Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7cc35d1c4134ff0…

MALICIOUS

PDF

46.8 KB Created: 2018-11-30 20:37:31 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: 2fc4b9af94e83e381cd54e75a6b5d800 SHA-1: 8eea739bf9545ec17c75eedc7d02d964a32c1cba SHA-256: f7cc35d1c4134ff06e3592474574b58e7317f34ac7e26bdb6f55686032518399
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a high volume of content, which can be a vector for malware distribution. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/easton-images-of-america-maryland.pdf
    • http://www.gorillawalker.com/buick-lacrosse-automotive-repair-manual-2005-13-haynes-automotive-repair.pdf
    • http://www.gorillawalker.com/c-programming-language-2nd-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/luxe-dubai-luxe-city-guides.pdf
    • http://www.gorillawalker.com/the-myth-of-the-model-minority-asian-americans-facing-racism.pdf
    • http://www.gorillawalker.com/photographs-at-the-frontier-aby-warburg-in-america-1895-1896.pdf
    • http://www.gorillawalker.com/cuckolded-in-space.pdf
    • http://www.gorillawalker.com/chinese-flash-cards-kit-volume-1-characters-1-349-hsk.pdf
    • http://www.gorillawalker.com/a-pledge-of-love-the-anabaptist-sacramental-theology-of-balthasar.pdf
    • http://www.gorillawalker.com/music-minus-one-piano-beethoven-piano-concerto-no-4-in.pdf
    • http://www.gorillawalker.com/anales-de-la-sociedad-cientifica-argentina-volume-27-spanish-edition.pdf
    • http://www.gorillawalker.com/hearing-aids-2nd-second-edition-by-dillon-harvey-published-by.pdf
    • http://www.gorillawalker.com/by-singer-katie-the-garden-of-fertility-a-guide-to.pdf
    • http://www.gorillawalker.com/the-fallen-angle-harbinger-of-doom-volume-2.pdf
    • http://www.gorillawalker.com/the-foot-s-connection-to-chronic-pain-the-breakthrough-discovery.pdf
    • http://www.gorillawalker.com/natural-law-reconsidered-the-ethics-of-human-liberation.pdf
    • http://www.gorillawalker.com/pool-pussycat-the-high-stakes-for-a-gambler-s-wife.pdf
    • http://www.gorillawalker.com/never-sound-retreat-the-lost-regiment-6.pdf
    • http://www.gorillawalker.com/antibio-2-the-control-wars-volume-2.pdf
    • http://www.gorillawalker.com/mary-engelbreit-s-a-model-year-2010-mini-wall-calendar.pdf
    • http://www.gorillawalker.com/living-on-live-food.pdf
    • http://www.gorillawalker.com/pollyanna.pdf
    • http://www.gorillawalker.com/thyristor-based-facts-controllers-for-electrical-transmission-systems.pdf
    • http://www.gorillawalker.com/practical-guide-to-fares-ticketing-3rd-edition-by-semer-purzycki.pdf
    • http://www.gorillawalker.com/colorado-handbook-denver-aspen-durango-mesa-verde-and-rocky-mountain.pdf
    • http://www.gorillawalker.com/the-unity-of-science-routledge-revivals.pdf
    • http://www.gorillawalker.com/sack-on-defamation-libel-slander-and-related-problems-april-2015.pdf
    • http://www.gorillawalker.com/introduction-to-orthotics-a-clinical-reasoning-and-problem-solving-approach.pdf
    • http://www.gorillawalker.com/optical-technology-and-wideband-local-networks-proceedings-of-a-royal.pdf
    • http://www.gorillawalker.com/race-and-racism-essays-in-social-geography.pdf
    • http://www.gorillawalker.com/psycho-save-us-the-psycho-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/exile-and-displacement-survivors-of-the-nazi-persecution-remember-the.pdf
    • http://www.gorillawalker.com/rebels-of-europa-europa-base-one-volume-2-paperback.pdf
    • http://www.gorillawalker.com/nazi-childhood-a.pdf
    • http://www.gorillawalker.com/register-of-qualified-huguenot-ancestors-of-the-national-huguenot-society.pdf
    • http://www.gorillawalker.com/l-entre-monde-1-origine-french-edition.pdf
    • http://www.gorillawalker.com/hands-on-django-going-beyond-the-polls.pdf
    • http://www.gorillawalker.com/companion-to-my-tears-working-through-the-process-of-bereavement.pdf
    • http://www.gorillawalker.com/a-year-on-the-garden-path-a-52-week-organic.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-aluminum-sheet-metal-culverts.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.