Malicious PDF — malware analysis report

Static analysis result for SHA-256 f234d9f1d7618ec2…

MALICIOUS

PDF

48.1 KB Created: 2018-12-14 20:31:01 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: b78ec34b48ae7210d4faf24d0520801a SHA-1: 66d26b396b35d649b1c70050668254abc2a58d8a SHA-256: f234d9f1d7618ec25fa9660c0dfb24025f9751c79d0d33391d90caca27fdb4f0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded external links, indicating a potential SEO poisoning or link farm attack. The embedded URLs point to various PDF documents hosted on 'gorillawalker.com', suggesting a coordinated effort to distribute content or manipulate search results. No scripts were extracted, but the sheer volume of links points to a malicious intent to lure users or affect search engine visibility.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8262

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ruppel-s-manual-of-pulmonary-function-testing-10e-by-carl.pdf
    • http://www.gorillawalker.com/using-designed-experiments-to-shrink-health-care-costs.pdf
    • http://www.gorillawalker.com/awesome-is-everywhere.pdf
    • http://www.gorillawalker.com/origins-of-the-cold-war-the-novikov-kennan-and-roberts.pdf
    • http://www.gorillawalker.com/the-dream-of-max-and-ronnie-new-stories-from-the.pdf
    • http://www.gorillawalker.com/naked-women-pic-look-at-this-arousing-naked-women-pic.pdf
    • http://www.gorillawalker.com/tropospheric-ozone-abatement-developing-efficient-strategies-for-the-reduction-of.pdf
    • http://www.gorillawalker.com/wordweaving-volume-ii-the-question-is-the-answer.pdf
    • http://www.gorillawalker.com/mickey-mouse-clubhouse-top-o-the-clubhouse-includes-stickers.pdf
    • http://www.gorillawalker.com/recipes-for-ground-beef-sunset-cook-books.pdf
    • http://www.gorillawalker.com/sissy-the-genie-feminization-and-gender-swap-sissy-stories-book.pdf
    • http://www.gorillawalker.com/funniest-uncensored-adult-jokes-hilarious-adult-memes-book-1-uncensored.pdf
    • http://www.gorillawalker.com/bibliotheca-selectissima-sive-catalogus-librorum-in-omni-genere-scientiarum-rarissimorum.pdf
    • http://www.gorillawalker.com/una-chica-sin-igual-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/prana-and-pranayama.pdf
    • http://www.gorillawalker.com/out-of-the-closet-onto-the-stage-an-anthology-of.pdf
    • http://www.gorillawalker.com/cengagenow-with-ebook-2-terms-12-months-printed-access-card.pdf
    • http://www.gorillawalker.com/chartered-public-relations-lessons-from-expert-practitioners.pdf
    • http://www.gorillawalker.com/4-lieder-op-27-morgen-no-4-for-voice-and.pdf
    • http://www.gorillawalker.com/fighter-pilot-on-a-mission.pdf
    • http://www.gorillawalker.com/painting-the-human-figure-ideas-and-perception.pdf
    • http://www.gorillawalker.com/et-tu-babe-vintage-contemporaries-kindle-edition.pdf
    • http://www.gorillawalker.com/sulphonation-technology-in-the-detergent-industry.pdf
    • http://www.gorillawalker.com/lutherged-chtnis-1817-bis-2017-refo500-academic-studies-german-edition.pdf
    • http://www.gorillawalker.com/the-practical-method-of-web-analytics-consultants-sumire-project-japanese.pdf
    • http://www.gorillawalker.com/the-professional-singer-s-handbook-the-complete-guidebook-for-becoming.pdf
    • http://www.gorillawalker.com/transkranielle-doppler-sonographie-bei-zerebrovaskul-ren-erkrankungen-german-edition.pdf
    • http://www.gorillawalker.com/equal-or-greater-force-developing-the-proper-mindset-in-order.pdf
    • http://www.gorillawalker.com/korea-1950-1953-prisoners-of-war-the-british-army.pdf
    • http://www.gorillawalker.com/radiology-casebook-for-medical-students.pdf
    • http://www.gorillawalker.com/los-suizos-en-la-argentina-spanish-edition.pdf
    • http://www.gorillawalker.com/holiday-travel-march-1954-in-africa-and-overseas-by-air.pdf
    • http://www.gorillawalker.com/capability-cases-a-solution-envisioning-approach.pdf
    • http://www.gorillawalker.com/la-politique-du-paraguay-identit-de-cette-politique-avec-celle.pdf
    • http://www.gorillawalker.com/flight-management-systems-the-evolution-of-avionics-and-navigation-technology.pdf
    • http://www.gorillawalker.com/there-is-a-cure-for-diabetes-revised-edition-the-21.pdf
    • http://www.gorillawalker.com/ethical-slut-kindle-edition.pdf
    • http://www.gorillawalker.com/carmen-la-coja-peel-my-love-like-an-onion-texto.pdf
    • http://www.gorillawalker.com/the-classic-chinese-novel-a-critical-introduction.pdf
    • http://www.gorillawalker.com/le-avventure-di-pinocchio-italian-language-audiobook-in-mp3-format.pdf
    • http://www.gorillawalker.com/tropospheric-ozone-abatement-d
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.