Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5da79da8af35e45…

MALICIOUS

PDF

37.9 KB Created: 2019-04-08 18:39:18 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: b542ffe62dcfb9ab3abebda182cd0b27 SHA-1: 97e74a738ad90dc3eb52b50020e089bb1aed690f SHA-256: d5da79da8af35e4539ef7f5f28bbe30806745167fc712c692251a6deb6fbca46
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to drive traffic to the gorillawalker.com domain, potentially for distributing malware or phishing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8979

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/forced-femme-bisexual-cuckold-stories.pdf
    • http://www.gorillawalker.com/williams-sonoma-new-flavors-for-vegetables-classic-recipes-redefined-new.pdf
    • http://www.gorillawalker.com/tivo-for-dummies.pdf
    • http://www.gorillawalker.com/genetics-a-conceptual-approach-5th-edition.pdf
    • http://www.gorillawalker.com/born-to-use-mics-reading-nas-s-illmatic.pdf
    • http://www.gorillawalker.com/coconut-s-puzzle-book.pdf
    • http://www.gorillawalker.com/invitation-to-fly-basics-for-the-private-pilot.pdf
    • http://www.gorillawalker.com/be-a-zoologist-be-a-scientist.pdf
    • http://www.gorillawalker.com/voices-of-many-waters-or-travels-in-the-lands-of.pdf
    • http://www.gorillawalker.com/enlightening-adjusting-and-saving-lives-3rd-edition-20-years-of.pdf
    • http://www.gorillawalker.com/a-dictionary-of-construction-surveying-and-civil-engineering-oxford-paperback.pdf
    • http://www.gorillawalker.com/how-to-play-running.pdf
    • http://www.gorillawalker.com/jump-starting-boys-help-your-reluctant-learner-find-success-in.pdf
    • http://www.gorillawalker.com/keres-best-games-of-chess-1931-1948.pdf
    • http://www.gorillawalker.com/view-from-another-shore-european-science-fiction-liverpool-university-press.pdf
    • http://www.gorillawalker.com/uncle-tom-s-cabin-large-print.pdf
    • http://www.gorillawalker.com/microscopy-as-a-hobby-a-21st-century-quick-start-guide.pdf
    • http://www.gorillawalker.com/l-assurance-des-risques-sp.pdf
    • http://www.gorillawalker.com/the-jewish-home-advisor.pdf
    • http://www.gorillawalker.com/victimized-daughters-incest-and-the-development-of-the-female-self.pdf
    • http://www.gorillawalker.com/electronics-optoelectronics-nanodots-in-superconductor-wire-reduce-manufacturing-costs-an.pdf
    • http://www.gorillawalker.com/trading-from-your-gut-how-to-use-right-brain-instinct.pdf
    • http://www.gorillawalker.com/nevada-impressions.pdf
    • http://www.gorillawalker.com/practical-aspects-of-rape-investigation-a-multidisciplinary-approach-practical-aspects.pdf
    • http://www.gorillawalker.com/lectures-of-the-arya.pdf
    • http://www.gorillawalker.com/dc-dc-converter-integrated-circuit-and-application-hybrid-dc-dc.pdf
    • http://www.gorillawalker.com/little-bunnys-easter-surprise.pdf
    • http://www.gorillawalker.com/data-structures-using-c-programming.pdf
    • http://www.gorillawalker.com/world-futsal-magazine-plus-vol141-practice-to-be-habit-entre.pdf
    • http://www.gorillawalker.com/classical-artinian-rings-and-related-topics.pdf
    • http://www.gorillawalker.com/pizzas-rellenas-y-calzones-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/tannh-user-wwv-70-dresden-version-complete-opera-full-score.pdf
    • http://www.gorillawalker.com/wind-of-promise-wind-series-book-3.pdf
    • http://www.gorillawalker.com/knocking-down-barriers-my-fight-for-black-america-chicago-lives.pdf
    • http://www.gorillawalker.com/snapwords-spelling-dictionary.pdf
    • http://www.gorillawalker.com/solar-energy-research-and-advancement-act-of-2007-paperback-common.pdf
    • http://www.gorillawalker.com/the-wake.pdf
    • http://www.gorillawalker.com/get-the-edge-at-low-limit-texas-hold-em-from.pdf
    • http://www.gorillawalker.com/the-scream-factory-halloween-book-1.pdf
    • http://www.gorillawalker.com/schools-and-politics-the-kaum-muda-movement-in-west-sumatra.pdf
    • http://www.gorillawalker.com/voices-of-many-waters-or-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.