MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains an embedded JavaScript payload that is likely intended to execute malicious actions. The document also exhibits a high number of external PDF links, suggesting a link farm or SEO manipulation tactic. The embedded script and the numerous external links indicate a malicious intent, possibly to redirect users to further malicious content or exploit kits.
Machine Learning
- Nyx PDF Classifier malicious score 0.9181
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded script payload in PDF stream high PDF_EMBEDDED_SCRIPT_PAYLOADPDF stream bytes contain script execution markers such as ActiveXObject/CreateObject, WScript.Shell, PowerShell, or shell-exec primitives. This is stronger than ordinary PDF JavaScript because it indicates a staged external script payload hidden in stream bytes.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.gorillawalker.com/too-taboo-bundle-1-forbidden-erotic-stories.pdf
- http://www.gorillawalker.com/the-environmental-impact-of-burrowing-animals-and-animal-burrows-symposia.pdf
- http://www.gorillawalker.com/national-geographic-kids-national-parks-guide-u-s-a.pdf
- http://www.gorillawalker.com/first-comes-faith-proclaiming-the-gospel-in-the-church.pdf
- http://www.gorillawalker.com/an-observation-survey-of-early-literacy-achievement.pdf
- http://www.gorillawalker.com/survival-latvian-a-traveller-s-phrasebook-and-guide-english-and.pdf
- http://www.gorillawalker.com/wizards-stories-of-mischief-magic-and-mayhem.pdf
- http://www.gorillawalker.com/the-last-knight-a-tribute-to-desmond-fitzgerald-29th-knight.pdf
- http://www.gorillawalker.com/jihad-and-genocide-studies-in-genocide-religion-history-and-human.pdf
- http://www.gorillawalker.com/gurps-vampire-companion-op-gurps-generic-universal-role-playing-system.pdf
- http://www.gorillawalker.com/heartsick.pdf
- http://www.gorillawalker.com/la-crosse-postcard-history.pdf
- http://www.gorillawalker.com/malleus-eisenhorn.pdf
- http://www.gorillawalker.com/audio-digest-internal-medicine-preventing-heart-disease-vol-48-issue.pdf
- http://www.gorillawalker.com/james-joyce-s-ulysses-a-reference-guide.pdf
- http://www.gorillawalker.com/medical-md0174100-organization-of-pest-management-operations-kindle-edition.pdf
- http://www.gorillawalker.com/the-individuated-hobbit-jung-tolkien-and-the-archetypes-of-middle.pdf
- http://www.gorillawalker.com/quantitative-ecology-and-the-brown-trout-oxford-series-in-ecology.pdf
- http://www.gorillawalker.com/navy-cg-x-cruiser-program-background-for-congress.pdf
- http://www.gorillawalker.com/acid-reflux-from-heartburn-to-cancer-kindle-edition.pdf
- http://www.gorillawalker.com/national-liberation-movements-in-office-forging-democracy-with-african-adjectives.pdf
- http://www.gorillawalker.com/inventing-the-internet-inside-technology.pdf
- http://www.gorillawalker.com/la-relazione-che-cura-gestalt-counselling-e-art-therapy-persona.pdf
- http://www.gorillawalker.com/te-espero-en-casablanca-trilog.pdf
- http://www.gorillawalker.com/type-talk-the-16-personality-types-that-determine-how-we.pdf
- http://www.gorillawalker.com/from-jungle-to-java-dodo-press.pdf
- http://www.gorillawalker.com/hollow-city-the-second-novel-of-miss-peregrine-s-peculiar.pdf
- http://www.gorillawalker.com/philosophy-of-nursing-5-questions.pdf
- http://www.gorillawalker.com/cambridge-primary-mathematics-stage-2-learner-s-book-cambridge-international.pdf
- http://www.gorillawalker.com/ragamuffin-a-novel.pdf
- http://www.gorillawalker.com/healing-through-trigger-point-therapy-a-guide-to-fibromyalgia-myofascial.pdf
- http://www.gorillawalker.com/soundpower-christmas-celebration-bill-moffit-1st-trombone-1st-trombone.pdf
- http://www.gorillawalker.com/your-endowment.pdf
- http://www.gorillawalker.com/venus-space.pdf
- http://www.gorillawalker.com/contemporary-hispanic-biography.pdf
- http://www.gorillawalker.com/we-died-with-our-boots-clean-a-royal-marine-commando.pdf
- http://www.gorillawalker.com/authentic-american-indian-beadwork-and-how-to-do-it-with.pdf
- http://www.gorillawalker.com/atlas-of-pulmonary-vascular-imaging-a-multimodality-approach.pdf
- http://www.gorillawalker.com/aion.pdf
- http://www.gorillawalker.com/the-secrets-club-alice-in-the-spotlight.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_pdf_script_00001fcb.bina3be1e77d059ebb5de5662b270e6a2bcc7365f93ea0ef10834d56256432baee7 |
pdf-embedded-script | PDF decompressed stream script payload at offset 0x1FCB | 16475 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 shell/COM execution token(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.