Malicious PDF — malware analysis report

Static analysis result for SHA-256 f68a28bf62891146…

MALICIOUS

PDF

42.4 KB Created: 2019-03-17 07:47:07 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: a35ead3923a08d4227b9ea0bf0ca4ed1 SHA-1: f74c0275617a4fcdac0baa6f5a70fac76b2c2a1f SHA-256: f68a28bf6289114676dfbde157d95edc63e8a930271cf3e6df61402f5b41656d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads disguised as legitimate documents. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/understanding-user-web-interactions-via-web-analytics-synthesis-lectures-on.pdf
    • http://www.gorillawalker.com/power-transmission-and-motion-control-ptmc-2000.pdf
    • http://www.gorillawalker.com/bill-of-fare-a-guide-to-hawaii-s-finest-restaurants.pdf
    • http://www.gorillawalker.com/how-to-beat-the-employment-game.pdf
    • http://www.gorillawalker.com/darker-the-dark-side.pdf
    • http://www.gorillawalker.com/subordinate-subjects-gender-the-political-nation-and-literary-form-in.pdf
    • http://www.gorillawalker.com/eyes-at-the-window.pdf
    • http://www.gorillawalker.com/delete-volume-3-shifter-series-kindle-edition.pdf
    • http://www.gorillawalker.com/chroniques-de-la-plantation-m.pdf
    • http://www.gorillawalker.com/living-in-denver.pdf
    • http://www.gorillawalker.com/aquatic-responses-to-watershed-clearcutting-implications-for-forestry-and-fisheries.pdf
    • http://www.gorillawalker.com/optical-fibres-and-their-applications-v-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/history-of-ambulance-company-number-139-wwi-centenary-series.pdf
    • http://www.gorillawalker.com/how-to-start-a-hobby-in-juggling-kindle-edition.pdf
    • http://www.gorillawalker.com/cuckolded-by-the-russian-billionaire.pdf
    • http://www.gorillawalker.com/journal-of-the-world-universities-forum-volume-3-number-1.pdf
    • http://www.gorillawalker.com/adventures-of-ulysses.pdf
    • http://www.gorillawalker.com/chinese-new-year-canadian-celebrations.pdf
    • http://www.gorillawalker.com/evaluacion-psicologica-modelos-y-tecnicas-psychological-assessment-models-and-techniques.pdf
    • http://www.gorillawalker.com/the-education-of-a-mathematician.pdf
    • http://www.gorillawalker.com/die-arbeitsunf-higkeits-bescheinigung-als-europ-isches-rechtsproblem-ein-vergleich.pdf
    • http://www.gorillawalker.com/diet-and-exercise-journal-black-cover-i-ve-got-this.pdf
    • http://www.gorillawalker.com/compendium-of-tourism-statistics.pdf
    • http://www.gorillawalker.com/fathers-preachers-rebels-men-black-masculinity-in-u-s-history.pdf
    • http://www.gorillawalker.com/food-and-culture.pdf
    • http://www.gorillawalker.com/after-the-fall-the-districts-volume-2-paperback.pdf
    • http://www.gorillawalker.com/danger-cosmetics-to-go-a-cosmetics-company-on-the-edge.pdf
    • http://www.gorillawalker.com/john-archibald-campbell-southern-moderate-1811-1889.pdf
    • http://www.gorillawalker.com/ghost-in-the-shell-volume-2-man-machine-interface-v.pdf
    • http://www.gorillawalker.com/keep-the-dream-2013-calendar.pdf
    • http://www.gorillawalker.com/precedent-memoirs-of-precedence-mountaintop-realness-go-ahead-and-jump.pdf
    • http://www.gorillawalker.com/robes-of-honour-khilat-in-pre-colonial-and-colonial-india.pdf
    • http://www.gorillawalker.com/education-and-the-kyoto-school-of-philosophy-pedagogy-for-human.pdf
    • http://www.gorillawalker.com/judge-me-not.pdf
    • http://www.gorillawalker.com/the-other-ones.pdf
    • http://www.gorillawalker.com/we-only-come-here-to-struggle-stories-from-berida-s.pdf
    • http://www.gorillawalker.com/aviones-supersonicos-supersonic-jets-vehiculos-de-alta-tecnologia-spanish-edition.pdf
    • http://www.gorillawalker.com/cross-border-insolvency-issues-of-conflict-of-laws-in-the.pdf
    • http://www.gorillawalker.com/how-to-create-a-website-in-under-30-minutes-make.pdf
    • http://www.gorillawalker.com/country-fair.pdf
    • http://www.gorillawalker.com/ch
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.