Malicious PDF — malware analysis report

Static analysis result for SHA-256 c6800f1b6e44fb68…

MALICIOUS

PDF

44.3 KB Created: 2019-02-15 20:46:23 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: ca4311fba8f5708f49503307ac74721f SHA-1: d03dd619c7750aa8444bf069d18079df3ae7bebf SHA-256: c6800f1b6e44fb688b96c2d7c599972eae78dfe16eb890a2cb60f26a29c4c1a1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/la-historia-empieza-en-sumer-the-story-begins-at-sumer.pdf
    • http://www.gorillawalker.com/lofts-designer-design-arquitectura-y-diseno-spanish-edition.pdf
    • http://www.gorillawalker.com/mcdougal-littell-world-history-patterns-of-interaction-grades-9-12.pdf
    • http://www.gorillawalker.com/the-bounds-of-sense-an-essay-on-kant-s-critique.pdf
    • http://www.gorillawalker.com/weaving-on-gourds.pdf
    • http://www.gorillawalker.com/pat-the-beastie-a-pull-and-poke-book.pdf
    • http://www.gorillawalker.com/gas-chromatography-analytical-chemistry-by-open-learning.pdf
    • http://www.gorillawalker.com/recipes-solely-for-hamburger-lovers-annotated-healthy-happy-eating-eat.pdf
    • http://www.gorillawalker.com/the-outdoor-girls-at-wild-rose-lodge.pdf
    • http://www.gorillawalker.com/an-element-of-chance.pdf
    • http://www.gorillawalker.com/a-lexicon-of-al-farra-s-terminology-in-his-qur.pdf
    • http://www.gorillawalker.com/framing-the-troubles-online-northern-irish-groups-and-website-strategy.pdf
    • http://www.gorillawalker.com/ifrs-and-xbrl-how-to-improve-business-reporting-through-technology.pdf
    • http://www.gorillawalker.com/the-rcm-solution-a-practical-guide-to-starting-and-maintaining.pdf
    • http://www.gorillawalker.com/in-hazard-new-york-review-books-classics.pdf
    • http://www.gorillawalker.com/trial-by-fury-j-p-beaumont-novel.pdf
    • http://www.gorillawalker.com/the-house-danielle-steel.pdf
    • http://www.gorillawalker.com/naming-jack-the-ripper.pdf
    • http://www.gorillawalker.com/riddled-family-self-modulating-series-5-lung-disease-self-modulating.pdf
    • http://www.gorillawalker.com/new-decorating-book-10th-edition-better-homes-and-gardens-better.pdf
    • http://www.gorillawalker.com/daughter-of-liberty-hyperion-chapter.pdf
    • http://www.gorillawalker.com/blackmailed-sissy-maid-kindle-edition.pdf
    • http://www.gorillawalker.com/michelin-green-guide-flandres-artois-picardie-1991-338-green-guides.pdf
    • http://www.gorillawalker.com/film-favorites-flute.pdf
    • http://www.gorillawalker.com/katy-s-decision-the-katy-lambright-series.pdf
    • http://www.gorillawalker.com/man-into-woman-the-first-sex-change.pdf
    • http://www.gorillawalker.com/money-the-unauthorized-biography-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/constitutional-law.pdf
    • http://www.gorillawalker.com/we-will-not-be-stopped-evangelical-persecution-catholicism-and-zapatismo.pdf
    • http://www.gorillawalker.com/kraftfahrtechnisches-taschenbuch-german-edition.pdf
    • http://www.gorillawalker.com/theme-parks-as-flagship-attractions-in-peripheral-areas.pdf
    • http://www.gorillawalker.com/ultralight-boatbuilding.pdf
    • http://www.gorillawalker.com/junk-bonds-a-guide-to-aggressive-high-yield-investing.pdf
    • http://www.gorillawalker.com/water-treatment-troubleshooting-and-problem-solving.pdf
    • http://www.gorillawalker.com/the-art-of-war-36-strategies-for-texas-hold-em.pdf
    • http://www.gorillawalker.com/the-nicaraguan-mosquitia-in-historical-documents-1844-1927-the-dynamics.pdf
    • http://www.gorillawalker.com/solid-state-electronic-devices-6th-edition.pdf
    • http://www.gorillawalker.com/maps-of-meaning-the-architecture-of-belief.pdf
    • http://www.gorillawalker.com/curating-dublin-city-notebook-for-dublin-ireland-a-d-i.pdf
    • http://www.gorillawalker.com/oxford-studies-in-agency-responsibility-volume-3.pdf
    • http://www.gorillawalker.com/the-bounds-of-sense-an-essay-on-kant-s-critiq
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.