Malicious PDF — malware analysis report

Static analysis result for SHA-256 e136c9c000415d80…

MALICIOUS

PDF

31.8 KB Created: 2020-01-17 19:19:10 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 05cd3e345f71a451c5cd0e3361c9b716 SHA-1: 50fed99c9d1bd26b22d83556addb7f6104adc695 SHA-256: e136c9c000415d80fefbaf4a2d633eb869df427763131fcaedbb237e6cdfa643
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of external links pointing to PDF files on the domain www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic, potentially used to distribute further malicious content or to hide malicious activity within a large number of seemingly benign links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/umbria-supplemento-252.pdf
    • http://www.gorillawalker.com/the-shapeshifter-s-war.pdf
    • http://www.gorillawalker.com/new-trends-in-quantum-structures-mathematics-and-its-applications.pdf
    • http://www.gorillawalker.com/the-sioux-of-the-rosebud-a-history-in-pictures-the.pdf
    • http://www.gorillawalker.com/fearless-femininity-by-women-in-american-theatre-1910s-to-2010s.pdf
    • http://www.gorillawalker.com/the-business-of-enlightenment-publishing-history-of-the-encyclopedie-1775.pdf
    • http://www.gorillawalker.com/africa-my-passion.pdf
    • http://www.gorillawalker.com/weak-and-diffuse-modernity-the-world-of-projects-at-the.pdf
    • http://www.gorillawalker.com/dance-with-me-california-belly-dance-romance-volume-2.pdf
    • http://www.gorillawalker.com/morocco-national-map-742-michelin-national-maps.pdf
    • http://www.gorillawalker.com/office-wife-8-exceeding-expectations-volume-8.pdf
    • http://www.gorillawalker.com/city-of-knowledge-in-twentieth-century-iran-shiraz-history-and.pdf
    • http://www.gorillawalker.com/a-desperate-man-the-complete-series.pdf
    • http://www.gorillawalker.com/in-his-father-s-shadow-the-transformations-of-george-w.pdf
    • http://www.gorillawalker.com/depression-in-japan-psychiatric-cures-for-a-society-in-distress.pdf
    • http://www.gorillawalker.com/practical-guide-to-inspection-testing-and-certification-of-electrical-installations.pdf
    • http://www.gorillawalker.com/sars-deadly-diseases-and-epidemics.pdf
    • http://www.gorillawalker.com/siting-translation-history-post-structuralism-and-the-colonial-context.pdf
    • http://www.gorillawalker.com/the-richest-woman-in-babylon-and-manhattan-with-seven-timeless.pdf
    • http://www.gorillawalker.com/temporary-dom-bad-boys-of-rock-3-club-el-diablo.pdf
    • http://www.gorillawalker.com/charles-darwin-and-the-theory-of-evolution-inventions-and-discovery.pdf
    • http://www.gorillawalker.com/a-companion-to-literature-from-milton-to-blake-blackwell-companions.pdf
    • http://www.gorillawalker.com/edexcel-economics-student-guide-theme-1.pdf
    • http://www.gorillawalker.com/stuffology-101-get-your-mind-out-of-the-clutter.pdf
    • http://www.gorillawalker.com/six-language-dictionary-of-automation-electronics-and-scientific-instruments.pdf
    • http://www.gorillawalker.com/islamic-commercial-law.pdf
    • http://www.gorillawalker.com/managing-your-practice-a-guide-for-advanced-practice-nurses-springer.pdf
    • http://www.gorillawalker.com/linear-stochastic-control-systems-probability-and-stochastics-series.pdf
    • http://www.gorillawalker.com/st-petersburg-insight-compact-guide-st-petersburg.pdf
    • http://www.gorillawalker.com/hercules-miniature-editions.pdf
    • http://www.gorillawalker.com/the-history-of-lloyd-s-and-of-marine-insurance-in.pdf
    • http://www.gorillawalker.com/great-protector-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-green-eagle-score-a-parker-novel-parker-novels.pdf
    • http://www.gorillawalker.com/mountain-of-black-glass-otherland-book-3-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/cursive-handwriting-practice-workbook-for-teens.pdf
    • http://www.gorillawalker.com/fracture-mechanics-of-delamination-initiation-and-growth.pdf
    • http://www.gorillawalker.com/the-slavery-of-death.pdf
    • http://www.gorillawalker.com/the-little-book-of-big-excuses-more-strategies-and-techniques.pdf
    • http://www.gorillawalker.com/una-arruga-en-el-tiempo-spanish-edition.pdf
    • http://www.gorillawalker.com/ruaha-national-park-gallery-travel-guide.pdf
    • http://www.gorillawalker.com/office-wi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.