Malicious PDF — malware analysis report

Static analysis result for SHA-256 f48e92457b74fc5f…

MALICIOUS

PDF

41.8 KB Created: 2018-12-28 09:13:10 +03:00 Authoring application: FrameMaker 11.0 (via Acrobat Distiller 11.0 (Windows))
MD5: c9e2828ee6f188b0f7af1b54e90fff12 SHA-1: f01e4d130ef773e92ea399c659fffd12f233471c SHA-256: f48e92457b74fc5f69e60239f07bcce112e2319e620d1a65a85fc69b5606dbf2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, indicating a link farm or SEO abuse. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, many of which are to PDFs hosted on 'gorillawalker.com'. While no scripts were extracted, the sheer volume and nature of the embedded links suggest a malicious intent to manipulate search engine rankings or distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9526

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/anaxagoras-origen-and-neoplatonism-the-legacy-of-anaxagoras-to-classical.pdf
    • http://www.gorillawalker.com/jacques-p-pin-s-table-the-complete-today-s-gourmet.pdf
    • http://www.gorillawalker.com/automatic-extraction-of-man-made-objects-from-aerial-space-images.pdf
    • http://www.gorillawalker.com/lawn-tennis-and-badminton-supplement-for-aug-1-1959.pdf
    • http://www.gorillawalker.com/intermediate-algebra-with-p-o-w-e-r-learning-w.pdf
    • http://www.gorillawalker.com/nineteenth-century-music-california-studies-in-19th-century-music.pdf
    • http://www.gorillawalker.com/preparing-the-validation-master-plan-computer-systems-validation-life-cycle.pdf
    • http://www.gorillawalker.com/amazon-echo-users-guide-manual-to-amazon-echo-secret-tips.pdf
    • http://www.gorillawalker.com/table-manners-and-dining-out-emily-post-s-guidebooks-for.pdf
    • http://www.gorillawalker.com/automotive-and-apparel-trimmings-industry-cluster-report-download-pdf-digital.pdf
    • http://www.gorillawalker.com/compendium-of-pumped-storage-plants-in-the-united-states.pdf
    • http://www.gorillawalker.com/king-energy-the-rise-and-fall-of-an-industrial-empire.pdf
    • http://www.gorillawalker.com/infected-lesser-evils-kindle-edition.pdf
    • http://www.gorillawalker.com/snake-hips-belly-dancing-and-how-i-found-true-love.pdf
    • http://www.gorillawalker.com/holt-california-algebra-1-student-edition.pdf
    • http://www.gorillawalker.com/angus-and-sadie.pdf
    • http://www.gorillawalker.com/sap-hana-an-introduction-3rd-edition.pdf
    • http://www.gorillawalker.com/creating-conversations-improvisation-in-everyday-discourse-perspectives-on-creativity.pdf
    • http://www.gorillawalker.com/experimental-physics-a-text-book-of-mechanics-heat-sound-and.pdf
    • http://www.gorillawalker.com/sandcastle-kisses-a-billionaire-love-story-saltwater-kisses-book-4.pdf
    • http://www.gorillawalker.com/frogs-into-princes-the-introduction-to-neuro-linguistic-programming.pdf
    • http://www.gorillawalker.com/war-technology-and-experience-aboard-the-uss-monitor.pdf
    • http://www.gorillawalker.com/campaign-warriors-political-consultants-in-elections.pdf
    • http://www.gorillawalker.com/the-virus-kindle-edition.pdf
    • http://www.gorillawalker.com/afternoon-teas-homemade-bakes-and-party-cakes.pdf
    • http://www.gorillawalker.com/pvd-for-microelectronics-sputter-desposition-to-semiconductor-manufacturing.pdf
    • http://www.gorillawalker.com/how-to-cure-a-skin-disease-vitiligo.pdf
    • http://www.gorillawalker.com/heat-capacities-liquids-solutions-and-vapours.pdf
    • http://www.gorillawalker.com/negotiating-across-cultures-international-communication-in-an-interdependent-world.pdf
    • http://www.gorillawalker.com/bluefield-water-works-improvement-co-v-public-service-commission-of.pdf
    • http://www.gorillawalker.com/guide-to-musical-analysis.pdf
    • http://www.gorillawalker.com/kinder-liederbuch-noten-und-texte-der-bekanntesten-deutschen-kinderlieder-german.pdf
    • http://www.gorillawalker.com/the-complete-home-guide-to-aromatherapy.pdf
    • http://www.gorillawalker.com/observations-of-real-time-dynamic-changes-to-food-microstructure-using.pdf
    • http://www.gorillawalker.com/salmo-23-a-b.pdf
    • http://www.gorillawalker.com/michel-roux-s-finest-desserts.pdf
    • http://www.gorillawalker.com/handbook-of-basal-ganglia-structure-and-function-volume-24-handbook.pdf
    • http://www.gorillawalker.com/drawing-the-head-figure.pdf
    • http://www.gorillawalker.com/engineering-significance-of-statistical-and-temperature-induced-fracture-mechanics-toughness.pdf
    • http://www.gorillawalker.com/waukee-images-of-america.pdf
    • http://www.gorillawalker.com/nin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.