Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec8220bf06dc36c3…

MALICIOUS

PDF

43.9 KB Created: 2019-04-11 11:51:35 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: 0ea2a8893f6ea529847b538f125ed9d5 SHA-1: c07a3302714d924f4938ec0c1e87ac79b65df92e SHA-256: ec8220bf06dc36c3b8b14bba92f5590273eb6fa0f794f939e08db635af0c682d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-science-of-hockey.pdf
    • http://www.gorillawalker.com/the-journal-of-zak-aria-of-agulis-zakaria-aguletsu-oragrutiwne.pdf
    • http://www.gorillawalker.com/clustering-of-micro-industry-through-private-initiative-need-not-government.pdf
    • http://www.gorillawalker.com/learn-vba-fast-vol-iii-excel-function-design-course-with.pdf
    • http://www.gorillawalker.com/cases-in-advertising-and-marketing-management-real-situations-for-tomorrow.pdf
    • http://www.gorillawalker.com/aboriginal-sovereignty-reflections-on-race-state-nation.pdf
    • http://www.gorillawalker.com/introduction-to-reading-the-pentateuch.pdf
    • http://www.gorillawalker.com/gymnastics-sports-challenge.pdf
    • http://www.gorillawalker.com/the-annals-of-tacitus-volume-2-annals-1-55-81.pdf
    • http://www.gorillawalker.com/mort-a-paris-suspense-en-europe-french-edition.pdf
    • http://www.gorillawalker.com/new-password-5-a-reading-and-vocabulary-text-with-mp3.pdf
    • http://www.gorillawalker.com/early-views-of-india-picturesque-journeys-of-thomas-and-william.pdf
    • http://www.gorillawalker.com/alabama-wildlife-volume-2-imperiled-aquatic-mollusks-and-fishes.pdf
    • http://www.gorillawalker.com/illuminated-letters.pdf
    • http://www.gorillawalker.com/how-to-market-you-and-your-book.pdf
    • http://www.gorillawalker.com/god-s-favorite-house.pdf
    • http://www.gorillawalker.com/moon-nevada-moon-handbooks.pdf
    • http://www.gorillawalker.com/psychopathology-foundations-for-a-contemporary-understanding.pdf
    • http://www.gorillawalker.com/minecraft-construction-handbook-updated-edition-an-official-mojang-book.pdf
    • http://www.gorillawalker.com/dark-night-early-dawn-steps-to-a-deep-ecology-of.pdf
    • http://www.gorillawalker.com/an-introduction-to-public-health-and-epidemiology.pdf
    • http://www.gorillawalker.com/christina-rossetti-a-biography.pdf
    • http://www.gorillawalker.com/death-comes-to-the-circus-spirals.pdf
    • http://www.gorillawalker.com/the-liger-plague-the-liger-series-book-1.pdf
    • http://www.gorillawalker.com/the-productive-muslim-manifesto-10-essential-qualities-every-muslim-needs.pdf
    • http://www.gorillawalker.com/legacy-of-andrew-jackson-essays-on-democracy-indian-removal-and.pdf
    • http://www.gorillawalker.com/the-healthy-gut-workbook-whole-body-healing-for-heartburn-ulcers.pdf
    • http://www.gorillawalker.com/de-rerum-natura-v.pdf
    • http://www.gorillawalker.com/tips-for-teaching-call.pdf
    • http://www.gorillawalker.com/a-station-favorable-to-the-pursuits-of-science-primary-materials.pdf
    • http://www.gorillawalker.com/6-motivos-para-una-lectura-en-viernes-13-spanish-edition.pdf
    • http://www.gorillawalker.com/then-and-now-usborne-talkabout-books.pdf
    • http://www.gorillawalker.com/the-collaring-ceremony-his-pov-brie-book-11.pdf
    • http://www.gorillawalker.com/electronic-and-automatic-transmissions-shop-manual.pdf
    • http://www.gorillawalker.com/i-remember-miss-perry.pdf
    • http://www.gorillawalker.com/el-karina-narrativa-colombiana-spanish-edition.pdf
    • http://www.gorillawalker.com/houston-texans-101-my-first-team-board-book.pdf
    • http://www.gorillawalker.com/seabirds-on-islands-threats-case-studies-and-action-plans-bird.pdf
    • http://www.gorillawalker.com/whip-appeal.pdf
    • http://www.gorillawalker.com/justification-by-an-imputed-righteousness.pdf
    • http://www.gorillawalker.com/learn-vba-fast-vol-iii-excel-fu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.