Malicious PDF — malware analysis report

Static analysis result for SHA-256 08241acc2045f593…

MALICIOUS

PDF

35.4 KB Created: 2019-12-14 09:09:20 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5.1) (via Adobe PDF Library 9.9)
MD5: 24f38ec0543f66278f85457e0d4fe693 SHA-1: f99f251e0cf2f50e4e2faa52802eb260c7052049 SHA-256: 08241acc2045f5931228aec15f3d924286cfdf4cbeb99932905e6bad2a5841d4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7832

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/voices-from-the-quarters-the-fiction-of-ernest-j-gaines.pdf
    • http://www.gorillawalker.com/the-chesapeake-tales-scales-selected-short-stories-from-the-chesapeake.pdf
    • http://www.gorillawalker.com/the-language-of-jokes-analyzing-verbal-play-interface.pdf
    • http://www.gorillawalker.com/mediated-authenticity-how-the-media-constructs-reality.pdf
    • http://www.gorillawalker.com/gis-implementation-for-water-and-wastewater-treatment-facilities-wef-manual.pdf
    • http://www.gorillawalker.com/gender-bent-newlywed-miss-mary-s-futa-harem-1-futa.pdf
    • http://www.gorillawalker.com/warcraft-war-of-the-ancients-1-the-well-of-eternity.pdf
    • http://www.gorillawalker.com/changing-the-seen-shaping-the-unseen.pdf
    • http://www.gorillawalker.com/the-mind-of-mahamudra-advice-from-the-kagyu-masters-tibetan.pdf
    • http://www.gorillawalker.com/holism-and-complementary-medicine-origins-and-principles.pdf
    • http://www.gorillawalker.com/warren-buffett-and-the-art-of-stock-arbitrage-proven-strategies.pdf
    • http://www.gorillawalker.com/physical-chemistry-methods-techniques-and-experiments-saunders-golden-sunburst-series.pdf
    • http://www.gorillawalker.com/hot-glazed-donut-shop-diva-serial-miranda-s-book-1.pdf
    • http://www.gorillawalker.com/finland-business-law-handbook.pdf
    • http://www.gorillawalker.com/trekking-in-ladakh-3rd-india-trekking-guides.pdf
    • http://www.gorillawalker.com/aperitif-stylish-drinks-and-recipes-for-the-cocktail-hour.pdf
    • http://www.gorillawalker.com/i-spy-a-game-to-read-and-play-step-into.pdf
    • http://www.gorillawalker.com/household-worms.pdf
    • http://www.gorillawalker.com/puppets-and-performing-objects-a-practical-guide.pdf
    • http://www.gorillawalker.com/basic-college-mathematics-with-early-integers.pdf
    • http://www.gorillawalker.com/the-generative-principle-of-political-constitutions-studies-on-sovereignty-religion.pdf
    • http://www.gorillawalker.com/surface-acoustic-wave-filters-second-edition-with-applications-to-electronic.pdf
    • http://www.gorillawalker.com/secrets-of-mental-math-the-mathemagician-s-guide-to-lightning.pdf
    • http://www.gorillawalker.com/star-wars-the-clone-wars-the-sith-hunters-star-wars.pdf
    • http://www.gorillawalker.com/ert-s-theatrical-costumes-in-full-color.pdf
    • http://www.gorillawalker.com/boomers-visions-of-the-i-new-i-retirement.pdf
    • http://www.gorillawalker.com/rhythms-and-colors-video.pdf
    • http://www.gorillawalker.com/an-elementary-primer-for-gauge-theory-kindle-edition.pdf
    • http://www.gorillawalker.com/nuclear-weapons-under-international-law.pdf
    • http://www.gorillawalker.com/enzymes-the-key-to-health-the-fundamentals.pdf
    • http://www.gorillawalker.com/zombifrieze-a-zombie-graphic-novel.pdf
    • http://www.gorillawalker.com/mujeres-alteradas-2-women-on-the-edge-maitena-spanish-edition.pdf
    • http://www.gorillawalker.com/the-selfie-book-taking-and-making-the-best-selfies-belfies.pdf
    • http://www.gorillawalker.com/the-triangle-histories-of-the-civil-war-leaders-james-longstreet.pdf
    • http://www.gorillawalker.com/the-absence.pdf
    • http://www.gorillawalker.com/poppo-of-the-popcorn-theatre-issues-1-and-2-golden.pdf
    • http://www.gorillawalker.com/mandala-of-the-enlightened-feminine-awaken-the-wisdom-of-the.pdf
    • http://www.gorillawalker.com/make-pinterest-work-for-your-business-the-complete-guide-to.pdf
    • http://www.gorillawalker.com/viking-s-embrace-kindle-edition.pdf
    • http://www.gorillawalker.com/social-commerce-marketing-technology-and-management-springer-texts-in-business.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.