Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2137fae5762d790…

MALICIOUS

PDF

45.2 KB Created: 2018-12-14 10:23:55 +03:00 Authoring application: Adobe Photoshop 5.0 (via Adobe Photoshop for Windows)
MD5: 2a4369305af293abba72b7fceb3f9962 SHA-1: 77e36dae8f179e80572f3fd264b3400484b95fe2 SHA-256: c2137fae5762d790d2b480d3ec665aa33daacdf80cf33829559557f6880a91cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/theory-of-cortical-plasticity.pdf
    • http://www.gorillawalker.com/emotion-in-group-decision-and-negotiation-advances-in-group-decision.pdf
    • http://www.gorillawalker.com/boyds-bears-and-friends-collector-s-value-guide-for-the.pdf
    • http://www.gorillawalker.com/photography-portrait-photography-9-tips-your-camera-manual-never-told.pdf
    • http://www.gorillawalker.com/the-christmas-nutcracker-ballerina-dreams.pdf
    • http://www.gorillawalker.com/guide-specifications-for-alternate-load-factor-design-procedures-for-steel.pdf
    • http://www.gorillawalker.com/sumario-de-derecho-procesal-penal-puertorriqueno-spanish-edition.pdf
    • http://www.gorillawalker.com/perceptive-bowling-a-text-for-the-serious-bowler.pdf
    • http://www.gorillawalker.com/what-me-holy-what-s-waiting.pdf
    • http://www.gorillawalker.com/awake-the-harp-from-the-creation-satb-with-piano.pdf
    • http://www.gorillawalker.com/writing-research-papers-a-complete-guide-spiral-14th-edition.pdf
    • http://www.gorillawalker.com/milk-based-soaps-making-natural-skin-nourishing-soap-kindle-edition.pdf
    • http://www.gorillawalker.com/good-rockin-tonight-twenty-years-on-the-road-and-on.pdf
    • http://www.gorillawalker.com/the-girl-on-the-train-an-amazing-summary-study-guide.pdf
    • http://www.gorillawalker.com/siam-mapped-a-history-of-the-geo-body-of-a.pdf
    • http://www.gorillawalker.com/fundamentals-of-friction-macroscopic-and-microscopic-processes-nato-science-series.pdf
    • http://www.gorillawalker.com/a-book-in-every-home-containing-three-subjects-ed-s.pdf
    • http://www.gorillawalker.com/social-beings-core-motives-in-social-psychology.pdf
    • http://www.gorillawalker.com/secular-music-and-sacred-theology.pdf
    • http://www.gorillawalker.com/cato-s-cavalry-volume-1.pdf
    • http://www.gorillawalker.com/fabrics-a-to-z-the-essential-guide-to-choosing-and.pdf
    • http://www.gorillawalker.com/tropical-hotels-thailand-malaysia-singapore-java-bali-kindle-edition.pdf
    • http://www.gorillawalker.com/gpo.pdf
    • http://www.gorillawalker.com/wellington-s-doctors-the-british-army-medical-services-in-the.pdf
    • http://www.gorillawalker.com/rugby-s-most-embarrassing-moments-fails-fluffs-and-foul-ups.pdf
    • http://www.gorillawalker.com/hazards-vulnerability-and-environmental-justice-earthscan-risk-in-society.pdf
    • http://www.gorillawalker.com/locket-of-lust.pdf
    • http://www.gorillawalker.com/search-for-nothing-the-life-of-john-of-the-cross.pdf
    • http://www.gorillawalker.com/workshop-on-coral-bleaching-coral-reef-ecosystems-and-global-change.pdf
    • http://www.gorillawalker.com/greene-s-protective-groups-in-organic-synthesis.pdf
    • http://www.gorillawalker.com/the-road-to-opec-united-states-relations-with-venezuela-1919.pdf
    • http://www.gorillawalker.com/chem-lab-basics-quickstudy-academic.pdf
    • http://www.gorillawalker.com/persuasive-selling-and-power-negotiation-develop-unstoppable-sales-skills-and.pdf
    • http://www.gorillawalker.com/east-of-the-jordan-a-reord-of-travel-and-observation.pdf
    • http://www.gorillawalker.com/spaces-poetics-and-voids-english-and-dutch-edition.pdf
    • http://www.gorillawalker.com/essential-x-men-vol-9-marvel-essentials.pdf
    • http://www.gorillawalker.com/android-studio-development-essentials.pdf
    • http://www.gorillawalker.com/simcity-prima-official-game-guide-prima-official-game-guides.pdf
    • http://www.gorillawalker.com/a-storm-of-pleasure-storm-trilogy.pdf
    • http://www.gorillawalker.com/my-life-the-art-of-the-novella-series.pdf
    • http://www.gorillawalker.com/photography-portrait-photography-9-tips-your-camera-manual-ne
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.