Malicious PDF — malware analysis report

Static analysis result for SHA-256 e80dabc389e073a4…

MALICIOUS

PDF

43.8 KB Created: 2019-03-17 02:29:51 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: 21cce5c6cf62580f65bb026da5a1cbac SHA-1: 22cd28be3ef65e4f6217f01c1fc047587de9211d SHA-256: e80dabc389e073a475cd1fa273d4cf61304bc1ed36b415a041125253b88e55d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a phishing lure, aiming to direct users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/babe-the-life-and-legend-of-babe-didrikson-zaharias-sport.pdf
    • http://www.gorillawalker.com/the-fractal-company-a-revolution-in-corporate-culture-hardcover.pdf
    • http://www.gorillawalker.com/king-vol-ii.pdf
    • http://www.gorillawalker.com/cycling-3rd-edition-the-badminton-library-of-sports-and-pastimes.pdf
    • http://www.gorillawalker.com/alan-young-show-photo-of-bank-robber-and-the-dog.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-customizing-your-ride.pdf
    • http://www.gorillawalker.com/a-young-person-s-guide-to-the-twelve-steps.pdf
    • http://www.gorillawalker.com/hearing-and-speaking-the-word-selections-from-the-works-of.pdf
    • http://www.gorillawalker.com/night-games-and-other-stories-and-novellas.pdf
    • http://www.gorillawalker.com/knight-of-the-north-norman-lords-book-two.pdf
    • http://www.gorillawalker.com/strangers-aliens-and-asians-huguenots-jews-and-bangladeshis-in-spitalfields.pdf
    • http://www.gorillawalker.com/the-kurds-and-the-state-evolving-national-identity-in-iraq.pdf
    • http://www.gorillawalker.com/the-custom-house-of-desire-a-half-century-of-surrealist.pdf
    • http://www.gorillawalker.com/prison-tattoos-a-study-of-russian-inmates-in-israel-springerbriefs.pdf
    • http://www.gorillawalker.com/shattered-lost-series-3.pdf
    • http://www.gorillawalker.com/excavations-at-aksum-memoirs-of-the-british-institute-in-eastern.pdf
    • http://www.gorillawalker.com/folktales-from-the-irish-countryside.pdf
    • http://www.gorillawalker.com/requiem-wab-39-original-version-1848-49-full-score-a2584.pdf
    • http://www.gorillawalker.com/if-you-don-t-have-big-breasts-put-ribbons-on.pdf
    • http://www.gorillawalker.com/journey-into-366-days-of-black-history.pdf
    • http://www.gorillawalker.com/the-northern-pacific.pdf
    • http://www.gorillawalker.com/training-for-warriors-the-ultimate-mixed-martial-arts-workout-by.pdf
    • http://www.gorillawalker.com/transactions-of-the-bristol-and-gloucestershire-archaeological-society-for-1965.pdf
    • http://www.gorillawalker.com/a-treatise-of-human-nature-large-print-edition.pdf
    • http://www.gorillawalker.com/can-america-survive-updated-edition-startling-revelations-and-promises-of.pdf
    • http://www.gorillawalker.com/cold-my-heart-the-lion-of-wales.pdf
    • http://www.gorillawalker.com/american-diabetes-association-complete-guide-to-diabetes-the-ultimate-home.pdf
    • http://www.gorillawalker.com/mileage-pro-the-insider-s-guide-to-frequent-flyer-programs.pdf
    • http://www.gorillawalker.com/the-photography-of-olympian-kevin-light-the-glenn-merry-q.pdf
    • http://www.gorillawalker.com/adobe-photoshop-elements-10-for-photographers-the-creative-use-of.pdf
    • http://www.gorillawalker.com/haunted-halloween-suite-piano-solos-for-young-pianists-educational-piano.pdf
    • http://www.gorillawalker.com/the-last-orange-a-lost-and-found-memoir.pdf
    • http://www.gorillawalker.com/the-container-principle-how-a-box-changes-the-way-we.pdf
    • http://www.gorillawalker.com/mis-poemes-de-la-sensualitat-catalan-edition.pdf
    • http://www.gorillawalker.com/from-father-to-son-wisdom-for-the-next-generation.pdf
    • http://www.gorillawalker.com/the-song-of-the-sea.pdf
    • http://www.gorillawalker.com/1996-people-entertainment-almanac.pdf
    • http://www.gorillawalker.com/advanced-baseball-advanced-strategy-skills-positional-play.pdf
    • http://www.gorillawalker.com/party-europe-2005-the-supplemental-guide-to-fun-and-social.pdf
    • http://www.gorillawalker.com/advanced-regression-in-excel-the-excel-statistical-master.pdf
    • http://www.gorillawalker.com/night-games-and-other-stories-and
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.