Malicious PDF — malware analysis report

Static analysis result for SHA-256 f69e67e0bb2a8d6f…

MALICIOUS

PDF

45.9 KB Created: 2018-11-30 20:09:09 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: 0ed8bbdcffdf3ed0d5b8818bd4969723 SHA-1: 245b9c4f037a491867274d0e979e7402e8034a39 SHA-256: f69e67e0bb2a8d6f5fd0b5187544f2da3184a74a26cb10b1adcda1e734b9a26b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gazza-ladra-overture.pdf
    • http://www.gorillawalker.com/the-collected-poems-of-glyn-jones.pdf
    • http://www.gorillawalker.com/family-caregiving-across-the-lifespan-family-caregiver-applications-series.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-12-banks-and-banking-pt.pdf
    • http://www.gorillawalker.com/seventh-day-adventist-contributions-to-east-africa-1903-1983-archives.pdf
    • http://www.gorillawalker.com/the-red-steam-revolution-break-burn-end-n-1-spanish.pdf
    • http://www.gorillawalker.com/dk-pocket-world-atlas-kit-books-plus.pdf
    • http://www.gorillawalker.com/electric-motor-control-fundamentals.pdf
    • http://www.gorillawalker.com/regression-a-second-course-in-statistics-wiley-series-in-probability.pdf
    • http://www.gorillawalker.com/cset-social-science-114-115-teacher-certification-test-prep-study.pdf
    • http://www.gorillawalker.com/iamsar-manual-2010-v-ii.pdf
    • http://www.gorillawalker.com/alanis-morissette-under-rug-swept-guitar-songbook-edition.pdf
    • http://www.gorillawalker.com/twilight-tours-an-illustrated-guide-to-the-real-forks.pdf
    • http://www.gorillawalker.com/my-first-body-book-dk-games.pdf
    • http://www.gorillawalker.com/legendary-sites-of-the-ancient-world-an-illustrated-guide-to.pdf
    • http://www.gorillawalker.com/coming-out-of-the-ice.pdf
    • http://www.gorillawalker.com/business-is-a-contact-sport.pdf
    • http://www.gorillawalker.com/dark-tide-the-great-boston-molasses-flood-of-1919.pdf
    • http://www.gorillawalker.com/the-brain-a-beginner-s-guide-beginner-s-guides.pdf
    • http://www.gorillawalker.com/rondeau-bourr-e-menuet-badinerie-ensemble-dreiklang-berlin-from-the.pdf
    • http://www.gorillawalker.com/act-prep-test-vocabulary-words-commonly-confused-flash-cards-cram.pdf
    • http://www.gorillawalker.com/highland-hawk-highland-brides-7-highland-heroes.pdf
    • http://www.gorillawalker.com/the-descent-of-air-india-kindle-edition.pdf
    • http://www.gorillawalker.com/cbt-lostech.pdf
    • http://www.gorillawalker.com/do-the-kind-thing-think-boundlessly-work-purposefully-live-passionately.pdf
    • http://www.gorillawalker.com/poverty-and-inequality-the-political-economy-of-redistribution.pdf
    • http://www.gorillawalker.com/oedipus-plays-oedipus-tyrannos-oedpius-at-kolonos-antigone.pdf
    • http://www.gorillawalker.com/forex-para-principiantes-aprende-a-hacer-dinero-con-forex-forex.pdf
    • http://www.gorillawalker.com/animal-riddles-riddle-me-this.pdf
    • http://www.gorillawalker.com/the-betrayal-the-secret-the-burning-the-fear-street-saga.pdf
    • http://www.gorillawalker.com/the-new-science-of-astrobiology-from-genesis-of-the-living.pdf
    • http://www.gorillawalker.com/fantasia-on-a-theme-by-thomas-tallis-and-other-works.pdf
    • http://www.gorillawalker.com/the-first-cut-chloe-by-design.pdf
    • http://www.gorillawalker.com/agricultural-bibliography-of-maine-biographical-sketches-of-maine-writers-on.pdf
    • http://www.gorillawalker.com/let-s-go-map-guide-boston-4th-ed.pdf
    • http://www.gorillawalker.com/methods-of-group-exercise-instruction-3rd-edition-with-online-video.pdf
    • http://www.gorillawalker.com/a-painted-house-john-grisham.pdf
    • http://www.gorillawalker.com/more-than-football-in-the-blood.pdf
    • http://www.gorillawalker.com/1000-basic-phrases-english-georgian-chitchat-worldwide-kindle-edition.pdf
    • http://www.gorillawalker.com/summer-storm-prince-of-hell.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.