Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8e0d53389893955…

MALICIOUS

PDF

39.8 KB Created: 2018-11-23 08:00:51 +03:00 Authoring application: Adobe Acrobat 8.13 (via Adobe Acrobat 8.13 Image Conversion Plug-in)
MD5: 45033987c19616f3923b2949411318e1 SHA-1: c24000207ae00144b0067b00ca3c975c93297458 SHA-256: c8e0d533898939559628295de0d8d9439e93f29dd486278b48062993472e4fe6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/emotional-intelligence-how-to-increase-eq-interpersonal-skills-communication-skills.pdf
    • http://www.gorillawalker.com/extremis-n-a-starfire.pdf
    • http://www.gorillawalker.com/the-art-of-m-a-structuring-techniques-for-mitigating-financial.pdf
    • http://www.gorillawalker.com/loretto-the-sisters-and-their-santa-fe-chapel.pdf
    • http://www.gorillawalker.com/you-kindle-edition.pdf
    • http://www.gorillawalker.com/shared-by-the-cowboys-boxed-set-dp-hucow-taboo-pregnancy.pdf
    • http://www.gorillawalker.com/homilias-sobre-los-evangelios-de-domingos-ciclo-b-spanish-edition.pdf
    • http://www.gorillawalker.com/bronco-charlie-y-el-pony-express-bronco-charlie-and-the.pdf
    • http://www.gorillawalker.com/the-complete-beginners-guide-to-shaving-brushes-by-mens-shaving.pdf
    • http://www.gorillawalker.com/how-to-be-a-gourmet-dormitory-chef.pdf
    • http://www.gorillawalker.com/behavior-in-public-places.pdf
    • http://www.gorillawalker.com/introductory-graph-theory-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/magic-1400s-1950s.pdf
    • http://www.gorillawalker.com/html-xhtml-and-css-introductory-available-titles-skills-assessment-manager.pdf
    • http://www.gorillawalker.com/los-infortunios-de-la-virtud-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/wild-from-lost-to-found-on-the-pacific-crest-trail.pdf
    • http://www.gorillawalker.com/prayer-for-a-child-kindle-edition.pdf
    • http://www.gorillawalker.com/color-doppler-3d-ultrasound-in-gynecology-infertility-obstetrics.pdf
    • http://www.gorillawalker.com/mastering-french-with-designer-cd-travel-case-global-access-french.pdf
    • http://www.gorillawalker.com/classic-papers-in-orthopaedics.pdf
    • http://www.gorillawalker.com/the-common-law-the-john-harvard-library.pdf
    • http://www.gorillawalker.com/the-uncomplicated-gourmet-grazing-the-hors-d-oeuvre-dinner-party.pdf
    • http://www.gorillawalker.com/reflections-on-the-cuban-missile-crisis-revised-to-include-new.pdf
    • http://www.gorillawalker.com/princeless-book-2-get-over-yourself.pdf
    • http://www.gorillawalker.com/civilization-on-trial.pdf
    • http://www.gorillawalker.com/punkzilla.pdf
    • http://www.gorillawalker.com/grandma-s-depression-recipes-how-to-make-money-in-the.pdf
    • http://www.gorillawalker.com/telling-the-story-the-gospel-in-a-technological-age.pdf
    • http://www.gorillawalker.com/rachel-s-tears-the-spiritual-journey-of-columbine-martyr-rachel.pdf
    • http://www.gorillawalker.com/the-basics-english-with-data-cd-rom.pdf
    • http://www.gorillawalker.com/when-summer-comes-owlet-book.pdf
    • http://www.gorillawalker.com/the-french-connection-a-quick-approach-to-spoken-french.pdf
    • http://www.gorillawalker.com/understanding-and-using-english-grammar-third-edition-full-student-edition.pdf
    • http://www.gorillawalker.com/advanced-circuit-analysis-and-design.pdf
    • http://www.gorillawalker.com/trading-with-the-sea-monster-trident-of-pleasure-sophie-s.pdf
    • http://www.gorillawalker.com/media-edition-of-nursing-in-the-community-3rd-edition.pdf
    • http://www.gorillawalker.com/corrupci-n-las-cloacas-del-poder-spanish-edition.pdf
    • http://www.gorillawalker.com/industrialization-inequality-and-economic-growth-economists-of-the-twentieth-century.pdf
    • http://www.gorillawalker.com/nuclear-magnetic-resonance-volume-40-specialist-periodical-reports.pdf
    • http://www.gorillawalker.com/dark-lies-the-island-stories.pdf
    • http://www.gorillawalker.com/homilias-sobre-los-evangelios-de-domingos-ciclo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.