Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7c257f4f895673c…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 18:31:48 +03:00 Authoring application: FrameMaker 8.0 (via Acrobat Distiller 10.0.1 (Windows))
MD5: f68061b7b025412df3f53eb03c115374 SHA-1: 358eb7cb61d2fff4702b7eef71320d50cfe7241a SHA-256: d7c257f4f895673ce71b26cddce021b278bf2f7c9d6e5ee2938e1dbe5ea124d1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links pointing to external PDF documents, primarily hosted on 'www.gorillawalker.com'. This technique is often used to create a link farm for SEO manipulation or to distribute a large volume of potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/food-additive-user-s-handbook.pdf
    • http://www.gorillawalker.com/keys-to-fungi-on-dung.pdf
    • http://www.gorillawalker.com/another-look-at-estj.pdf
    • http://www.gorillawalker.com/reinventing-the-practice-of-law.pdf
    • http://www.gorillawalker.com/learn-how-to-draw-human-figures-for-the-absolute-beginner.pdf
    • http://www.gorillawalker.com/los-tres-cerditos-aviadores-spanish-edition.pdf
    • http://www.gorillawalker.com/handbook-of-second-and-foreign-language-writing-handbooks-of-applied.pdf
    • http://www.gorillawalker.com/mtel-history-06-social-science-teacher-certification-test-prep-study.pdf
    • http://www.gorillawalker.com/sick-in-bed-the-creamy-wet-nurses-book-5.pdf
    • http://www.gorillawalker.com/one-man-s-london-twenty-years-on.pdf
    • http://www.gorillawalker.com/communities-magazine-66-spring-1985-directory-1985-kindle-edition.pdf
    • http://www.gorillawalker.com/tie-me-one-night-with-sole-regret-series-book-5.pdf
    • http://www.gorillawalker.com/medical-pocket-dictionary-w-rterbuch-medizin-und-pflege-deutsch-englisch.pdf
    • http://www.gorillawalker.com/merrill-s-atlas-of-radiographic-positions-and-radiologic-procedures-volume.pdf
    • http://www.gorillawalker.com/vested-in-grace-marriage-and-priesthood-in-the-christian-east.pdf
    • http://www.gorillawalker.com/trek-an-american-woman-two-small-children-and-survival-in.pdf
    • http://www.gorillawalker.com/liberty-and-union-a-constitutional-history-of-the-united-states.pdf
    • http://www.gorillawalker.com/polyphemus.pdf
    • http://www.gorillawalker.com/pharmako-dynamis-stimulating-plants-potions-herbcraft.pdf
    • http://www.gorillawalker.com/trombone-concerto-part-s-kalmus-edition.pdf
    • http://www.gorillawalker.com/songs-of-the-cotton-grass-for-soprano-and-oboe-or.pdf
    • http://www.gorillawalker.com/policy-studies-for-educational-leaders-an-introduction-4th-edition-allyn.pdf
    • http://www.gorillawalker.com/camino-de-santiago-to-walk-far-carry-less.pdf
    • http://www.gorillawalker.com/nystce-bilingual-education-assessment-spanish-024-test-flashcard-study-system.pdf
    • http://www.gorillawalker.com/twilight-music-from-the-motion-picture-score-for-big-note.pdf
    • http://www.gorillawalker.com/diccionario-de-f-tbol-spanish-edition.pdf
    • http://www.gorillawalker.com/female-ejaculation-and-the-g-spot-not-your-mother-s.pdf
    • http://www.gorillawalker.com/british-military-airfield-architecture-from-airships-to-the-jet-age.pdf
    • http://www.gorillawalker.com/social-and-political-riddles-in-hinduism-kindle-edition.pdf
    • http://www.gorillawalker.com/ship-handling.pdf
    • http://www.gorillawalker.com/by-claire-belton-pusheen-the-cat-2015-wall-calendar-wal.pdf
    • http://www.gorillawalker.com/zeus-volume-1-set-zeus-2-part-set-a-study.pdf
    • http://www.gorillawalker.com/the-11-verbal-reasoning-practice-book-with-assessment-tests-ages.pdf
    • http://www.gorillawalker.com/barker-plays-five.pdf
    • http://www.gorillawalker.com/paramourn-unfortunate-romances-kindle-edition.pdf
    • http://www.gorillawalker.com/top-of-the-world-toot-puddle.pdf
    • http://www.gorillawalker.com/i-figli-del-pozzo-di-carne-victorian-solstice-episodio-3.pdf
    • http://www.gorillawalker.com/god-finds-religion.pdf
    • http://www.gorillawalker.com/o-connor-s-texas-rules-civil-trials-2013.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-theory-and-problems-of-reinforced-concrete.pdf
    • http://www.gorillawalker.com/mtel-history-06-social-science-teacher-certification-test-prep-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.