Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2c689f2309a09aa…

MALICIOUS

PDF

45.0 KB Created: 2019-02-13 19:54:08 +03:00 Authoring application: - (via pdfTeX-1.0b-pdfcrypt)
MD5: 6afa890c8a561298e071524c1cff03ad SHA-1: 2eac5ce191b9227dca50b90a707bf4e6f4e6551a SHA-256: b2c689f2309a09aab1b23bbdb5ead05fc7a6deb556d37cc7b044643db809f825
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, potentially used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8451

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/be-well-be-safe-be-u-bring-the-noise-my.pdf
    • http://www.gorillawalker.com/measuring-customer-service-effectiveness.pdf
    • http://www.gorillawalker.com/international-economics-theory-and-policy-10th-edition-pearson-series-in.pdf
    • http://www.gorillawalker.com/bunnicula-in-a-box-bunnicula-howliday-inn-the-celery-stalks.pdf
    • http://www.gorillawalker.com/this-too-is-love.pdf
    • http://www.gorillawalker.com/a-history-of-inventions-and-discoveries-alphabetically-arranged-1827.pdf
    • http://www.gorillawalker.com/berlitz-tallinn-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/forensic-science-handbook-volume-ii.pdf
    • http://www.gorillawalker.com/22-dead-little-bodies-a-logan-and-steel-short-novel.pdf
    • http://www.gorillawalker.com/controlling-chemicals-the-politics-of-regulation-in-europe-and-the.pdf
    • http://www.gorillawalker.com/theological-political-treatise-hackett-classics.pdf
    • http://www.gorillawalker.com/the-everything-guide-to-the-autoimmune-diet-restore-your-immune.pdf
    • http://www.gorillawalker.com/teaching-second-language-reading-for-academic-purposes-second-language-professional.pdf
    • http://www.gorillawalker.com/best-walks-in-northern-snowdonia.pdf
    • http://www.gorillawalker.com/the-image-of-jews-in-contemporary-china-an-identity-without.pdf
    • http://www.gorillawalker.com/obsession-ein-milliard.pdf
    • http://www.gorillawalker.com/the-monastery-of-saint-catherine-in-sinai-history-and-guide.pdf
    • http://www.gorillawalker.com/censorship-of-japanese-films-during-the-u-s-occupation-of.pdf
    • http://www.gorillawalker.com/carved-upon-my-heart-from-rigoletto-opera-vocal-and-pianoforte.pdf
    • http://www.gorillawalker.com/review-of-forensic-medicine-and-toxicology-including-clinical-and-pathological.pdf
    • http://www.gorillawalker.com/a-merry-little-kinkmas-suncoast-society-siren-publishing-sensations.pdf
    • http://www.gorillawalker.com/natural-disasters-true-tales-children-s-press.pdf
    • http://www.gorillawalker.com/merciless-gods.pdf
    • http://www.gorillawalker.com/quivers-a-life.pdf
    • http://www.gorillawalker.com/cutting-the-fuse-the-explosion-of-global-suicide-terrorism-and.pdf
    • http://www.gorillawalker.com/demonstration-elections-u-s-staged-elections-in-the-dominican-republic.pdf
    • http://www.gorillawalker.com/william-and-catherine-booth-founders-of-the-salvation-army-heroes.pdf
    • http://www.gorillawalker.com/music-of-remembrance.pdf
    • http://www.gorillawalker.com/i-m-sorry-the-art-of-apology-and-the-gift.pdf
    • http://www.gorillawalker.com/the-subtlety-of-understanding.pdf
    • http://www.gorillawalker.com/new-jersey-raises-rates-for-bad-drivers-in-jua-joint.pdf
    • http://www.gorillawalker.com/sizzling-ghost-stories-erotic-paranormal-anthology-kindle-edition.pdf
    • http://www.gorillawalker.com/tales-from-the-brothers-grimm-and-the-sisters-weird-magic.pdf
    • http://www.gorillawalker.com/the-jews-in-their-land-in-the-talmudic-age-70.pdf
    • http://www.gorillawalker.com/bringing-reggio-emilia-home-an-innovative-approach-to-early-childhood.pdf
    • http://www.gorillawalker.com/fashion-for-profit-10th-edition-from-design-concept-to-apparel.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-bride-s-soul-stories-of-love.pdf
    • http://www.gorillawalker.com/applied-dynamics-in-engineering.pdf
    • http://www.gorillawalker.com/the-methodology-of-ahlus-sunnah-in-uniting-the-ummah-kindle.pdf
    • http://www.gorillawalker.com/teachers-are-terrific-mom-s-little-helpers-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.