Malicious PDF — malware analysis report

Static analysis result for SHA-256 ddc99e2dc5fd5fe7…

MALICIOUS

PDF

45.6 KB Created: 2018-11-23 08:05:46 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: a84d12cbcfae27a14244c3d2ed93ddd0 SHA-1: 8d8a6d70f2bd46a80b0e1ca611250ebcbaa1792b SHA-256: ddc99e2dc5fd5fe7e822c8f50902fb9fac0a66009a525e3e5bdad8ce5402fac2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/los-incas-economia-sociedad-y-estado-en-la-era-del.pdf
    • http://www.gorillawalker.com/the-lost-scrolls-earth-avatar-the-last-airbender.pdf
    • http://www.gorillawalker.com/hunger-mm-gay-incubus-paranormal-fantasy-romance-and-horror-erotica.pdf
    • http://www.gorillawalker.com/equity-and-trusts-lawcards-2010-2011.pdf
    • http://www.gorillawalker.com/the-dictionary-of-concise-writing-10-000-alternatives-to-wordy.pdf
    • http://www.gorillawalker.com/latina-lesbian-writers-and-artists.pdf
    • http://www.gorillawalker.com/the-smart-girl-s-guide-to-privacy-practical-tips-for.pdf
    • http://www.gorillawalker.com/design-theory-series-introduction-to-modern-engineering-2005-isbn-4000069349.pdf
    • http://www.gorillawalker.com/radar-design-principles.pdf
    • http://www.gorillawalker.com/origami-french-edition.pdf
    • http://www.gorillawalker.com/then-landry-said-to-staubach-the-best-dallas-cowboys-stories.pdf
    • http://www.gorillawalker.com/georgian-cuisine.pdf
    • http://www.gorillawalker.com/eczema-treatment-101-your-guide-book-to-healthy-skin-beauty.pdf
    • http://www.gorillawalker.com/atlas-israel-palestine-subjective-unconventional-mapping.pdf
    • http://www.gorillawalker.com/carpentry-residential-construction-academy-2nd-second-edition-by-vogt-floyd.pdf
    • http://www.gorillawalker.com/the-swiss-family-robinson-classic-illustrated-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/essays-on-the-quality-of-life-social-indicators-research-series.pdf
    • http://www.gorillawalker.com/cognitive-engineering-of-advanced-information-technology-for-air-force-systems.pdf
    • http://www.gorillawalker.com/brain-diseases-medical-research-subject-directory-of-etiology-occurrence-and.pdf
    • http://www.gorillawalker.com/when-wishes-were-horses.pdf
    • http://www.gorillawalker.com/being-responsible-first-step-nonfiction.pdf
    • http://www.gorillawalker.com/the-kolbrin-bible-21st-century-master-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/delphi-x-developer-s-handbook-with-includes-useful-ready-to.pdf
    • http://www.gorillawalker.com/resolving-environmental-conflict-towards-sustainable-community-development-social-environmental-sustainability.pdf
    • http://www.gorillawalker.com/the-king-arthur-flour-cookie-companion-the-essential-cookie-cookbook.pdf
    • http://www.gorillawalker.com/french-quarter-an-informal-history-of-the-new-orleans-underworld.pdf
    • http://www.gorillawalker.com/supervivencia-jungla-survival-jungle-supervivencia-survival-time-for-kids-nonfiction.pdf
    • http://www.gorillawalker.com/thailand-the-land-history-culture-live-to-travel-series.pdf
    • http://www.gorillawalker.com/wdj-s-approved-canned-foods-of-2014-an-article-from.pdf
    • http://www.gorillawalker.com/futile-diplomacy-a-history-of-arab-israeli-negotiations-1913-56.pdf
    • http://www.gorillawalker.com/iplates-volume-2-part-i-alma-in-the-wilderness-book.pdf
    • http://www.gorillawalker.com/highway-61-a-mckenzie-novel-mac-mckenzie-series-book-8.pdf
    • http://www.gorillawalker.com/mandatory-package-college-algebra-with-smart-cd-windows.pdf
    • http://www.gorillawalker.com/the-titanic-disaster-as-reported-in-the-british-national-press.pdf
    • http://www.gorillawalker.com/contemporary-american-reform-responsa-kindle-edition.pdf
    • http://www.gorillawalker.com/a-vhdl-primer.pdf
    • http://www.gorillawalker.com/home-farming-revolution-for-drylands-kindle-edition.pdf
    • http://www.gorillawalker.com/latex-nuns-and-the-cosmic-horror-part-1-erotic-dark.pdf
    • http://www.gorillawalker.com/pandemic-disease-in-the-medieval-world-rethinking-the-black-death.pdf
    • http://www.gorillawalker.com/all-about-ham-radio.pdf
    • http://www.gorillawalker.com/latina-lesbi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.