Malicious PDF — malware analysis report

Static analysis result for SHA-256 2e2c03071923bd6c…

MALICIOUS

PDF

34.7 KB Created: 2019-09-15 18:21:09 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 9eb453494bfe033ac13b4eb4da36a27d SHA-1: fc28bbc972045b7b018fc24c797de6bcfd6db1d2 SHA-256: 2e2c03071923bd6c9aa370b4075c7ef3cab0e5a9845c2e660e8423e6622121ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to various domains. The ML classifier also indicated a high probability of maliciousness. The embedded URLs, all pointing to www.gorillawalker.com, suggest a coordinated effort to manipulate search engine results or redirect users to potentially harmful content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aip-physics-desk-reference-physicist-s-desk-reference.pdf
    • http://www.gorillawalker.com/suckers-andrew-mayhem-harry-mcglade-thrillers.pdf
    • http://www.gorillawalker.com/hopi-new-version-bassoon.pdf
    • http://www.gorillawalker.com/psychic-dreamwalking-explorations-at-the-edge-of-self.pdf
    • http://www.gorillawalker.com/silence-your-mind-improve-your-happiness-in-just-10-minutes.pdf
    • http://www.gorillawalker.com/reiki-false-beliefs-exposed-for-all-misinformation-kept-secret-by.pdf
    • http://www.gorillawalker.com/bright-architectural-illumination-and-light-projections.pdf
    • http://www.gorillawalker.com/keyboard-instruments-the-instruments-the-music-the-musicians.pdf
    • http://www.gorillawalker.com/hazardous-substances-resource-guide-gale-environmental-library.pdf
    • http://www.gorillawalker.com/sixty-selected-studies-french-horn-method-or-collection-0-kalmus.pdf
    • http://www.gorillawalker.com/computational-systems-biology-of-cancer-chapman-hall-crc-mathematical-and.pdf
    • http://www.gorillawalker.com/torn-apart-the-life-of-ian-curtis.pdf
    • http://www.gorillawalker.com/an-introduction-to-numerical-weather-prediction-techniques.pdf
    • http://www.gorillawalker.com/commando-tactics-for-digital-filmmakers.pdf
    • http://www.gorillawalker.com/uncle-john-s-bathroom-reader-tees-off-on-golf.pdf
    • http://www.gorillawalker.com/materials-structures-and-standards-all-the-details-architects-need-to.pdf
    • http://www.gorillawalker.com/the-vienna-conventions-on-the-law-of-treaties-a-commentary.pdf
    • http://www.gorillawalker.com/we-will-remember-them.pdf
    • http://www.gorillawalker.com/by-edward-m-phillips-harvard-medical-school-the-joint-pain.pdf
    • http://www.gorillawalker.com/fish-histology-female-reproductive-systems.pdf
    • http://www.gorillawalker.com/sphr-exam-flashcard-study-system-sphr-test-practice-questions-review.pdf
    • http://www.gorillawalker.com/the-heretic-s-treasure-ben-hope-unabridged-digital.pdf
    • http://www.gorillawalker.com/vegetarian-cooking-shredded-vege-roasted-duck-and-green-chilli-pepper.pdf
    • http://www.gorillawalker.com/the-book-of-daniel-anchor-bible.pdf
    • http://www.gorillawalker.com/the-urban-school-system-of-the-future-applying-the-principles.pdf
    • http://www.gorillawalker.com/breaking-demonic-strongholds-defeating-the-lies-of-satan.pdf
    • http://www.gorillawalker.com/pretty-ballerinas-beautiful-ballerinas-to-color.pdf
    • http://www.gorillawalker.com/digital-video-recorders-dvrs-changing-tv-and-advertising-forever-nab.pdf
    • http://www.gorillawalker.com/the-custer-adventure.pdf
    • http://www.gorillawalker.com/by-bob-baker-guerrilla-music-marketing-handbook-201-self-promotion.pdf
    • http://www.gorillawalker.com/spirituality-recharted.pdf
    • http://www.gorillawalker.com/solidarit-french-edition.pdf
    • http://www.gorillawalker.com/german-shorthaired-pointers-2016-calendar.pdf
    • http://www.gorillawalker.com/larry-teaches-opening-leads.pdf
    • http://www.gorillawalker.com/high-resolution-separation-and-analysis-of-biological-macromolecules-part-a.pdf
    • http://www.gorillawalker.com/the-crown-and-the-pen-the-memoirs-of-a-lawyer.pdf
    • http://www.gorillawalker.com/mail-order-bride-savannah-s-cowboy-westward-wanted-book-2.pdf
    • http://www.gorillawalker.com/abdominal-ultrasound-a-basic-textbook.pdf
    • http://www.gorillawalker.com/let-s-learn-chinese-elementary-level-simplified-chinese-version.pdf
    • http://www.gorillawalker.com/the-trans-siberian-express.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.