Malicious PDF — malware analysis report

Static analysis result for SHA-256 2571fda2e9f52030…

MALICIOUS

PDF

38.7 KB Created: 2019-01-06 08:29:51 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: ba0077a3e03658eeaacce38af008c4fd SHA-1: d62edac19e31a947fbcc8a074c89cd416fdeed58 SHA-256: 2571fda2e9f52030b9f0cff70de518f9168628ec3f7a3c0ff1800e80cdc20c01
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of external links, identified as a 'PDF_SEO_LINK_FARM' heuristic. The document body, though heavily obfuscated, contains numerous URLs pointing to PDF files hosted on www.gorillawalker.com. This suggests the primary purpose is to direct users to a large collection of external resources, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8500

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coping-with-candida-cookbook-paperback.pdf
    • http://www.gorillawalker.com/abstract-algebra-dover-books-on-mathematics-paperback-1996-author-w.pdf
    • http://www.gorillawalker.com/the-simpsons-the-complete-guide-to-your-favorite-family.pdf
    • http://www.gorillawalker.com/barron-s-sat-subject-test-biology-e-m-5th-edition.pdf
    • http://www.gorillawalker.com/irish-voices-from-the-great-war-new-edition.pdf
    • http://www.gorillawalker.com/harp-of-burma-tuttle-classics.pdf
    • http://www.gorillawalker.com/trl-298-re-texturing-of-roads-trl-report.pdf
    • http://www.gorillawalker.com/origins-and-the-enlightenment-aesthetic-epistemology-from-descartes-to-kant.pdf
    • http://www.gorillawalker.com/hello-farm-board-book.pdf
    • http://www.gorillawalker.com/health-assessment-made-incredibly-visual-incredibly-easy-series.pdf
    • http://www.gorillawalker.com/wood-s-end-a-supernatural-thriller-of-suspense-and-intrigue.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-arden-shakespeare-second-series.pdf
    • http://www.gorillawalker.com/the-weathervane-ranch-viejo-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/writers-choice-grammar-and-composition-9.pdf
    • http://www.gorillawalker.com/murphy-s-law-2008-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/toni-morrison-beloved-columbia-critical-guides.pdf
    • http://www.gorillawalker.com/compounds-with-1-to-7-carbon-atom-supplement-to-subvolume.pdf
    • http://www.gorillawalker.com/green-walls-green-roofs-designing-sustainable-architecture.pdf
    • http://www.gorillawalker.com/joyce-and-the-two-irelands-literary-modernism.pdf
    • http://www.gorillawalker.com/reading-the-bones-a-peggy-henderson-adventure-kindle-edition.pdf
    • http://www.gorillawalker.com/first-picture-maths-usborne-first-picture-books.pdf
    • http://www.gorillawalker.com/salmo-91-para-las-madres-el-escudo-protector-de-dios.pdf
    • http://www.gorillawalker.com/let-the-journey-begin-a-parent-s-monthly-guide-to.pdf
    • http://www.gorillawalker.com/peatlands-and-environmental-change.pdf
    • http://www.gorillawalker.com/letters-of-marcus-tullius-cicero.pdf
    • http://www.gorillawalker.com/minecraft-the-ultimate-combat-handbook-minecraft-comics-minecraft-books-the.pdf
    • http://www.gorillawalker.com/messages-from-babylon.pdf
    • http://www.gorillawalker.com/laughin-boy.pdf
    • http://www.gorillawalker.com/on-monsters-an-unnatural-history-of-our-worst-fears.pdf
    • http://www.gorillawalker.com/zimbabwe-the-rise-to-nationhood.pdf
    • http://www.gorillawalker.com/romance-the-wolf-hero-paranormal-werewolf-shifter-sweet-romance-paranormal.pdf
    • http://www.gorillawalker.com/outcast-to-ambassador-the-musical-odyssey-of-salif-keita-paperback.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-study-of-paul-continuum-biblical-studies.pdf
    • http://www.gorillawalker.com/all-access-mega-movie-stars.pdf
    • http://www.gorillawalker.com/guitar-roots-chicago-blues.pdf
    • http://www.gorillawalker.com/music-of-the-heart-the-roberta-guaspari-story.pdf
    • http://www.gorillawalker.com/copenhagen-map.pdf
    • http://www.gorillawalker.com/a-greater-tomorrow.pdf
    • http://www.gorillawalker.com/othello-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/swarovski-the-magic-of-crystal.pdf
    • http://www.gorillawalker.com/origins-and-the-enlightenment-aesthetic-epistemology-from-descar
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.