Malicious PDF — malware analysis report

Static analysis result for SHA-256 c0b6ec3a91880196…

MALICIOUS

PDF

41.2 KB Created: 2019-03-17 10:39:14 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: d4530d665647035b348ff86f43559a9e SHA-1: ecfb07bee53fc53d28f147350301b1eb23000b63 SHA-256: c0b6ec3a918801969918ad97e7c727753e305fa789c8287ef3418f3c52ac2a07
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs are all hosted on the domain 'gorillawalker.com' and appear to be SEO-optimized titles, suggesting a link farm or content distribution tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/natural-sciences-clep-test-study-guide-part-2-kindle-edition.pdf
    • http://www.gorillawalker.com/april-65-confederate-covert-action-in-the-american-civil-war.pdf
    • http://www.gorillawalker.com/stirling-street-guide-bannockburn-bridge-of-allan-callander-cowie-doune.pdf
    • http://www.gorillawalker.com/fires-were-started-bfi-film-classics.pdf
    • http://www.gorillawalker.com/researching-the-tentacles-2.pdf
    • http://www.gorillawalker.com/disability-issues-study-guide-exploring-the-issues.pdf
    • http://www.gorillawalker.com/becs-wien-terkep-plan-karta-mapa-hungarian-edition.pdf
    • http://www.gorillawalker.com/el-patito-feo-mi-primeros-cuentos-spanish-edition.pdf
    • http://www.gorillawalker.com/taiwan-tourist-map-chinese-edition.pdf
    • http://www.gorillawalker.com/the-arab-mind.pdf
    • http://www.gorillawalker.com/new-engineering-contract.pdf
    • http://www.gorillawalker.com/the-coutumes-of-france-in-the-library-of-congress-an.pdf
    • http://www.gorillawalker.com/i-could-write-a-book-sheet-music-and-lyrics-from.pdf
    • http://www.gorillawalker.com/sausalito-sunrise-poems-for-lesbians-and-other-lovers.pdf
    • http://www.gorillawalker.com/reversing-field-examining-commercialization-labor-gender-and-race-in-21st.pdf
    • http://www.gorillawalker.com/beef-with-tomato.pdf
    • http://www.gorillawalker.com/spam-the-cook-book.pdf
    • http://www.gorillawalker.com/christians-in-the-public-square-law-gospel-and-public-policy.pdf
    • http://www.gorillawalker.com/cannabis-fantasy-cool-coloring-book.pdf
    • http://www.gorillawalker.com/suitable-for-hanging-selected-stories.pdf
    • http://www.gorillawalker.com/old-testament-theology-in-a-canonical-context.pdf
    • http://www.gorillawalker.com/analyzing-and-troubleshooting-single-screw-extrusion.pdf
    • http://www.gorillawalker.com/christian-identity-in-the-jewish-and-graeco-roman-world.pdf
    • http://www.gorillawalker.com/avoir-peur-philo-ado-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-mycenaean-world.pdf
    • http://www.gorillawalker.com/nursing-records-with-standardized-nursing-language-in-prehospital-emergency-care.pdf
    • http://www.gorillawalker.com/peppermint-patty-s-little-book-of-blunders-peanuts-little-books.pdf
    • http://www.gorillawalker.com/hello-america.pdf
    • http://www.gorillawalker.com/patenting-the-sun-polio-and-the-salk-vaccine.pdf
    • http://www.gorillawalker.com/the-professional-gambler-s-handbook-beating-the-system-by-hook.pdf
    • http://www.gorillawalker.com/januskiller-thriller-german-edition.pdf
    • http://www.gorillawalker.com/wow-world-of-wonder-how-i-work-i-am-an.pdf
    • http://www.gorillawalker.com/superfood-shakes-how-to-go-beyond-smoothies-to-craft-whole.pdf
    • http://www.gorillawalker.com/between-film-video-and-the-digital-hybrid-moving-images-in.pdf
    • http://www.gorillawalker.com/how-to-buy-a-house-in-california.pdf
    • http://www.gorillawalker.com/mcdougal-littell-middle-school-math-chapter-audio-summaries-in-haitian.pdf
    • http://www.gorillawalker.com/a-dictionary-of-narratology-revised-edition.pdf
    • http://www.gorillawalker.com/coaching-conversations-transforming-your-school-one-conversation-at-a-time.pdf
    • http://www.gorillawalker.com/the-church-of-christ-a-biblical-ecclesiology-for-today.pdf
    • http://www.gorillawalker.com/the-aging-of-the-american-workforce-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.