Malicious PDF — malware analysis report

Static analysis result for SHA-256 d477f7109a19f612…

MALICIOUS

PDF

44.7 KB Created: 2018-12-14 20:39:03 +03:00 Authoring application: - (via ProcessText Group)
MD5: 3aaf2e3e83d3f1640c9f22ad12219801 SHA-1: 987ff4d161a82dbd66c49de7ff19d217d1a22627 SHA-256: d477f7109a19f612edc4110041e5a873c03d24a803a41a685c8ded92764e984e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a link farm. The primary heuristic identified a "PDF_SEO_LINK_FARM" with 32 external PDF links, suggesting the document's purpose is to redirect users to a large collection of other PDFs hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ortho-s-all-about-deck-and-patio-upgrades.pdf
    • http://www.gorillawalker.com/senegal-modern-senegalese-recipes-from-the-source-to-the-bowl.pdf
    • http://www.gorillawalker.com/art-of-rozz-williams-from-christian-death-to-death.pdf
    • http://www.gorillawalker.com/larousse-wine-the-world-s-greatest-vines-estates-and-regions.pdf
    • http://www.gorillawalker.com/bakery-products-in-the-gcc-download-pdf-digital.pdf
    • http://www.gorillawalker.com/fractals-images-of-chaos-penguin-press-science-by-lauwerier-hans.pdf
    • http://www.gorillawalker.com/greedy-algorithms-for-vlsi-placement-and-routing-computer-sciences-technical.pdf
    • http://www.gorillawalker.com/l-a-freeway-an-appreciative-essay.pdf
    • http://www.gorillawalker.com/1001-things-to-spot-in-the-sea-usborne-1001-things.pdf
    • http://www.gorillawalker.com/the-price-of-fame-thoroughbred-series-64.pdf
    • http://www.gorillawalker.com/eyes-of-integrity-the-porn-pandemic-and-how-it-affects.pdf
    • http://www.gorillawalker.com/coastal-planning-and-management.pdf
    • http://www.gorillawalker.com/101-businesses-you-can-start-with-less-than-one-thousand.pdf
    • http://www.gorillawalker.com/vua-khi-ra-doi-the-making-of-monkey-king-adventures.pdf
    • http://www.gorillawalker.com/detection-estimation-and-modulation-theory-set-volumes-i-iii-iv.pdf
    • http://www.gorillawalker.com/chemometrics-with-r-multivariate-data-analysis-in-the-natural-sciences.pdf
    • http://www.gorillawalker.com/captive-society-the-basij-militia-and-social-control-in-iran.pdf
    • http://www.gorillawalker.com/earth-matters-the-earth-sciences-philosophy-and-the-claims-of.pdf
    • http://www.gorillawalker.com/how-to-live-on-mars-a-trusty-guidebook-to-surviving.pdf
    • http://www.gorillawalker.com/retail-supply-chain-management-quantitative-models-and-empirical-studies-international.pdf
    • http://www.gorillawalker.com/student-manual-for-corey-s-theory-and-practice-of-group.pdf
    • http://www.gorillawalker.com/pr-tentieux-insolent-mais-irr-sistible-8-french-edition.pdf
    • http://www.gorillawalker.com/band-instruments-my-little-sound-book-my-little-sound-books.pdf
    • http://www.gorillawalker.com/collins-canadian-essential-dictionary-and-thesaurus.pdf
    • http://www.gorillawalker.com/ferretti-art-of-production-design-english-and-italian-edition.pdf
    • http://www.gorillawalker.com/the-names-of-the-holy-spirit-understanding-the-names-of.pdf
    • http://www.gorillawalker.com/remembering-simplified-hanzi-2.pdf
    • http://www.gorillawalker.com/tying-the-knot-lucky-luke-lucky-luke-adventures-volume-45.pdf
    • http://www.gorillawalker.com/revelations-of-the-new-lemuria-telos-vol-1.pdf
    • http://www.gorillawalker.com/2006-international-code-council-electrical-code-administrative-provisions.pdf
    • http://www.gorillawalker.com/alternative-dispute-resolution-2011-2012-ed-texas-practice-guide.pdf
    • http://www.gorillawalker.com/keys-to-the-trematoda-cabi.pdf
    • http://www.gorillawalker.com/computer-confluence-business-3rd-edition.pdf
    • http://www.gorillawalker.com/mosby-s-comprehensive-review-of-radiography-the-complete-study-guide.pdf
    • http://www.gorillawalker.com/4th-of-july-women-s-murder-club-kindle-edition.pdf
    • http://www.gorillawalker.com/12th-five-year-plan-of-the-national-higher-vocational-education.pdf
    • http://www.gorillawalker.com/clinical-physiology-made-ridiculously-simple.pdf
    • http://www.gorillawalker.com/where-is-this-a-satellite-photos-knowledge-cards-quiz-deck.pdf
    • http://www.gorillawalker.com/the-message-the-reselling-of-president-obama.pdf
    • http://www.gorillawalker.com/journal-of-acquired-immune-deficiency-syndromes-and-human-retrovirology.pdf
    • http://www.gorillawalker.com/bakery-products-in-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.