Malicious PDF — malware analysis report

Static analysis result for SHA-256 c45cc1456d2a0d72…

MALICIOUS

PDF

45.8 KB Created: 2018-11-15 18:31:42 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: d14a320bdc2078139bf659e00d098f8a SHA-1: a135ffe08f0d8760f0860796a96d0a7a2cc19cf4 SHA-256: c45cc1456d2a0d72712c07d360070a6de4ef3df10808c3420a3665318ceb0af4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/filthy-4-a-dark-erotic-serial-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bahamas-a-family-of-islands-macmillan-caribbean-guides.pdf
    • http://www.gorillawalker.com/asperger-s-god-and-me-australian-edition.pdf
    • http://www.gorillawalker.com/saltwater-kayak-fishing-the-texas-way.pdf
    • http://www.gorillawalker.com/glossary-of-labour-law-and-industrial-relations-with-special-reference.pdf
    • http://www.gorillawalker.com/ramanujan-s-notebooks-part-iii-pt-3.pdf
    • http://www.gorillawalker.com/souls-of-megiddo-the-caretakers-volume-1.pdf
    • http://www.gorillawalker.com/web-site-design-made-easy-learn-html-xhtml-and-css.pdf
    • http://www.gorillawalker.com/hands-on-guide-to-windows-media-hands-on-guide-series.pdf
    • http://www.gorillawalker.com/political-parties-business-groups-and-corruption-in-developing-countries.pdf
    • http://www.gorillawalker.com/sensation-a-superhero-novel.pdf
    • http://www.gorillawalker.com/design-anthropology-theory-and-practice.pdf
    • http://www.gorillawalker.com/beyond-the-wall-chapters-on-urban-jerusalem.pdf
    • http://www.gorillawalker.com/the-guinness-book-of-records-1969.pdf
    • http://www.gorillawalker.com/wolfsbane-aralorn.pdf
    • http://www.gorillawalker.com/somewhere-along-the-way-the-andrades-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/food-dilemmas-in-modern-science.pdf
    • http://www.gorillawalker.com/the-life-history-of-the-united-states-before-1775.pdf
    • http://www.gorillawalker.com/film-adaptation-and-its-discontents-from-gone-with-the-wind.pdf
    • http://www.gorillawalker.com/textual-travels-theory-and-practice-of-translation-in-india.pdf
    • http://www.gorillawalker.com/i-spy-little-hearts-with-foil.pdf
    • http://www.gorillawalker.com/24-hours-in-journalism.pdf
    • http://www.gorillawalker.com/whistled-languages-a-worldwide-inquiry-on-human-whistled-speech-kindle.pdf
    • http://www.gorillawalker.com/smash-pop-hits-1999-2000-special-edition-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/would-do-could-do-and-made-do-florida-s-pioneer.pdf
    • http://www.gorillawalker.com/heidegger-education-and-modernity.pdf
    • http://www.gorillawalker.com/atlas-mundial-do-vinho-ed-2014-em-portugues-do-brasil.pdf
    • http://www.gorillawalker.com/spon-s-mechanical-and-electrical-services-price-book-1995-spon.pdf
    • http://www.gorillawalker.com/bodies-of-difference-experiences-of-disability-and-institutional-advocacy-in.pdf
    • http://www.gorillawalker.com/atlas-of-endocrine-organs-vertebrates-and-invertebrates.pdf
    • http://www.gorillawalker.com/you-know-what-you-have-to-do-audiobook-mp3-audio.pdf
    • http://www.gorillawalker.com/the-vitamin-cure-for-chronic-fatigue-syndrome-how-to-prevent.pdf
    • http://www.gorillawalker.com/d-programming-language-specification-kindle-edition.pdf
    • http://www.gorillawalker.com/numerical-methods-and-fortran-programming-with-applications-in-engineering-and.pdf
    • http://www.gorillawalker.com/iec-60318-3-ed-1-0-b-1998-electroacoustics-simulators.pdf
    • http://www.gorillawalker.com/kognitive-verhaltenstherapie-bei-hypochondrie-und-krankheitsangst-psychotherapie-praxis-german-edition.pdf
    • http://www.gorillawalker.com/defending-literature-in-early-modern-england-renaissance-literary-theory-in.pdf
    • http://www.gorillawalker.com/can-i-say-living-large-cheating-death-and-drums-drums.pdf
    • http://www.gorillawalker.com/magnificat-d-dur-d-major-bwv-243-vocal-score-based.pdf
    • http://www.gorillawalker.com/energy-environment-and-climate.pdf
    • http://www.gorillawalker.com/souls-of-megiddo-the-caretakers-vol
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.