker.com/oil-groundwork-guides-prebound.pdf
    • http://www.gorillawalker.com/beyond-the-glitter-everything-you-need-to-know-to-buy.pdf
    • http://www.gorillawalker.com/die-zeitgem-e-hei-dampflokomotive-die-dampflokomotiven-der-gegenwart-german.pdf
    • http://www.gorillawalker.com/landholding-and-commercial-agriculture-in-the-middle-east-suny-series.pdf
    • http://www.gorillawalker.com/defeating-communist-insurgency-the-lessons-of-malaya-and-vietnam-studies.pdf
    • http://www.gorillawalker.com/professional-negligence-and-liability-reports-2000.pdf
    • http://www.gorillawalker.com/complete-psychology.pdf
    • http://www.gorillawalker.com/differential-forms-in-electromagnetics.pdf
    • http://www.gorillawalker.com/mentiras-que-engordan-los-10-mitos-sobre-nutrici-n-que.pdf
    • http://www.gorillawalker.com/hand-tools-for-woodworkers.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-complete-book-of-baking.pdf
    • http://www.gorillawalker.com/quickies-you-ll-never-forget-fast-sex-fast-orgasm-anytime.pdf
    • http://www.gorillawalker.com/aspects-of-oral-molecular-biology-frontiers-of-oral-physiology.pdf
    • http://www.gorillawalker.com/the-magic-skin-with-ebook-tantor-unabridged-classics.pdf
    • http://www.gorillawalker.com/the-gentleman-and-the-rogue.pdf
    • http://www.gorillawalker.com/the-discovery-of-the-amazon-according-to-the-account-of.pdf
    • http://www.gorillawalker.com/open-court-classics-level-3.pdf
    • http://www.gorillawalker.com/national-production-regimes-in-post-socialist-countries-the-case-of.pdf
    • http://www.gorillawalker.com/insect-control-biological-and-synthetic-agents.pdf
    • http://www.gorillawalker.com/the-residence-and-domicile-for-individuals-a-practical-guide.pdf
    • http://www.gorillawalker.com/insight-guides-poland-insight-guide-poland.pdf
    • http://www.gorillawalker.com/der-wolf-canis-lupus-die-neue-brehm-bucherei-german-edition.pdf
    • http://www.gorillawalker.com/best-of-metallica-for-cello-12-solo-arrangements-with-cd.pdf
    • http://www.gorillawalker.com/hash.pdf
    • http://www.gorillawalker.com/fatherless-daughters-turning-the-pain-of-loss-into-the-power.pdf
    • http://www.gorillawalker.com/structural-geology.pdf
    • http://www.gorillawalker.com/chinese-readers-series-c-blue-readers-dragon-s-garden-dragon.pdf
    • http://www.gorillawalker.com/lonely-planet-antarctica-travel-guide.pdf
    • http://www.gorillawalker.com/my-fun-chinese-mfc-i-can-write-5-english-and.pdf
    • http://www.gorillawalker.com/the-price-of-loyalty-george-w-bush-the-white-house.pdf
    • http://www.gorillawalker.com/quantitative-analysis-for-management-with-cd-9th-edition.pdf
    • http://www.gorillawalker.com/poking-pinching-pretending-documenting-toddlers-explorations-with-clay.pdf
    • http://www.primopdf.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.