Malicious PDF — malware analysis report

Static analysis result for SHA-256 e542cb7899ef721b…

MALICIOUS

PDF

43.7 KB Created: 2018-11-26 08:23:18 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0.5 (Windows))
MD5: c62a6bdc6e6a72ec4e33a1ee440c6f24 SHA-1: c0772c26da399204597ddee34127c843a6791abf SHA-256: e542cb7899ef721b073e25cabc71668924d637b416898b78d9ec2472096d6807
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or as a distribution mechanism for malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/presence-and-work-of-the-holy-spirit.pdf
    • http://www.gorillawalker.com/latino-magazines-newspapers-and-fotonovelas-a-selection-guide.pdf
    • http://www.gorillawalker.com/academic-libraries-achieving-excellence-in-higher-education-proceeding-of-the.pdf
    • http://www.gorillawalker.com/tupolev-tu-4-the-first-soviet-strategic-bomber.pdf
    • http://www.gorillawalker.com/bakushookankaranochinmailnazomail-japanese-edition.pdf
    • http://www.gorillawalker.com/three-vassar-girls-in-russia-and-turkey.pdf
    • http://www.gorillawalker.com/summit-avenue.pdf
    • http://www.gorillawalker.com/on-a-winter-s-night-douglas-e-wagner-satb-satb.pdf
    • http://www.gorillawalker.com/the-apple-bird-cat-on-the-mat-books.pdf
    • http://www.gorillawalker.com/best-of-try-this-one.pdf
    • http://www.gorillawalker.com/edexcel-gcse-maths-higher-student-book.pdf
    • http://www.gorillawalker.com/labour-s-path-to-political-independence-origins-and-establishment-of.pdf
    • http://www.gorillawalker.com/last-mission-for-a-reluctant-patriot-kindle-edition.pdf
    • http://www.gorillawalker.com/more-andrew-lloyd-webber-piano-solos.pdf
    • http://www.gorillawalker.com/nils-thor-granlund-show-business-entrepreneur-and-america-s-first.pdf
    • http://www.gorillawalker.com/nahum-malachi-interpretation-a-bible-commentary-for-teaching-and-preaching.pdf
    • http://www.gorillawalker.com/anesthesiology-board-review-pearls-of-wisdom-3-e.pdf
    • http://www.gorillawalker.com/mega-japanese-puzzles-volume-1.pdf
    • http://www.gorillawalker.com/feminist-literary-studies-an-introduction-canto-original-series.pdf
    • http://www.gorillawalker.com/design-evaluation-and-translation-of-nursing-interventions-by-souraya-sidani.pdf
    • http://www.gorillawalker.com/childhood-hair-pulling-usually-self-soothing-clinical-rounds-an-article.pdf
    • http://www.gorillawalker.com/pumpkin-town-or-nothing-is-better-and-worse-than-pumpkins.pdf
    • http://www.gorillawalker.com/three-fertile-gender-swaps-gender-transformation-box-set.pdf
    • http://www.gorillawalker.com/hal-leonard-george-harrison-the-dark-horse-years-1976-1992.pdf
    • http://www.gorillawalker.com/the-spiritual-traveler-chicago-and-illinois-a-guide-to-sacred.pdf
    • http://www.gorillawalker.com/act-american-college-testing-program-arco-academic-test-preparation-series.pdf
    • http://www.gorillawalker.com/guia-de-clinica-mayo-prostata-spanish-edition.pdf
    • http://www.gorillawalker.com/the-hobbit-an-unexpected-journey-the-movie-storybook.pdf
    • http://www.gorillawalker.com/love-s-unending-legacy-love-s-unfolding-dream-love-takes.pdf
    • http://www.gorillawalker.com/practical-solutions-for-stabilizing-students-with-classic-autism-to-be.pdf
    • http://www.gorillawalker.com/92-attraktionen-in-myanmar-german-edition.pdf
    • http://www.gorillawalker.com/global-compact-international-yearbook-2014.pdf
    • http://www.gorillawalker.com/brilliant-origami-a-collection-of-original-design.pdf
    • http://www.gorillawalker.com/cricket-s-greatest-rivalry-a-history-of-the-ashes-in.pdf
    • http://www.gorillawalker.com/italian-two-and-three-year-workbook.pdf
    • http://www.gorillawalker.com/daily-sketch-royal-family-calendar-1957.pdf
    • http://www.gorillawalker.com/half-pipe-prize-jake-maddox-girl-sports-stories.pdf
    • http://www.gorillawalker.com/racing-horses-horsing-around-paperback.pdf
    • http://www.gorillawalker.com/the-everything-twins-triplets-and-more-book-from-pregnancy-to.pdf
    • http://www.gorillawalker.com/the-moscow-puzzles-359-mathematical-recreations.pdf
    • http://www.gorillawalker.com/three-vassar-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.