Malicious PDF — malware analysis report

Static analysis result for SHA-256 1627090e5934e093…

MALICIOUS

PDF

33.7 KB Created: 2019-12-14 10:27:06 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: 3fa59c7639b53ac339bcf25e9bec4921 SHA-1: 06e88e374c445ff890e2364b36f2c0747a1df413 SHA-256: 1627090e5934e0930c3d0dc9c5afedf8ff7fc82db80738c7874795c699ff31b4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document that contains a large number of embedded links to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates this is likely an attempt to manipulate search engine results or distribute content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect the user to potentially harmful content hosted on 'gorillawalker.com'.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/joel-obadiah-malachi-the-niv-application-commentary.pdf
    • http://www.gorillawalker.com/discovering-sharks-worldlife-library.pdf
    • http://www.gorillawalker.com/hands-on-learning-telling-time-card-game-hands-on-learning.pdf
    • http://www.gorillawalker.com/drugs-behavior-an-introduction-to-behavioral-pharmacology-vol-2-fifth.pdf
    • http://www.gorillawalker.com/winning-the-homework-battle-parenting-with-love-and-logic.pdf
    • http://www.gorillawalker.com/la-procrastinacion-eficiente-gestion-del-conocimiento-spanish-edition.pdf
    • http://www.gorillawalker.com/the-shining-company-red-fox-older-fiction.pdf
    • http://www.gorillawalker.com/eternal-summer-the-art-of-edward-henry-potthast.pdf
    • http://www.gorillawalker.com/critical-high-acuity-outline-the-skidmore-roth-outline-series.pdf
    • http://www.gorillawalker.com/year-book-of-endocrinology-2014-1e-year-books.pdf
    • http://www.gorillawalker.com/analytic-number-theory-colloquium-publications-vol-53-colloquium-publications-amer.pdf
    • http://www.gorillawalker.com/introduction-to-survey-quality.pdf
    • http://www.gorillawalker.com/six-lovers-in-florence-the-long-version-and-the-short.pdf
    • http://www.gorillawalker.com/valkyrie-rising-on-silver-wings-book-2.pdf
    • http://www.gorillawalker.com/social-worker-as-researcher-integrating-research-with-advocacy.pdf
    • http://www.gorillawalker.com/domine-los-acordes-y-ritmos-b-sicos-curso-completo-de.pdf
    • http://www.gorillawalker.com/words-that-changed-america-great-speeches-that-inspired-challenged-healed.pdf
    • http://www.gorillawalker.com/chilton-total-car-care-toyota-prius-2001-08-chilton-s.pdf
    • http://www.gorillawalker.com/chicago-travel-guide-top-20-places-to-visit-kindle-edition.pdf
    • http://www.gorillawalker.com/silver-collar-garoul.pdf
    • http://www.gorillawalker.com/states-of-delinquency-race-and-science-in-the-making-of.pdf
    • http://www.gorillawalker.com/doing-history-level-g-h-a-strategic-guide-to-document.pdf
    • http://www.gorillawalker.com/systema-the-russian-martial-system.pdf
    • http://www.gorillawalker.com/advances-in-wrought-magnesium-alloys-fundamentals-of-processing-properties-and.pdf
    • http://www.gorillawalker.com/microelectronic-circuit-and-devices-2nd-edition-part-a-b.pdf
    • http://www.gorillawalker.com/monasteries.pdf
    • http://www.gorillawalker.com/explore-natural-resources-with-25-great-projects-explore-your-world.pdf
    • http://www.gorillawalker.com/safety-culture-and-effective-safety-management-occupational-safety-and-health.pdf
    • http://www.gorillawalker.com/arroz-rice-para-hoy-everyday-spanish-edition.pdf
    • http://www.gorillawalker.com/the-malay-art-of-self-defense-silat-seni-gayong.pdf
    • http://www.gorillawalker.com/the-definitive-irredeemable-vol-1.pdf
    • http://www.gorillawalker.com/organic-synthesis-concepts-and-methods.pdf
    • http://www.gorillawalker.com/2500-jokes-to-start-em-laughing.pdf
    • http://www.gorillawalker.com/leadership-the-inner-side-of-greatness-jossey-bass-management.pdf
    • http://www.gorillawalker.com/the-peruvian-kitchen-traditions-ingredients-tastes-and-techniques-in-100.pdf
    • http://www.gorillawalker.com/shivitti-a-vision.pdf
    • http://www.gorillawalker.com/delirium-how-the-sexual-counterrevolution-is-polarizing-america.pdf
    • http://www.gorillawalker.com/handbook-to-life-in-ancient-rome.pdf
    • http://www.gorillawalker.com/the-eighth-day-of-creation-makers-of-the-revolution-in.pdf
    • http://www.gorillawalker.com/a-tour-through-the-island-of-jamaica-from-the-western.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.