Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebd37848db72c980…

MALICIOUS

PDF

44.0 KB Created: 2018-12-03 17:05:06 +03:00 Authoring application: Adobe Acrobat 6.0 (via Adobe Acrobat 6.0 Paper Capture Plug-in)
MD5: a9cfb26833e2254f1b8fcced6c2ee110 SHA-1: b2efc2f3bc82a614617793129c7f3195d6fb5ce2 SHA-256: ebd37848db72c980bd8cdaf4fab56c20886fa7f6936ca11601741b72a6e7dcce
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, directing users to a large collection of PDFs hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dante-s-christian-astrology-middle-ages-series.pdf
    • http://www.gorillawalker.com/wealth-dominators.pdf
    • http://www.gorillawalker.com/kaplan-lsat-premier-2015-with-6-real-practice-tests-book.pdf
    • http://www.gorillawalker.com/design-of-composite-structures-eurocode-4-design-of-composite-steel.pdf
    • http://www.gorillawalker.com/a-naughty-moon-a-gay-romance.pdf
    • http://www.gorillawalker.com/romantic-science-and-the-experience-of-self-transatlantic-crosscurrents-from.pdf
    • http://www.gorillawalker.com/ancient-egypt-prepack.pdf
    • http://www.gorillawalker.com/the-straight-guy.pdf
    • http://www.gorillawalker.com/american-decades-primary-sources-1940-1949.pdf
    • http://www.gorillawalker.com/queer-excursions-retheorizing-binaries-in-language-gender-and-sexuality-studies.pdf
    • http://www.gorillawalker.com/the-multivariate-social-scientist-introductory-statistics-using-generalized-linear-models.pdf
    • http://www.gorillawalker.com/too-big-to-fail-the-inside-story-of-how-wall.pdf
    • http://www.gorillawalker.com/the-duck-who-played-the-kazoo.pdf
    • http://www.gorillawalker.com/charley-s-choice-the-life-and-times-of-charley-parkhurst.pdf
    • http://www.gorillawalker.com/journeys-in-the-primal-forest-age-of-eternal-fire-book.pdf
    • http://www.gorillawalker.com/dictionnaire-des-marques-motocyclistes-de-la-seine-french-edition.pdf
    • http://www.gorillawalker.com/immunological-investigation-of-human-virus-diseases-practical-methods-in-clinical.pdf
    • http://www.gorillawalker.com/alto-rhapsody-song-of-destiny-n-nie-and-song-of.pdf
    • http://www.gorillawalker.com/erotic-photography-anime-army-1-erotic-sex-stories-erotic-photography.pdf
    • http://www.gorillawalker.com/tragedy-to-triumph-a-memoir.pdf
    • http://www.gorillawalker.com/lotteries-in-colonial-america-studies-in-american-popular-history-and.pdf
    • http://www.gorillawalker.com/outsourcing-treasury-management-an-article-from-journal-of-accountancy-html.pdf
    • http://www.gorillawalker.com/yoljuluk-random-thoughts-on-a-life-in-imperial-turkey.pdf
    • http://www.gorillawalker.com/how-to-build-fiberglass-hot-rods-customs-and-kit-cars.pdf
    • http://www.gorillawalker.com/ayurvedic-technical-studies-and-herbal-cosmetics-of-ancient-india.pdf
    • http://www.gorillawalker.com/the-bravest-blacksmith-cover-to-cover-books.pdf
    • http://www.gorillawalker.com/cynthia-doyle-nurse-in-love-73-romance-comic-1963.pdf
    • http://www.gorillawalker.com/the-book-of-italian-wisdom.pdf
    • http://www.gorillawalker.com/the-woman-with-a-cubed-head-the-new-issues-press.pdf
    • http://www.gorillawalker.com/a-preface-to-romans-notes-on-the-epistle-in-its.pdf
    • http://www.gorillawalker.com/who-built-the-ark-an-african-american-spiritual.pdf
    • http://www.gorillawalker.com/return-to-oneness-with-spirit-through-pan-gu-shen-gong.pdf
    • http://www.gorillawalker.com/the-stone-of-acumen-raina-s-vow-wendael-ravens-volume.pdf
    • http://www.gorillawalker.com/the-sanctification-of-don-quixote-from-hidalgo-to-priest.pdf
    • http://www.gorillawalker.com/winnie-waldorf.pdf
    • http://www.gorillawalker.com/acupuncture-for-breast-cancer-simplified-an-illustrated-guide.pdf
    • http://www.gorillawalker.com/flashman-the-flashman-papers-by-fraser-george-macdonald-new-edition.pdf
    • http://www.gorillawalker.com/red-handed-in-roman-e-conti-winemaker-detective.pdf
    • http://www.gorillawalker.com/a-telegram-from-marcel-duchamp.pdf
    • http://www.gorillawalker.com/the-mountain-biker-s-training-bible-by-joe-friel-jun.pdf
    • http://www.gorillawalker.com/a-nau
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.