Malicious PDF — malware analysis report

Static analysis result for SHA-256 0e528fac8e956ee6…

MALICIOUS

PDF

43.9 KB Created: 2019-04-07 18:03:29 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: a67b706d4c55c84ec5f08c2ce649cdf5 SHA-1: af3652c113166a94336a31ea459c3f6b985c3457 SHA-256: 0e528fac8e956ee62b9ab2b81c04b723fd9e09da9f07568a13f10ae239aaca3d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on gorillawalker.com, suggesting a potential SEO manipulation scheme or a method to distribute further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/davidson-s-principles-and-practice-of-medicine-with-student-consult.pdf
    • http://www.gorillawalker.com/a-history-of-science-v-2.pdf
    • http://www.gorillawalker.com/the-law-affecting-engineers-being-a-concise-statement-of-the.pdf
    • http://www.gorillawalker.com/chess-strategy-full-image-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/realidades-2014-communication-workbook-with-test-preparation-level-1.pdf
    • http://www.gorillawalker.com/anatomical-chart-company-s-illustrated-pocket-anatomy-the-circulatory-system.pdf
    • http://www.gorillawalker.com/chocolate-covered-cherries-esther-price-s-memories.pdf
    • http://www.gorillawalker.com/drawing-with-colored-pencils-step-by-step-risuem-tsvetnymi-karandashami.pdf
    • http://www.gorillawalker.com/kitab-al-athar-of-imam-abu-hanifah.pdf
    • http://www.gorillawalker.com/the-high-court-of-chivalry-a-study-in-the-civil.pdf
    • http://www.gorillawalker.com/mysticism-and-sacred-scripture.pdf
    • http://www.gorillawalker.com/how-i-learned-to-snap-a-small-town-coming-of.pdf
    • http://www.gorillawalker.com/urban-rivers-remaking-rivers-cities-and-space-in-europe-and.pdf
    • http://www.gorillawalker.com/breaking-in-the-boobs-bold-black-and-bi-desires-book.pdf
    • http://www.gorillawalker.com/poland-road-map-woth-separate-index-1-750-000.pdf
    • http://www.gorillawalker.com/fundamentals-of-astrodynamics-and-applications-2nd-ed-the-space-technology.pdf
    • http://www.gorillawalker.com/to-be-healed-by-the-earth.pdf
    • http://www.gorillawalker.com/paul-robeson-hero-before-his-time-biographies.pdf
    • http://www.gorillawalker.com/silent-creed-ryder-creed-novel-a.pdf
    • http://www.gorillawalker.com/cool-cars-cartooning-learn-the-art-of-cartooning-step-by.pdf
    • http://www.gorillawalker.com/troubled-souls-from-japanese-noh-plays-of-the-fourth-group.pdf
    • http://www.gorillawalker.com/when-god-builds-a-church-10-principles-for-growing-a.pdf
    • http://www.gorillawalker.com/you-call-it-sports-but-i-say-it-s-a.pdf
    • http://www.gorillawalker.com/mastering-public-administration-from-max-weber-to-dwight-waldo-chatham.pdf
    • http://www.gorillawalker.com/whale-sharks.pdf
    • http://www.gorillawalker.com/green-s-functions-and-boundary-value-problems.pdf
    • http://www.gorillawalker.com/total-health-at-the-computer-a-how-to-guide-to.pdf
    • http://www.gorillawalker.com/international-family-law-an-introduction.pdf
    • http://www.gorillawalker.com/welding-theory-and-application-technical-manual-instruction-guide-tm-9.pdf
    • http://www.gorillawalker.com/shikitei-samba-and-the-comic-tradition-in-edo-fiction-harvard.pdf
    • http://www.gorillawalker.com/toxic-communities-environmental-racism-industrial-pollution-and-residential-mobility.pdf
    • http://www.gorillawalker.com/the-allure-of-chanel.pdf
    • http://www.gorillawalker.com/fodor-s-paris-2009-fodor-s-gold-guides.pdf
    • http://www.gorillawalker.com/traditional-chinese-medicine-in-the-united-states-in-search-of.pdf
    • http://www.gorillawalker.com/fidel-castro-antologia-minima-spanish-edition.pdf
    • http://www.gorillawalker.com/andalus-moorish-songs-of-love-and-wine-poetry-of-place.pdf
    • http://www.gorillawalker.com/star-wars-el-imperio-volumen-1-star-wars-empire-volume.pdf
    • http://www.gorillawalker.com/keeping-score-music-disciplinarity-culture-knowledge-disciplinarity-and-beyond.pdf
    • http://www.gorillawalker.com/the-disappearing-american-voter.pdf
    • http://www.gorillawalker.com/coaching-principles-classroom-course-4th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.