Malicious PDF — malware analysis report

Static analysis result for SHA-256 17945001cd7dc593…

MALICIOUS

PDF

33.9 KB Created: 2020-03-27 22:18:22 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows)) First seen: 2021-06-28
MD5: d8f18adfde7e6dc76b932ce4dbf1d4b2 SHA-1: f709ef90560ad84bdaa04e64e6070e0d75077ce0 SHA-256: 17945001cd7dc5935eae486605d8861d179d2d74dd5ca5333e52477afaf60619
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous external PDF files hosted on gorillawalker.com, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8015

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ernest-race.pdf In PDF document text
    • http://www.gorillawalker.com/what-is-theory-answers-from-the-social-and-cultural-sciences.pdfIn PDF document text
    • http://www.gorillawalker.com/sign-language-a-to-z-for-kids-a-kid-s.pdfIn PDF document text
    • http://www.gorillawalker.com/globalization-and-neoliberalism-the-caribbean-context.pdfIn PDF document text
    • http://www.gorillawalker.com/the-borders-of-punishment-migration-citizenship-and-social-exclusion.pdfIn PDF document text
    • http://www.gorillawalker.com/vegetarian-cooking-rice-noodles-in-apricot-and-mango-curry-vegetarian.pdfIn PDF document text
    • http://www.gorillawalker.com/the-good-heart-cookbook-recipes-from-our-retreat-center.pdfIn PDF document text
    • http://www.gorillawalker.com/black-politics-white-power-civil-rights-black-power-and-the.pdfIn PDF document text
    • http://www.gorillawalker.com/mines-minerals-mustangs.pdfIn PDF document text
    • http://www.gorillawalker.com/hidden-tahiti-and-french-polynesia-hidden-tahiti-french-polynesia.pdfIn PDF document text
    • http://www.gorillawalker.com/the-bond-how-to-fix-your-falling-down-world.pdfIn PDF document text
    • http://www.gorillawalker.com/it-was-like-this.pdfIn PDF document text
    • http://www.gorillawalker.com/corporate-credit-analysis-credit-risk-management.pdfIn PDF document text
    • http://www.gorillawalker.com/iso-13528-2005-statistical-methods-for-use-in-proficiency-testing.pdfIn PDF document text
    • http://www.gorillawalker.com/practical-veterinary-dermatopathology.pdfIn PDF document text
    • http://www.gorillawalker.com/can-i-tell-you-about-asperger-syndrome-a-guide-for.pdfIn PDF document text
    • http://www.gorillawalker.com/welcome-to-the-jungle-the-why-behind-generation-x.pdfIn PDF document text
    • http://www.gorillawalker.com/rilke-selected-poems.pdfIn PDF document text
    • http://www.gorillawalker.com/tractatus-logico-philosophicus.pdfIn PDF document text
    • http://www.gorillawalker.com/concerto-no-2-for-percussion-timpani-and-orchestra-conductor-s.pdfIn PDF document text
    • http://www.gorillawalker.com/connect-plus-access-card-for-managerial-accounting.pdfIn PDF document text
    • http://www.gorillawalker.com/organizational-transformation-and-process-reengineering.pdfIn PDF document text
    • http://www.gorillawalker.com/a-practical-guide-to-geometric-regulation-for-distributed-parameter-systems.pdfIn PDF document text
    • http://www.gorillawalker.com/jakarta-pitfalls-time-saving-solutions-for-struts-ant-junit-and.pdfIn PDF document text
    • http://www.gorillawalker.com/corporate-governance-and-firm-performance-the-research-foundation-of-aimr.pdfIn PDF document text
    • http://www.gorillawalker.com/typographie-a-manual-of-design.pdfIn PDF document text
    • http://www.gorillawalker.com/jesus-loves-me-black-white-board-book-tell-me-about.pdfIn PDF document text
    • http://www.gorillawalker.com/nelson-mandela-and-apartheid-in-world-history.pdfIn PDF document text
    • http://www.gorillawalker.com/ashokan-farewell-for-harp-sheet-music.pdfIn PDF document text
    • http://www.gorillawalker.com/spiritual-symbolism-of-the-sun-and-moon-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/an-introduction-to-ionic-liquids-rsc.pdfIn PDF document text
    • http://www.gorillawalker.com/primera-antologia-de-algunos-de-mis-libros-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/otherworld-protector-mills-boon-nocturne.pdfIn PDF document text
    • http://www.gorillawalker.com/admiralty-and-maritime-law-in-the-united-states-cases-and.pdfIn PDF document text
    • http://www.gorillawalker.com/niihau-incident.pdfIn PDF document text
    • http://www.gorillawalker.com/inventing-the-loyalists-the-ontario-loyalist-tradition-and-the-creation.pdfIn PDF document text
    • http://www.gorillawalker.com/reaching-the-child-with-autism-through-art.pdfIn PDF document text
    • http://www.gorillawalker.com/lonely-moon.pdfIn PDF document text
    • http://www.gorillawalker.com/finding-rome-on-the-map-of-love.pdfIn PDF document text
    • http://www.gorillawalker.com/5-novelettes-by-lehman-marcus.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text