Malicious PDF — malware analysis report

Static analysis result for SHA-256 01580fe8629b467e…

MALICIOUS

PDF

41.3 KB Created: 2019-01-06 08:09:27 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: d5170fb9544be961b9a3094e534ab657 SHA-1: 1bb053dfee277e1fc2a599e5175f966949a48c06 SHA-256: 01580fe8629b467e10854d649610a0f2e68df6b0c4c1d6afc5071a6f3490c484
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a heuristic firing for a large number of external PDF links, all hosted on the domain 'www.gorillawalker.com'. This suggests a link farm or distribution mechanism. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the immediate user-facing content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/caribbean-studies-for-cape-examinations-an-interdisciplinary-approach.pdf
    • http://www.gorillawalker.com/basic-pharmacology-for-nurses-textbook-only.pdf
    • http://www.gorillawalker.com/global-software-development-handbook-applied-software-engineering-series-print-replica.pdf
    • http://www.gorillawalker.com/torquay-paignton-totnes-dartmouth-kingsbridge-brixham-salcombe-kingkerswell-kingswear-abbotskerwell.pdf
    • http://www.gorillawalker.com/ancient-mystery-cults-carl-newell-jackson-lectures.pdf
    • http://www.gorillawalker.com/who-s-that-woman-in-the-mirror-the-art-of.pdf
    • http://www.gorillawalker.com/the-gooey-chewy-contest-book-shop-level-n.pdf
    • http://www.gorillawalker.com/stop-sciatic-pain-information-and-yoga-exercises-to-heal-sciatic.pdf
    • http://www.gorillawalker.com/in-my-own-way-an-autobiography-kindle-edition.pdf
    • http://www.gorillawalker.com/gps-and-galileo-dual-rf-front-end-receiver-and-design.pdf
    • http://www.gorillawalker.com/oxford-handbook-of-obstetrics-and-gynaecology-oxford-handbooks-series.pdf
    • http://www.gorillawalker.com/choosing-and-using-astronomical-eyepieces-the-patrick-moore-practical-astronomy.pdf
    • http://www.gorillawalker.com/the-history-of-sexuality-vol-2-the-use-of-pleasure.pdf
    • http://www.gorillawalker.com/california-painters-1900-1950.pdf
    • http://www.gorillawalker.com/bolt-boy-vs-the-gaslight-gang-a-memoir-with-mystery.pdf
    • http://www.gorillawalker.com/the-second-indochina-war-a-concise-political-and-military-history.pdf
    • http://www.gorillawalker.com/the-times-of-botchan-vol-2-of-10.pdf
    • http://www.gorillawalker.com/composing-a-life-s-work-writing-citizenship-and-your-occupation.pdf
    • http://www.gorillawalker.com/prehistoire-le-programme-en-s-amusant-ha-ha-ha-t.pdf
    • http://www.gorillawalker.com/recorder-playing-composer-steve-rosenberg.pdf
    • http://www.gorillawalker.com/the-shorter-catechism-explained-from-scripture-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-play-coach-winning-slo-pitch.pdf
    • http://www.gorillawalker.com/finite-element-simulations-with-ansys-workbench-15.pdf
    • http://www.gorillawalker.com/fictions-of-dignity-embodying-human-rights-in-world-literature.pdf
    • http://www.gorillawalker.com/dark-albion-a-requiem-for-the-english.pdf
    • http://www.gorillawalker.com/framing-software-reuse-lessons-from-the-real-world.pdf
    • http://www.gorillawalker.com/death-note-06-german-edition.pdf
    • http://www.gorillawalker.com/latin-dance-the-american-dance-floor.pdf
    • http://www.gorillawalker.com/claimed-a-bbw-paranormal-romance.pdf
    • http://www.gorillawalker.com/music-in-ancient-arabia-spain-being-la-musica-de-las.pdf
    • http://www.gorillawalker.com/the-very-naughty-joke-book.pdf
    • http://www.gorillawalker.com/the-gay-frat-hazing-secrets-complete-series-bundle-books-1.pdf
    • http://www.gorillawalker.com/the-official-preptest-40.pdf
    • http://www.gorillawalker.com/futa-nursing-coach-futa-fertility-treatment-3-futa-on-female.pdf
    • http://www.gorillawalker.com/the-nigger-of-the-narcissus-classic-20th-century-penguin.pdf
    • http://www.gorillawalker.com/economic-abundance-an-introduction.pdf
    • http://www.gorillawalker.com/italy-country-files.pdf
    • http://www.gorillawalker.com/aerial-photography-catalogue.pdf
    • http://www.gorillawalker.com/the-logic-of-failure-why-things-go-wrong-and-what.pdf
    • http://www.gorillawalker.com/engineering-economics-of-alternative-energy-sources.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.