Malicious PDF — malware analysis report

Static analysis result for SHA-256 c79b22f534939308…

MALICIOUS

PDF

42.2 KB Created: 2018-12-15 08:09:45 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: 1112c0239f79428bd84e67c64f8bbd5c SHA-1: a25568d3e81b6cd24feb95e75f45a31e28b64d69 SHA-256: c79b22f534939308cbe0e0d9538485ba499e6c0dcff9835d4ee7f61d75e30f3e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs pointing to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with 32 links predominantly hosted on www.gorillawalker.com. This suggests the document's primary purpose is to redirect users to a large collection of other documents, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-food-of-the-god-s.pdf
    • http://www.gorillawalker.com/emma-a-modern-retelling-random-house-large-print.pdf
    • http://www.gorillawalker.com/edexcel-gce-history-as-unit-1-f7-from-second-reich.pdf
    • http://www.gorillawalker.com/grain-free-top-45-grain-free-recipes-including-dessert-recipes.pdf
    • http://www.gorillawalker.com/hart-on-responsibility-philosophers-in-depth.pdf
    • http://www.gorillawalker.com/the-boys-book-of-adventure-best-at-everything.pdf
    • http://www.gorillawalker.com/froggy-s-playtime-activity-book-with-reusable-stickers-a-story.pdf
    • http://www.gorillawalker.com/automatic-sequences-theory-applications-generalizations.pdf
    • http://www.gorillawalker.com/test-item-file-the-cultural-landscape-an-introduction-to-human.pdf
    • http://www.gorillawalker.com/oracle-database-11g-pl-sql-programming-oracle-press-kindle-edition.pdf
    • http://www.gorillawalker.com/gunpowder-alchemy-gunpowder-chronicles-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/securing-civil-rights-freedmen-the-fourteenth-amendment-and-the-right.pdf
    • http://www.gorillawalker.com/vita-privata-p-i-italian-edition.pdf
    • http://www.gorillawalker.com/business-law-barron-s-business-review-series.pdf
    • http://www.gorillawalker.com/holland-the-rough-guide-second-edition-1st-ed.pdf
    • http://www.gorillawalker.com/suppressive-antiviral-therapy-reduces-transmission-of-genital-herpes-first-evidence.pdf
    • http://www.gorillawalker.com/erotic-adventures.pdf
    • http://www.gorillawalker.com/elements-of-chemical-physics.pdf
    • http://www.gorillawalker.com/s-per-chistes-super-jokes-los-chistes-m-s-tronchantes.pdf
    • http://www.gorillawalker.com/london-street-atlas-a-z-street-atlas-2013.pdf
    • http://www.gorillawalker.com/phallic-dreams-gender-transformation-erotica.pdf
    • http://www.gorillawalker.com/herodiade-air-de-salome-voice-and-piano-mezzo-soprano-sheet.pdf
    • http://www.gorillawalker.com/the-prime-numbers-and-their-distribution-student-mathematical-library-vol.pdf
    • http://www.gorillawalker.com/methods-of-research-in-social-psychology.pdf
    • http://www.gorillawalker.com/deadpool-max.pdf
    • http://www.gorillawalker.com/the-world-s-great-masterpieces-history-biography-science-philosophy-poetry.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-new-jules-verne-adventures-return-to.pdf
    • http://www.gorillawalker.com/colonial-virginians-and-their-maryland-relatives.pdf
    • http://www.gorillawalker.com/50-syncopated-solos-for-snare-drum.pdf
    • http://www.gorillawalker.com/the-a-z-sisters-go-to-the-zoo.pdf
    • http://www.gorillawalker.com/ju-ju-and-justice-in-nigeria.pdf
    • http://www.gorillawalker.com/rasslers-ranglers-rough-guys-the-erotic-art-of-matt-brush.pdf
    • http://www.gorillawalker.com/steinbrenner-the-last-lion-of-baseball.pdf
    • http://www.gorillawalker.com/kelsey-green-reading-queen-franklin-school-friends.pdf
    • http://www.gorillawalker.com/nye-slentreture-i-rom-danish-edition.pdf
    • http://www.gorillawalker.com/imperial-expectations-and-realities-el-dorados-utopias-and-dystopias-studies.pdf
    • http://www.gorillawalker.com/fun-for-2-violins.pdf
    • http://www.gorillawalker.com/nigeria-the-culture-lands-peoples-and-cultures.pdf
    • http://www.gorillawalker.com/i-m-a-cliche-kindle-edition.pdf
    • http://www.gorillawalker.com/little-plum.pdf
    • http://www.gorillawalker.com/automatic-sequence
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.