Malicious PDF — malware analysis report

Static analysis result for SHA-256 dd1f32c99ffea3f6…

MALICIOUS

PDF

44.7 KB Created: 2018-12-15 08:10:50 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: ea8a7a1efc77f598d00bf9a8b85ee2a0 SHA-1: 47a1f28fede69128bb2963d4aa12287788c64d6a SHA-256: dd1f32c99ffea3f6e763203e2dad288b1e85f081d2e811c6a58c29e4ef526d53
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/an-introduction-to-linear-and-nonlinear-finite-element-analysis-a.pdf
    • http://www.gorillawalker.com/the-race-for-space-the-united-states-and-the-soviet.pdf
    • http://www.gorillawalker.com/communication-miracles-for-couples-easy-and-effective-tools-to-create.pdf
    • http://www.gorillawalker.com/world-executive-political-wall-map-enlarged-size-tubed-world-map.pdf
    • http://www.gorillawalker.com/boho-chic-jewelry-25-timeless-designs-using-soldering-beading-wire.pdf
    • http://www.gorillawalker.com/destino-con-sangre-spanish-edition.pdf
    • http://www.gorillawalker.com/phil-collins-the-new-deluxe-anthology.pdf
    • http://www.gorillawalker.com/albert-camus-und-der-algerienkrieg-die-auseinandersetzung-der-algerienfranz-sischen.pdf
    • http://www.gorillawalker.com/explosive-lifting-for-sports.pdf
    • http://www.gorillawalker.com/cosmology-theories-of-the-universe.pdf
    • http://www.gorillawalker.com/500-recipes-for-cocktails-and-mixed-drinks.pdf
    • http://www.gorillawalker.com/even-god-is-single-so-stop-giving-me-a-hard.pdf
    • http://www.gorillawalker.com/stochastic-models-statistics-and-their-applications-wroclaw-poland-february-2015.pdf
    • http://www.gorillawalker.com/what-the-corpse-revealed-murder-and-the-science-of-forensic.pdf
    • http://www.gorillawalker.com/quimica-analitica-7b-edicion-spanish-edition.pdf
    • http://www.gorillawalker.com/the-v-dan-first-salik-war.pdf
    • http://www.gorillawalker.com/life-magazine-may-28-1945.pdf
    • http://www.gorillawalker.com/programming-interviews-exposed-secrets-to-landing-your-next-job-2nd.pdf
    • http://www.gorillawalker.com/construction-law-for-managers-architects-and-engineers-by-white-nancy.pdf
    • http://www.gorillawalker.com/cambridge-english-young-learners-9-flyers-student-s-book-authentic.pdf
    • http://www.gorillawalker.com/if-you-change-your-words-it-will-transform-your-life.pdf
    • http://www.gorillawalker.com/writing-woman-writing-place-contemporary-australian-and-south-african-fiction.pdf
    • http://www.gorillawalker.com/index-herbariorum-part-1-the-herbaria-of-the-world-regnum.pdf
    • http://www.gorillawalker.com/predictive-modeling-and-the-ecology-of-hunter-gatherers-of-the.pdf
    • http://www.gorillawalker.com/if-the-man-you-love-was-abused-a-couple-s.pdf
    • http://www.gorillawalker.com/buen-viaje-level-2-workbook-and-audio-activities-student-edition.pdf
    • http://www.gorillawalker.com/generation-to-generation-family-process-in-church-and-synagogue.pdf
    • http://www.gorillawalker.com/limited-liability-jenny-parker-volume-3.pdf
    • http://www.gorillawalker.com/susan-b-anthony-junior-world-biographies.pdf
    • http://www.gorillawalker.com/an-analysis-of-government-life-insurance.pdf
    • http://www.gorillawalker.com/merry-christmas-everywhere-single-titles.pdf
    • http://www.gorillawalker.com/rex-allen-comic-book-edition-of-classic-western-movie-kindle.pdf
    • http://www.gorillawalker.com/outsourcing-and-the-power-of-five.pdf
    • http://www.gorillawalker.com/cape-cod-magazine-august-2014-stand-up-paddleboard-housing-market.pdf
    • http://www.gorillawalker.com/curie-haus-publishing-life-times.pdf
    • http://www.gorillawalker.com/lexington-kentucky-laminated-easyfinder-map-folded-map-map.pdf
    • http://www.gorillawalker.com/alligator-pie.pdf
    • http://www.gorillawalker.com/abbi-il-coraggio-di-conoscere.pdf
    • http://www.gorillawalker.com/developing-essential-understanding-of-functions-for-teaching-mathematics-in-grades.pdf
    • http://www.gorillawalker.com/deadlocked-sookie-stackhouse-true-blood-book-12.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.