Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6201ac7caadb286…

MALICIOUS

PDF

41.6 KB Created: 2018-12-14 20:07:11 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 9e05d54ec385cdf38b409d5d5945bba3 SHA-1: 54fb52c8d2acfad1e16f3a09a48dd20c1afe718c SHA-256: e6201ac7caadb28663cd82a88c2a11db1ff05a4755ba30faa3d492e58f977d67
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically to PDF files on the domain 'gorillawalker.com'. The ML classifier also indicated a high probability of maliciousness. The document body contained obfuscated text and embedded URLs, reinforcing the finding of a link farm. This pattern suggests an attempt to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/second-cooperative-sports-and-games-book.pdf
    • http://www.gorillawalker.com/in-the-making-of-a-profession-the-national-college-of.pdf
    • http://www.gorillawalker.com/the-national-gallery-address-book.pdf
    • http://www.gorillawalker.com/adamantine.pdf
    • http://www.gorillawalker.com/romantic-home-sewing-cottage-style-projects-to-stitch-for-the.pdf
    • http://www.gorillawalker.com/the-treasury-of-david-spurgeon-s-classic-work-on-the.pdf
    • http://www.gorillawalker.com/fuel-cells-technology-alternative-fuels-and-fuel-processing.pdf
    • http://www.gorillawalker.com/forbidden-fruits-a-classic-victorian-erotic-novel.pdf
    • http://www.gorillawalker.com/my-life-in-and-out-of-the-rough-kindle-edition.pdf
    • http://www.gorillawalker.com/offsides-kindle-edition.pdf
    • http://www.gorillawalker.com/baby-jesus-is-born.pdf
    • http://www.gorillawalker.com/ez-play-today-301-kid-s-songfest.pdf
    • http://www.gorillawalker.com/the-will-to-orthodoxy-a-critical-genealogy-of-northern-chan.pdf
    • http://www.gorillawalker.com/hot-wire-kindle-edition.pdf
    • http://www.gorillawalker.com/arizona-the-wonderful-country-tucson-its-metropolis-a-comprehensive-review.pdf
    • http://www.gorillawalker.com/classical-electric-shred-guitar-the-sorcerer-s-apprentice-for-electric.pdf
    • http://www.gorillawalker.com/creamy-and-fertile-mfm-coed-football-player-erotica-hucow-university.pdf
    • http://www.gorillawalker.com/murder-shoots-the-bull-southern-sisters-mystery.pdf
    • http://www.gorillawalker.com/handbook-of-entrepreneurship-and-sustainable-development-research-elgar-original-reference.pdf
    • http://www.gorillawalker.com/the-kids-are-all-right-the-shooting-script.pdf
    • http://www.gorillawalker.com/the-10-year-plan.pdf
    • http://www.gorillawalker.com/fidic-quick-reference-guide-subcontract-book.pdf
    • http://www.gorillawalker.com/dispersing-the-ghetto-the-relocation-of-jewish-immigrants-across-america.pdf
    • http://www.gorillawalker.com/john-three-sixteen.pdf
    • http://www.gorillawalker.com/in-touch-the-letters-of-paul-bowles.pdf
    • http://www.gorillawalker.com/cardiovascular-disease-and-diet-nutrition-and-health.pdf
    • http://www.gorillawalker.com/uro-4-impact-of-age-number-of-biopsies-and-prostate.pdf
    • http://www.gorillawalker.com/nuevos-ensayos-sobre-la-compresion-musical-new-essays-on-the.pdf
    • http://www.gorillawalker.com/the-olive-grove-a-palestinian-story.pdf
    • http://www.gorillawalker.com/contemplation-kindle-edition.pdf
    • http://www.gorillawalker.com/digital-dragon-high-technology-enterprises-in-china-council-on-foreign.pdf
    • http://www.gorillawalker.com/kicking-cancer-in-the-kitchen-the-girlfriend-s-cookbook-and.pdf
    • http://www.gorillawalker.com/ne-plus-ulcers.pdf
    • http://www.gorillawalker.com/internet-linked-encyclopedia-of-peoples-of-the-world.pdf
    • http://www.gorillawalker.com/the-calling-of-emily-evans-women-of-the-west-book.pdf
    • http://www.gorillawalker.com/kjv-read-to-me-bible-for-kids-hardcover.pdf
    • http://www.gorillawalker.com/occupational-health-nursing.pdf
    • http://www.gorillawalker.com/empirical-political-analysis-quantitative-and-qualitative-research-methods-7th-edition.pdf
    • http://www.gorillawalker.com/adolescent-psychiatry-vol-14.pdf
    • http://www.gorillawalker.com/the-ape-in-the-corner-office-how-to-make-friends.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.