Malicious PDF — malware analysis report

Static analysis result for SHA-256 daac6915f0849918…

MALICIOUS

PDF

45.5 KB Created: 2019-03-17 11:02:47 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: cff398a52fc9a6dcea4843de2357c23a SHA-1: 90086c1b791fc47528ce0c7169fd52c74c557d7b SHA-256: daac6915f08499182c57fafd0b0679aaa0eee577dd378d2533e481b61bce8557
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to various PDF files on the domain 'www.gorillawalker.com'. This is indicative of a link farm or SEO manipulation tactic, which can be used to distribute malicious content or drive traffic to malicious sites. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/homeric-hymns-penguin-classics.pdf
    • http://www.gorillawalker.com/misfortune-cookies-when-the-fat-ladies-sing-cozy-mystery-series.pdf
    • http://www.gorillawalker.com/cuckold-massage-cheating-wife-interracial-cuckold-erotica-cuckold-by-a.pdf
    • http://www.gorillawalker.com/howl-s-moving-castle.pdf
    • http://www.gorillawalker.com/introduction-to-clinical-pharmacology-study-guide-6th-edition.pdf
    • http://www.gorillawalker.com/small-memory-software-patterns-for-systems-with-limited-memory-software.pdf
    • http://www.gorillawalker.com/the-four-imams.pdf
    • http://www.gorillawalker.com/dias-de-pinta-spanish-edition.pdf
    • http://www.gorillawalker.com/sex-and-the-single-superhero-the-thrust-diaries-one-to.pdf
    • http://www.gorillawalker.com/the-well-of-trapped-words-selected-stories.pdf
    • http://www.gorillawalker.com/mortal-crimes-2-7-more-thrillers-the-mortal-crimes-collection.pdf
    • http://www.gorillawalker.com/intellectual-property-law-in-cyberspace.pdf
    • http://www.gorillawalker.com/the-emergence-of-islam-classical-traditions-in-contemporary-perspective.pdf
    • http://www.gorillawalker.com/big-nate-in-the-zone-big-nate-series-book-6.pdf
    • http://www.gorillawalker.com/theory-and-application-of-holography.pdf
    • http://www.gorillawalker.com/the-hidden-charles-an-explorer-s-guide-to-the-charles.pdf
    • http://www.gorillawalker.com/european-competition-law-annual-2005-the-interaction-between-competition-law.pdf
    • http://www.gorillawalker.com/spectrum-language-arts-grade-7.pdf
    • http://www.gorillawalker.com/one-hundred-years-of-land-values-in-chicago-the-relationship.pdf
    • http://www.gorillawalker.com/national-security-law-5th-fifth-edition-bybanks.pdf
    • http://www.gorillawalker.com/delighting-in-god.pdf
    • http://www.gorillawalker.com/betty-crocker-cooking-basics-recipes-and-tips-to-cook-with.pdf
    • http://www.gorillawalker.com/perspective-artist-s-library.pdf
    • http://www.gorillawalker.com/alfred-yamaha-band-student-book-3-e-flat-baritone-saxophone.pdf
    • http://www.gorillawalker.com/hunting-across-the-danube-through-fields-forests-and-mountains-of.pdf
    • http://www.gorillawalker.com/devenir-mentalement-plus-solide-au-tennis-en-utilisant-la-meditation.pdf
    • http://www.gorillawalker.com/psychodynamic-psychiatry-in-clinical-practice-third-edition.pdf
    • http://www.gorillawalker.com/cumulative-chapter-vocabulary-lists-for-wheelock-s-latin-2nd-ed.pdf
    • http://www.gorillawalker.com/medieval-ovid-frame-narrative-and-political-allegory-the-new-middle.pdf
    • http://www.gorillawalker.com/ethiopia-the-roof-of-africa-discovering-our-heritage.pdf
    • http://www.gorillawalker.com/heroes-of-american-freedom-the-greatest-teachings-by-our-greatest.pdf
    • http://www.gorillawalker.com/machiavelli-philosopher-of-power-eminent-lives.pdf
    • http://www.gorillawalker.com/obscenity-rules-roth-v-united-states-and-the-long-struggle.pdf
    • http://www.gorillawalker.com/costa-rica-major-world-nations.pdf
    • http://www.gorillawalker.com/the-survival-guide-for-business-families.pdf
    • http://www.gorillawalker.com/women-s-power-and-roles-as-portrayed-in-visual-images.pdf
    • http://www.gorillawalker.com/grundz-ge-der-wirtschaftsinformatik-organisation-und-informationsverarbeitung-german-edition.pdf
    • http://www.gorillawalker.com/diagnostic-methods-chemical-bacteriological-and-microscopical-a-text-book-for.pdf
    • http://www.gorillawalker.com/the-kabbalah-of-money-jewish-insights-on-giving-owning-and.pdf
    • http://www.gorillawalker.com/war-stories-of-the-battle-of-the-bulge-kindle-edition.pdf
    • http://www.gorillawalker.com/dias-de-pinta-spa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.