Malicious PDF — malware analysis report

Static analysis result for SHA-256 f5e22f5ad70463be…

MALICIOUS

PDF

42.5 KB Created: 2018-11-30 20:56:07 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 3fe4a8e6d2e48b7a153911efddad1a2a SHA-1: 3f556c80d864124c95a503270e18e42eb9260c72 SHA-256: f5e22f5ad70463be69b51ad9b5d0cca1ed79b5d2319dacf701d2e630e3c1f20d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/listening-to-children-being-and-becoming-contesting-early-childhood.pdf
    • http://www.gorillawalker.com/io-sono-piccola-ben-k-k-m-y-m-libro.pdf
    • http://www.gorillawalker.com/national-geographic-angry-birds-feathered-fun-facts-fill-ins-and.pdf
    • http://www.gorillawalker.com/the-language-of-trust-selling-ideas-in-a-world-of.pdf
    • http://www.gorillawalker.com/polymers-in-a-marine-environment.pdf
    • http://www.gorillawalker.com/superlux-smart-light-art-design-architecture-for-cities.pdf
    • http://www.gorillawalker.com/beginning-and-intermediate-algebra-with-connect-plus-math-hosted-by.pdf
    • http://www.gorillawalker.com/programmer-s-ultimate-security-deskref-your-programming-security-encyclopedia.pdf
    • http://www.gorillawalker.com/music-success-in-nine-weeks.pdf
    • http://www.gorillawalker.com/desertion-during-the-civil-war.pdf
    • http://www.gorillawalker.com/summer-skin-care-kindle-edition.pdf
    • http://www.gorillawalker.com/alfred-ultimate-christmas-instrumental-solos-trombone-book-cd.pdf
    • http://www.gorillawalker.com/simple-country-furniture-projects-in-1-12-scale.pdf
    • http://www.gorillawalker.com/geraubte-liebe-edition-f.pdf
    • http://www.gorillawalker.com/women-on-board-insider-secrets-to-getting-on-a-board.pdf
    • http://www.gorillawalker.com/the-curious-feminist-searching-for-women-in-a-new-age.pdf
    • http://www.gorillawalker.com/o-magnum-mysterium-vocal-score-oxford-choral-classics-octavos.pdf
    • http://www.gorillawalker.com/magnetism-experimenting-with-science.pdf
    • http://www.gorillawalker.com/sex-with-alexander-the-great-an-erotic-novella-sex-with.pdf
    • http://www.gorillawalker.com/today-is-the-day-shout-praises-kids.pdf
    • http://www.gorillawalker.com/introduction-to-radiologic-technology-6th-edition.pdf
    • http://www.gorillawalker.com/rhythmic-compositions-etudes-for-performance-and-sight-reading-intermediate-principal.pdf
    • http://www.gorillawalker.com/hathcock-burke-s-elephant-valley-hamburger-hunt-best-snipers-series.pdf
    • http://www.gorillawalker.com/the-hand-book-to-paris-or-traveller-s-guide-to.pdf
    • http://www.gorillawalker.com/los-angeles-cookery-cooking-in-america.pdf
    • http://www.gorillawalker.com/swamp-team-3-a-miss-fortune-mystery-book-4-kindle.pdf
    • http://www.gorillawalker.com/eat-ate.pdf
    • http://www.gorillawalker.com/blues-of-the-soul-once-upon-a-sometime.pdf
    • http://www.gorillawalker.com/reality-orientation.pdf
    • http://www.gorillawalker.com/florida-eh-a-canadian-guide-to-the-sunshine-state.pdf
    • http://www.gorillawalker.com/the-human-contribution.pdf
    • http://www.gorillawalker.com/the-trial-of-the-talmud-paris-1240-mediaeval-sources-in.pdf
    • http://www.gorillawalker.com/in-his-name-the-anglican-experience-in-upper-canada-1791.pdf
    • http://www.gorillawalker.com/a-dieta-de-south-beach-aditivada.pdf
    • http://www.gorillawalker.com/stress-and-health-biological-and-psychological-interactions-behavioral-medicine-and.pdf
    • http://www.gorillawalker.com/my-southern-home-the-south-and-its-people.pdf
    • http://www.gorillawalker.com/transactions-of-the-national-association-for-the-study-of-epilepsy.pdf
    • http://www.gorillawalker.com/finite-element-analysis.pdf
    • http://www.gorillawalker.com/archetypes-for-writers-using-the-power-of-your-subconscious.pdf
    • http://www.gorillawalker.com/fundamentals-of-network-security.pdf
    • http://www.gorillawalker.com/the-language-of-trust-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.