Malicious PDF — malware analysis report

Static analysis result for SHA-256 10638ea516816445…

MALICIOUS

PDF

41.0 KB Created: 2019-04-09 11:38:47 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 349a62333042093bdb8967d82718a01c SHA-1: 58b2d1e6291f106363ac1511e1d5de2df0d04ca9 SHA-256: 10638ea5168164453f10e921547866b268d8d5a9df3f52ee25c7d729861f1ee2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/alle-de-wercken-van-den-heere-jacob-cats-volume-2.pdf
    • http://www.gorillawalker.com/williams-hebrew-syntax-third-edition.pdf
    • http://www.gorillawalker.com/concerto-grosso-in-d-major-h-73-full-score-a1143.pdf
    • http://www.gorillawalker.com/what-are-forces-and-motion-exploring-science-with-hands-on.pdf
    • http://www.gorillawalker.com/fallingwater-a-frank-lloyd-wright-country-house.pdf
    • http://www.gorillawalker.com/the-island-broken-in-two-halves-land-and-renewal-movements.pdf
    • http://www.gorillawalker.com/inventing-pain-medicine-from-the-laboratory-to-the-clinic.pdf
    • http://www.gorillawalker.com/the-historic-jesus-kindle-edition.pdf
    • http://www.gorillawalker.com/jessica-s-lover.pdf
    • http://www.gorillawalker.com/answers-about-vision-changes-drugs-constipation-and-hepatitis-a-vaccine.pdf
    • http://www.gorillawalker.com/virginia-hearts-the-elusive-mr-perfect-the-thrill-of-the.pdf
    • http://www.gorillawalker.com/the-unseen-power-in-i-am.pdf
    • http://www.gorillawalker.com/cells-aging-and-human-disease.pdf
    • http://www.gorillawalker.com/strangers-in-their-own-land-part-time-faculty-in-american.pdf
    • http://www.gorillawalker.com/schaum-s-quick-guide-to-writing-great-essays.pdf
    • http://www.gorillawalker.com/carnivorous-plants-in-the-wilderness.pdf
    • http://www.gorillawalker.com/crochet-afghan-patterns-101-crocheting-patterns-stitches.pdf
    • http://www.gorillawalker.com/cort-ge-poems.pdf
    • http://www.gorillawalker.com/current-critical-care-diagnosis-treatment-value-pak.pdf
    • http://www.gorillawalker.com/tlacaelel-el-azteca-entre-losaztecas-spanish-edition.pdf
    • http://www.gorillawalker.com/unix-linux-survival-guide-networking-security.pdf
    • http://www.gorillawalker.com/the-bridge-of-dreams-a-poetics-of-145-the-tale.pdf
    • http://www.gorillawalker.com/us-taxes-for-non-citizens-made-easy-kindle-edition.pdf
    • http://www.gorillawalker.com/a-workbook-of-group-analytic-interventions-international-library-of-group.pdf
    • http://www.gorillawalker.com/off-and-running-the-prospects-and-pitfalls-of-government-transitions.pdf
    • http://www.gorillawalker.com/the-french-affair-tables-of-love.pdf
    • http://www.gorillawalker.com/how-to-start-your-own-forex-signal-service-the-next.pdf
    • http://www.gorillawalker.com/hal-leonard-essential-elements-book-1-b-flat-trumpet.pdf
    • http://www.gorillawalker.com/theresa-johnson-black-like-me-kindle-edition.pdf
    • http://www.gorillawalker.com/heavy-metal-magazine-november-1998.pdf
    • http://www.gorillawalker.com/tracking-and-data-association-mathematics-in-science-and-engineering-vol.pdf
    • http://www.gorillawalker.com/laser-spectroscopy-basic-concepts-and-instrumentation.pdf
    • http://www.gorillawalker.com/sherman-firefly-vs-tiger-normandy-1944-duel.pdf
    • http://www.gorillawalker.com/too-much-in-love-to-care-sheet-music-10086-sunset.pdf
    • http://www.gorillawalker.com/living-with-the-desert-central-asian-studies.pdf
    • http://www.gorillawalker.com/common-sense-selling-no-smoke-no-fluff-no-mystique.pdf
    • http://www.gorillawalker.com/latex-allergy-resource-guide.pdf
    • http://www.gorillawalker.com/jack-longstreet-last-of-the-desert-frontiersmen.pdf
    • http://www.gorillawalker.com/canon-eos-5d-mark-iii-the-guide-to-understanding-and.pdf
    • http://www.gorillawalker.com/the-resurrection-ruse-or-reality.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.