Malicious PDF — malware analysis report

Static analysis result for SHA-256 c98415eb126891dc…

MALICIOUS

PDF

34.0 KB Created: 2019-08-10 08:01:51 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 5d55241db7c2389a51f52708e7ef56b1 SHA-1: 0dfc63ba265965f9fdb78470e7fc9fb10eb8cdde SHA-256: c98415eb126891dcd68534736d1d0be388920012b71a6035cd2280dd74de2fd2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a vast collection of external resources hosted on the 'gorillawalker.com' domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/food-supplies-aftermath-foreign-economic-policy-of-the-united-states.pdf
    • http://www.gorillawalker.com/drugs-society-and-human-behavior.pdf
    • http://www.gorillawalker.com/examples-explanations-corporations.pdf
    • http://www.gorillawalker.com/software-verification-and-validation-for-practitioners-and-managers-second-edition.pdf
    • http://www.gorillawalker.com/drinking-water-and-infectious-disease-establishing-the-links.pdf
    • http://www.gorillawalker.com/angels-whisper-in-my-ear-incredible-stories-of-hope-and.pdf
    • http://www.gorillawalker.com/new-linguistic-and-exegetical-key-to-the-greek-new-testament.pdf
    • http://www.gorillawalker.com/the-lady-corsairs-volume-1.pdf
    • http://www.gorillawalker.com/pain-free-a-revolutionary-method-for-stopping-chronic-pain-2000.pdf
    • http://www.gorillawalker.com/the-penguin-book-of-witches-and-warlocks-tales-of-black.pdf
    • http://www.gorillawalker.com/using-research-in-practice-it-sounds-good-but-will-it.pdf
    • http://www.gorillawalker.com/korea-i-was-there.pdf
    • http://www.gorillawalker.com/space-time-integration-in-geography-and-giscience-research-frontiers-in.pdf
    • http://www.gorillawalker.com/life-2.pdf
    • http://www.gorillawalker.com/belleville-kindle-edition.pdf
    • http://www.gorillawalker.com/cheerleader-team-champs.pdf
    • http://www.gorillawalker.com/canicula-snapshots-of-a-girlhood-en-la-frontera.pdf
    • http://www.gorillawalker.com/and-still-the-waters-run.pdf
    • http://www.gorillawalker.com/the-three-little-pigs-los-tres-cerditos-keepsake-stories.pdf
    • http://www.gorillawalker.com/the-deeds-of-my-fathers-how-my-grandfather-and-father.pdf
    • http://www.gorillawalker.com/behind-the-mask-what-michael-jackson-s-body-language-told.pdf
    • http://www.gorillawalker.com/binibonhonpo-yuri-shashinshu-vol1-binibonhonpo-shashinshu-japanese-edition.pdf
    • http://www.gorillawalker.com/thucydides-on-strategy-grand-strategies-in-the-peloponnesian-war-and.pdf
    • http://www.gorillawalker.com/reed-s-engineering-drawing-for-marine-engineers-reed-s-practical.pdf
    • http://www.gorillawalker.com/global-road-warrior-for-zimbabwe-html-digital.pdf
    • http://www.gorillawalker.com/clavis-syriaca-a-key-to-the-ancient-syriac-version-called.pdf
    • http://www.gorillawalker.com/jerome-robbins-the-library-of-american-choreographers.pdf
    • http://www.gorillawalker.com/quick-and-easy-japanese-cooking-for-everyone.pdf
    • http://www.gorillawalker.com/dk-classics-hunchback-of-notre-dame.pdf
    • http://www.gorillawalker.com/the-world-at-a-glance-studies-in-continental-thought.pdf
    • http://www.gorillawalker.com/looking-for-mary-or-the-blessed-mother-and-me-compass.pdf
    • http://www.gorillawalker.com/tres-visiones-del-amor-en-la-obra-de-jose-marti.pdf
    • http://www.gorillawalker.com/destined-for-trouble-a-jules-cannon-mystery.pdf
    • http://www.gorillawalker.com/never-say-goodbye.pdf
    • http://www.gorillawalker.com/steck-vaughn-access-leveled-readers-grades-9-up-critical-thinking.pdf
    • http://www.gorillawalker.com/all-roads-lead-to-chicago.pdf
    • http://www.gorillawalker.com/harnham-down-study-score.pdf
    • http://www.gorillawalker.com/webtutor-tm-advantage-on-blackboard-1-term-6-months-printed.pdf
    • http://www.gorillawalker.com/estudios-historicos-acerca-de-la-republica-o-del-uruguay-defensa.pdf
    • http://www.gorillawalker.com/isaac-asimov-science-fiction-magazine-october-1982.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.