Malicious PDF — malware analysis report

Static analysis result for SHA-256 d2156a0b90f7fc04…

MALICIOUS

PDF

34.6 KB Created: 2020-03-13 01:12:46 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: d755e48d21c0bc9fece87d0ca15fa83b SHA-1: 1cb79c81e2ecc89c85951eb18a9b2cf72382435d SHA-256: d2156a0b90f7fc049f31fd227d9053f330ce3e0f6f6915cc149e108a19d4343e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious documents. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tourist-activities-in-multimodal-texts-an-analysis-of-croatian-and.pdf
    • http://www.gorillawalker.com/differential-equations-for-dummies.pdf
    • http://www.gorillawalker.com/data-structures-and-abstractions-with-java-4th-edition.pdf
    • http://www.gorillawalker.com/rechtsschutz-gegen-inhalts-und-nebenbestimmungen-zu-verwaltungsakten-schriften-zum-deutschen.pdf
    • http://www.gorillawalker.com/reel-therapy-how-movies-inspire-you-to-overcome-life-s.pdf
    • http://www.gorillawalker.com/keydata-uk-atlas-econet.pdf
    • http://www.gorillawalker.com/pspice-and-matlab-for-electronics-an-integrated-approach-second-edition.pdf
    • http://www.gorillawalker.com/understanding-criminal-procedure-volume-one-investigation.pdf
    • http://www.gorillawalker.com/did-time-begin-will-time-end-maybe-the-big-bang.pdf
    • http://www.gorillawalker.com/bella-tuscany.pdf
    • http://www.gorillawalker.com/weekend-with-renoir.pdf
    • http://www.gorillawalker.com/sex-rx-hormones-health-and-your-best-sex-ever.pdf
    • http://www.gorillawalker.com/female-urinary-incontinence-in-practice.pdf
    • http://www.gorillawalker.com/high-camp-a-gay-guide-to-camp-and-cult-films.pdf
    • http://www.gorillawalker.com/public-discourse-in-america-conversation-and-community-in-the-twenty.pdf
    • http://www.gorillawalker.com/the-few-leone-scamarcio.pdf
    • http://www.gorillawalker.com/when-i-m-sleepy-turtleback-school-library-binding-edition-picture.pdf
    • http://www.gorillawalker.com/things-are-going-great-in-my-absence.pdf
    • http://www.gorillawalker.com/buddhism-the-basics.pdf
    • http://www.gorillawalker.com/who-knows-tomorrow-a-memoir-of-finding-family-among-the.pdf
    • http://www.gorillawalker.com/day-hiking-snoqualmie-region-2nd-edition-cascade-foothills-i-90.pdf
    • http://www.gorillawalker.com/writer-s-choice-grammar-and-composition-grade-6-student-edition.pdf
    • http://www.gorillawalker.com/for-the-beauty-of-the-earth-satb-vocal-score-oxford.pdf
    • http://www.gorillawalker.com/keyboard-anthology-second-series-book-iv-keyboard-anthologies-abrsm-bk.pdf
    • http://www.gorillawalker.com/business-organizations-and-corporate-law-07-by-bevans-neal-r.pdf
    • http://www.gorillawalker.com/god-revealed-your-image-of-him-changes-everything-being-with.pdf
    • http://www.gorillawalker.com/classic-car-bodywork-restoration-manual-4th-edition-the-complete-illustrated.pdf
    • http://www.gorillawalker.com/by-william-j-thomson-introduction-to-transport-phenomena-1st-edition.pdf
    • http://www.gorillawalker.com/controller-area-network-projects.pdf
    • http://www.gorillawalker.com/financial-accountability-in-nepal-a-country-assessment-country-studies.pdf
    • http://www.gorillawalker.com/review-of-fisheries-in-oecd-countries-country-statistics-2006-edition.pdf
    • http://www.gorillawalker.com/burnham-s-celestial-handbook-an-observer-s-guide-to-the.pdf
    • http://www.gorillawalker.com/introduction-to-modern-physics-international-series-in-pure-and-applied.pdf
    • http://www.gorillawalker.com/bolshevik-women.pdf
    • http://www.gorillawalker.com/hemp-the-worlds-next-most-popular-commodity-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/el-a-o-de-la-muerte-de-ricardo-reis-spanish.pdf
    • http://www.gorillawalker.com/sinatra-behind-the-legend-digital.pdf
    • http://www.gorillawalker.com/varieties-of-logic.pdf
    • http://www.gorillawalker.com/selling-tourism-services-at-a-distance-an-analysis-of-the.pdf
    • http://www.gorillawalker.com/the-agile-executive-primer-a-practical-guide-to-the-approach.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.