Malicious PDF — malware analysis report

Static analysis result for SHA-256 0a684a82536e726e…

MALICIOUS

PDF

35.8 KB Created: 2020-01-17 19:19:49 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: e97480db72400c65c33c54a4072170c4 SHA-1: afdf225bf5a0aa4f250bab835bd4578cc584a0ca SHA-256: 0a684a82536e726ecee46766274dbf5edc3ae84a5cbfd156c0aae2cd0b592f22
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged the PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/qui-n-manda-en-esta-casa-la-autoridad-paterna-y.pdf
    • http://www.gorillawalker.com/the-bossy-bitchy-bundle.pdf
    • http://www.gorillawalker.com/elected-the-elected-series-volume-1.pdf
    • http://www.gorillawalker.com/the-in-between-embracing-the-tension-between-now-and-the.pdf
    • http://www.gorillawalker.com/eat-your-eggs-kindle-edition.pdf
    • http://www.gorillawalker.com/mexicanos-second-edition-a-history-of-mexicans-in-the-united.pdf
    • http://www.gorillawalker.com/deer-resistant-landscaping-proven-advice-and-strategies-for-outwitting-deer.pdf
    • http://www.gorillawalker.com/alfred-maudslay-and-the-maya-a-biography.pdf
    • http://www.gorillawalker.com/caffeine-an-entry-from-thomson-gale-s-gale-encyclopedia-of.pdf
    • http://www.gorillawalker.com/radar-entomology-observing-insect-flight-and-migration.pdf
    • http://www.gorillawalker.com/formative-assessment-for-english-language-arts-a-guide-for-middle.pdf
    • http://www.gorillawalker.com/101-stories-of-the-great-ballets-the-scene-by-scene.pdf
    • http://www.gorillawalker.com/hypnotherapy-a-handbook-psychotherapy-handbooks-by-heap-michael-2012-paperback.pdf
    • http://www.gorillawalker.com/digital-electronics-through-project-analysis.pdf
    • http://www.gorillawalker.com/the-death-of-leisure-towards-the-next-resort.pdf
    • http://www.gorillawalker.com/the-collected-works-of-c-g-jung-vol-9-part.pdf
    • http://www.gorillawalker.com/ravaged-mmmf-group-domination-beast-erotica-book-6.pdf
    • http://www.gorillawalker.com/handel-s-oratorio-samson-in-vocal-score-with-a-separate.pdf
    • http://www.gorillawalker.com/sonar-bangla-agricultural-growth-and-agrarian-change-in-west-bengal.pdf
    • http://www.gorillawalker.com/the-new-public-health-second-edition-an-introduction-for-the.pdf
    • http://www.gorillawalker.com/the-morning-which-breaks-loralynn-kennakris-volume-2.pdf
    • http://www.gorillawalker.com/gardens-of-the-righteous.pdf
    • http://www.gorillawalker.com/the-dragons-return-tales-of-the-new-earth-book-1.pdf
    • http://www.gorillawalker.com/essentials-of-geometry.pdf
    • http://www.gorillawalker.com/healthy-clean-eating-recipes-free-range-chicken-discover-the-secrets.pdf
    • http://www.gorillawalker.com/what-to-expect-when-you-re-accepted-an-african-american.pdf
    • http://www.gorillawalker.com/you-can-do-it-bert-gecko-press-titles.pdf
    • http://www.gorillawalker.com/area-agencies-on-aging-an-entry-from-macmillan-reference-usa.pdf
    • http://www.gorillawalker.com/insight-compact-guide-brittany-serial.pdf
    • http://www.gorillawalker.com/mauritius-west-a-souvenir-collection-of-colour-photographs-with-captions.pdf
    • http://www.gorillawalker.com/reading-and-writing-short-arguments-powered-by-catalyst-2-0.pdf
    • http://www.gorillawalker.com/mysteries-of-beekeeping-explained.pdf
    • http://www.gorillawalker.com/secrets-of-opening-preparation-school-of-future-champions-vol-2.pdf
    • http://www.gorillawalker.com/from-telecommunications-to-electronic-services-a-global-spectrum-of-definitions.pdf
    • http://www.gorillawalker.com/finite-mathematics-third-custom-for-the-university-of-montana.pdf
    • http://www.gorillawalker.com/coaching-youth-basketball-coaching-youth-sports.pdf
    • http://www.gorillawalker.com/the-seven-day-mental-diet-how-to-change-your-life.pdf
    • http://www.gorillawalker.com/aux-jeunes-gens-par-pierre-kropotkine-french-edition.pdf
    • http://www.gorillawalker.com/cosmo-s-kinky-sex-games-erotic-adventures-that-ll-take.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-47-telecommunication-pt-0-19.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off00000209.js
c8102e6341d18a15d6aed6ec8011f5c09f52575959fc5ad288884099dd44b4c3		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x209 13385 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.