Malicious PDF — malware analysis report

Static analysis result for SHA-256 2f78fc6ae267790d…

MALICIOUS

PDF

32.8 KB Created: 2020-03-13 01:10:05 +03:00 Authoring application: FineReader (via -)
MD5: 71f8500db18a07276b309a50acb32d3e SHA-1: 06bc99736d3ccb8dde9b10b3ebbb317cab6997f0 SHA-256: 2f78fc6ae267790dee35db82b7567463e707e27b22f95a5c677b34a2c74d02ab
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm or a phishing lure designed to direct users to a large collection of potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/microwaving-for-1-or-2.pdf
    • http://www.gorillawalker.com/alex-meets-a-leprechaun-the-amazing-adventures-of-alex-the.pdf
    • http://www.gorillawalker.com/branded-a-post-apocalyptic-otherworld-story-kindle-edition.pdf
    • http://www.gorillawalker.com/male-and-female-roles-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/taking-to-the-skies-great-australian-flying-stories.pdf
    • http://www.gorillawalker.com/krymsin-nocturnes.pdf
    • http://www.gorillawalker.com/the-urban-wildlife-gardener-how-to-attract-birds-bees-butterflies.pdf
    • http://www.gorillawalker.com/soldadura-industrial-industrial-welding-spanish-edition.pdf
    • http://www.gorillawalker.com/confession-de-fe-christiana-university-of-exeter-press-exeter-hispanic.pdf
    • http://www.gorillawalker.com/young-adults-kindle-edition.pdf
    • http://www.gorillawalker.com/descubra-los-misterios-del-c.pdf
    • http://www.gorillawalker.com/vijayanagara-voices-exploring-south-indian-history-and-hindu-literature-digital.pdf
    • http://www.gorillawalker.com/canadian-literary-power-the-writer-as-critic-series.pdf
    • http://www.gorillawalker.com/rasa-bhaishajyakalpana-vijnana-hindi-edition.pdf
    • http://www.gorillawalker.com/black-movements-in-america-revolutionary-thought-radical-movements.pdf
    • http://www.gorillawalker.com/time-out-norfolk-and-suffolk-time-out-guides.pdf
    • http://www.gorillawalker.com/anybody-s-somebody.pdf
    • http://www.gorillawalker.com/number-nine-dream-an-autobiography-mainstream-sport.pdf
    • http://www.gorillawalker.com/pocket-posh-christmas-logic-100-puzzles.pdf
    • http://www.gorillawalker.com/beyond-teaching-and-learning.pdf
    • http://www.gorillawalker.com/spell-blind-case-files-of-justis-fearsson.pdf
    • http://www.gorillawalker.com/moonlight-and-mustangs-phases-series-book-11.pdf
    • http://www.gorillawalker.com/light-that-shines-in-me-the-3pt-mixed-3-pt.pdf
    • http://www.gorillawalker.com/the-grove-encyclopedia-of-islamic-art-architecture.pdf
    • http://www.gorillawalker.com/tratado-de-medicina-paliativa-treaty-of-palliative-medicine-y-tratamiento.pdf
    • http://www.gorillawalker.com/sanctified-trial-diary-of-eliza-rhea-anderson-fain-voices-of.pdf
    • http://www.gorillawalker.com/in-the-balance-an-alternate-history-of-the-second-world.pdf
    • http://www.gorillawalker.com/deserts-cube-books.pdf
    • http://www.gorillawalker.com/it-s-not-fitness-it-s-abuse-the-secrets-behind.pdf
    • http://www.gorillawalker.com/crimp-on-by-the-true-story-of-a-most-unlikely.pdf
    • http://www.gorillawalker.com/corporate-identity-design.pdf
    • http://www.gorillawalker.com/stochastic-models-horm2-volume-2-handbooks-in-operations-research-and.pdf
    • http://www.gorillawalker.com/the-bob-dylan-mandolin-chord-songbook-kindle-edition.pdf
    • http://www.gorillawalker.com/monetary-policy-interest-rate-rules-and-the-term-structure-of.pdf
    • http://www.gorillawalker.com/encyclopedia-of-geobiology-encyclopedia-of-earth-sciences-series.pdf
    • http://www.gorillawalker.com/galveston-1900-swept-away.pdf
    • http://www.gorillawalker.com/fruits-basket-volume-23-japanese-edition.pdf
    • http://www.gorillawalker.com/the-eastern-countries-trail-map-dungeons-dragons-accessory-tm2.pdf
    • http://www.gorillawalker.com/the-post-political-and-its-discontents-spaces-of-depoliticization-spectres.pdf
    • http://www.gorillawalker.com/peoples-of-the-world-their-cultures-traditions-and-ways-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.