Malicious PDF — malware analysis report

Static analysis result for SHA-256 c712b4c2770c874e…

MALICIOUS

PDF

41.8 KB Created: 2018-11-15 18:33:58 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 13be32d4c4bb0eae17426378a1e8164b SHA-1: 59810be02af99f69f24d528d232a8de855316076 SHA-256: c712b4c2770c874efb1bf951500714db979230d0d624fc282bed9ca6039c6d85
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to PDFs on the 'gorillawalker.com' domain. The ML classifier also indicated a high probability of maliciousness. The document body contains numerous URLs, all of which appear to be part of this link farm, suggesting a SEO-based spam or phishing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/we-only-come-here-to-struggle-stories-from-berida-s.pdf
    • http://www.gorillawalker.com/john-tyler-the-accidental-president.pdf
    • http://www.gorillawalker.com/the-education-of-a-mathematician.pdf
    • http://www.gorillawalker.com/el-puente-de-los-asesinos-las-aventuras-del-capitan-alatriste.pdf
    • http://www.gorillawalker.com/the-forgotten-place-kindle-edition.pdf
    • http://www.gorillawalker.com/understanding-user-web-interactions-via-web-analytics-synthesis-lectures-on.pdf
    • http://www.gorillawalker.com/food-and-culture.pdf
    • http://www.gorillawalker.com/diet-and-exercise-journal-black-cover-i-ve-got-this.pdf
    • http://www.gorillawalker.com/adventures-of-ulysses.pdf
    • http://www.gorillawalker.com/optical-fibres-and-their-applications-v-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/how-to-start-a-hobby-in-juggling-kindle-edition.pdf
    • http://www.gorillawalker.com/southeast-treasure-hunter-s-gem-mineral-guide-where-how-to.pdf
    • http://www.gorillawalker.com/robes-of-honour-khilat-in-pre-colonial-and-colonial-india.pdf
    • http://www.gorillawalker.com/the-other-ones.pdf
    • http://www.gorillawalker.com/compendium-of-tourism-statistics.pdf
    • http://www.gorillawalker.com/precedent-memoirs-of-precedence-mountaintop-realness-go-ahead-and-jump.pdf
    • http://www.gorillawalker.com/how-to-create-a-website-in-under-30-minutes-make.pdf
    • http://www.gorillawalker.com/bill-of-fare-a-guide-to-hawaii-s-finest-restaurants.pdf
    • http://www.gorillawalker.com/the-best-167-medical-schools-2014-edition-graduate-school-admissions.pdf
    • http://www.gorillawalker.com/cross-border-insolvency-issues-of-conflict-of-laws-in-the.pdf
    • http://www.gorillawalker.com/how-to-beat-the-employment-game.pdf
    • http://www.gorillawalker.com/chroniques-de-la-plantation-m.pdf
    • http://www.gorillawalker.com/architecture-liturgy-and-identity-liber-amicorum-paul-crossley-studies-in.pdf
    • http://www.gorillawalker.com/king-of-storms-five-kingdoms-book-2.pdf
    • http://www.gorillawalker.com/power-transmission-and-motion-control-ptmc-2000.pdf
    • http://www.gorillawalker.com/jewish-humor-classics-in-communication-and-mass-culture-series.pdf
    • http://www.gorillawalker.com/living-in-denver.pdf
    • http://www.gorillawalker.com/thermodynamics-made-simple-for-energy-engineers.pdf
    • http://www.gorillawalker.com/resume-forensics-how-to-find-free-resumes-and-passive-candidates.pdf
    • http://www.gorillawalker.com/the-fly-swatter-how-my-grandfather-made-his-way-in.pdf
    • http://www.gorillawalker.com/aquatic-responses-to-watershed-clearcutting-implications-for-forestry-and-fisheries.pdf
    • http://www.gorillawalker.com/cuckolded-by-the-russian-billionaire.pdf
    • http://www.gorillawalker.com/education-and-the-kyoto-school-of-philosophy-pedagogy-for-human.pdf
    • http://www.gorillawalker.com/journal-of-the-world-universities-forum-volume-3-number-1.pdf
    • http://www.gorillawalker.com/ghost-in-the-shell-volume-2-man-machine-interface-v.pdf
    • http://www.gorillawalker.com/evaluacion-psicologica-modelos-y-tecnicas-psychological-assessment-models-and-techniques.pdf
    • http://www.gorillawalker.com/how-to-make-professional-animations-kindle-edition.pdf
    • http://www.gorillawalker.com/after-the-fall-the-districts-volume-2-paperback.pdf
    • http://www.gorillawalker.com/blood-orchids-lei-crime-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/aviones-supersonicos-supersonic-jets-vehiculos-de-alta-tecnologia-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.