Malicious PDF — malware analysis report

Static analysis result for SHA-256 afd820fedcd7c11a…

MALICIOUS

PDF

43.0 KB Created: 2019-04-11 16:13:40 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: 8be49d460bc3d17f2bf8ff4e2d79396d SHA-1: 6f717378955dbf30c8f1e80717d3fbf201a92f75 SHA-256: afd820fedcd7c11a14e91952fa5d2cc0827d353c67dff130f63f69aad765ec1f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-essential-business-quiz-book.pdf
    • http://www.gorillawalker.com/invitation-to-psalms-planning-kit-a-short-term-disciple-bible.pdf
    • http://www.gorillawalker.com/study-guide-for-medical-surgical-nursing-assessment-and-management-of.pdf
    • http://www.gorillawalker.com/monstrous-compendium-al-qadim-appendix-advanced-dungeons-dragons-2nd-edition.pdf
    • http://www.gorillawalker.com/mcqs-for-mrcog-part-1-a-self-assessment-guide-hodder.pdf
    • http://www.gorillawalker.com/i-ching-of-the-stock-market.pdf
    • http://www.gorillawalker.com/champion-charlie-the-authorised-biography-of-charlie-swan-mainstream-sport.pdf
    • http://www.gorillawalker.com/swatches-a-sourcebook-of-patterns-with-more-than-600-fabric.pdf
    • http://www.gorillawalker.com/sociologists-economists-and-democracy-midway-reprint.pdf
    • http://www.gorillawalker.com/the-raw-cure-healing-beyond-medicine-how-self-empowerment-a.pdf
    • http://www.gorillawalker.com/rio-texans.pdf
    • http://www.gorillawalker.com/clinical-governance-no-56.pdf
    • http://www.gorillawalker.com/contemporary-strategy-analysis-concepts-techniques-applications-fourth-edition.pdf
    • http://www.gorillawalker.com/the-heart-of-hinduism-the-eastern-path-to-freedom-empowerment.pdf
    • http://www.gorillawalker.com/china-s-evolving-industrial-policies-and-economic-restructuring-china-policy.pdf
    • http://www.gorillawalker.com/the-k-ntlicher-files-paul-susan-my-wife-is-a.pdf
    • http://www.gorillawalker.com/what-are-these-wounds-the-life-of-a-cistercian-mystic.pdf
    • http://www.gorillawalker.com/teen-titans-go-raven-rocks.pdf
    • http://www.gorillawalker.com/reaching-and-teaching-children-who-are-victims-of-poverty-symposium.pdf
    • http://www.gorillawalker.com/the-physics-of-solids-essentials-and-beyond-graduate-texts-in.pdf
    • http://www.gorillawalker.com/the-cultural-creatives-how-50-million-people-are-changing-the.pdf
    • http://www.gorillawalker.com/continuous-time-markov-decision-processes-theory-and-applications-stochastic-modelling.pdf
    • http://www.gorillawalker.com/miriam-s-song-of-triumph-kalmus-edition.pdf
    • http://www.gorillawalker.com/365-one-minute-meditations-small-stuff.pdf
    • http://www.gorillawalker.com/clinical-neuroanatomy-clinical-neuroanatomy-for-medical-students-snell-7th-seventh.pdf
    • http://www.gorillawalker.com/the-continuum-encyclopedia-of-animal-symbolism-in-world-art.pdf
    • http://www.gorillawalker.com/houses-of-adobe-native-dwellings.pdf
    • http://www.gorillawalker.com/the-confederate-state-of-richmond-a-biography-of-the-capital.pdf
    • http://www.gorillawalker.com/teed-off-my-life-as-a-player-s-wife-on.pdf
    • http://www.gorillawalker.com/all-what-jazz-a-record-diary.pdf
    • http://www.gorillawalker.com/the-zena-sutherland-lectures-1983-1992.pdf
    • http://www.gorillawalker.com/histoire-des-incas-rois-du-p-rou-french-edition.pdf
    • http://www.gorillawalker.com/forex-al-alcance-de-todos-spanish-edition.pdf
    • http://www.gorillawalker.com/homemade-face-scrub-easy-to-make-basic-face-scrubs-for.pdf
    • http://www.gorillawalker.com/steely-dan-reelin-in-the-years.pdf
    • http://www.gorillawalker.com/comparing-democracies-elections-and-voting-in-a-changing-world.pdf
    • http://www.gorillawalker.com/nelson-international-science-workbook-4.pdf
    • http://www.gorillawalker.com/blue-moon-siren-publishing-the-lynn-hagen-manlove-collection.pdf
    • http://www.gorillawalker.com/escape-from-intimacy-untangling-the-love-addictions-sex-romance-relationships.pdf
    • http://www.gorillawalker.com/kenmore-microwave-cooking-spacemaster-paperback.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.