Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba1fbb10c808b019…

MALICIOUS

PDF

42.7 KB Created: 2018-11-30 20:23:47 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: 32a506116a1c5f9c37ddcd6f1a24b0bc SHA-1: 975071c81e1decd8a7de1c5d040049e346aca81e SHA-256: ba1fbb10c808b019aadaa44fce61bf3d97e1152e9261c702219bd44d908e044e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by an ML classifier and contains a large number of embedded links to external PDF files hosted on gorillawalker.com. This heuristic, PDF_SEO_LINK_FARM, indicates a likely attempt to manipulate search engine rankings or distribute content through a link farm. No scripts were extracted, and the document body was not parsable. The primary attack pattern appears to be SEO manipulation or content distribution via a link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-viral-solution.pdf
    • http://www.gorillawalker.com/relativity-the-theory-and-its-philosophy-foundations-philosophy-of-science.pdf
    • http://www.gorillawalker.com/praxiteles-the-cleveland-apollo-cleveland-masterwork-series-2.pdf
    • http://www.gorillawalker.com/los-secretos-del-mamut-los-secretos-de-series.pdf
    • http://www.gorillawalker.com/from-aristotle-to-darwin-back-again-a-journey-in-final.pdf
    • http://www.gorillawalker.com/blush-the-urban-fantasies-anthology.pdf
    • http://www.gorillawalker.com/atlas-del-nuevo-orden-mundial-atlas-of-new-world-order.pdf
    • http://www.gorillawalker.com/mis-supermachos-my-supermales-spanish-edition.pdf
    • http://www.gorillawalker.com/advanced-rail-geotechnology-ballasted-track.pdf
    • http://www.gorillawalker.com/introducing-microsoft-frontpage.pdf
    • http://www.gorillawalker.com/die-pr-position-kaph-die-hebraischen-prapositionen-german-edition.pdf
    • http://www.gorillawalker.com/the-panama-canal-international-straits-of-the-world.pdf
    • http://www.gorillawalker.com/new-haven-county-atlas.pdf
    • http://www.gorillawalker.com/u-s-army-technical-manual-battlefield-damage-assessment-and-repair.pdf
    • http://www.gorillawalker.com/a-contribution-to-the-hepetology-of-northern-pakistan-the-amphibians.pdf
    • http://www.gorillawalker.com/teaching-in-nursing-pageburst-e-book-on-kno-retail-access.pdf
    • http://www.gorillawalker.com/agri-food-chain-relationships.pdf
    • http://www.gorillawalker.com/excel-applications-for-managerial-accounting.pdf
    • http://www.gorillawalker.com/sexual-symmetry-love-in-the-ancient-novel-and-related-genres.pdf
    • http://www.gorillawalker.com/yellowstone-story-a-history-of-our-first-national-park-volume.pdf
    • http://www.gorillawalker.com/in-secret-tibet-mystic-traveler-series.pdf
    • http://www.gorillawalker.com/oriel-library-music-for-recorders-aria-della-battaglia-ssaattbb-ol240.pdf
    • http://www.gorillawalker.com/see-you-in-hell-the-art-of-ramon-maiden.pdf
    • http://www.gorillawalker.com/mr-biggs-at-the-circus.pdf
    • http://www.gorillawalker.com/the-general-history-of-virginia-new-england-and-the-summer.pdf
    • http://www.gorillawalker.com/lights-on-the-nile.pdf
    • http://www.gorillawalker.com/housekeeping-in-english-or-spanish.pdf
    • http://www.gorillawalker.com/labyrinth-stoffe-i-iii-fiction-poetry-and-drama-fiction-poetry.pdf
    • http://www.gorillawalker.com/edinburgh-horrible-histories-gruesome-guides.pdf
    • http://www.gorillawalker.com/heart-of-the-kraken-tales-from-darjee-volume-1.pdf
    • http://www.gorillawalker.com/planar-dynamical-systems.pdf
    • http://www.gorillawalker.com/sex-offender-laws-failed-policies-new-directions.pdf
    • http://www.gorillawalker.com/guided-worksheets-for-thinking-quantitatively-communicating-with-numbers.pdf
    • http://www.gorillawalker.com/wolves-a-portrait-of-the-animal-world.pdf
    • http://www.gorillawalker.com/holding-a-good-thought-for-marilyn-1926-1954-the-hollywood.pdf
    • http://www.gorillawalker.com/framed-interrogating-disability-in-the-media.pdf
    • http://www.gorillawalker.com/pink-green-is-the-new-black-pink-green-book-three.pdf
    • http://www.gorillawalker.com/brain-landscape-the-coexistence-of-neuroscience-and-architecture.pdf
    • http://www.gorillawalker.com/beethoven-ludwig-trio-in-c-major-op-87-for-two.pdf
    • http://www.gorillawalker.com/colossal-red-dragon.pdf
    • http://www.gorillawalker.com/advanced-rail-geotechnology-ballasted-track.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.