Malicious PDF — malware analysis report

Static analysis result for SHA-256 442a843caae9e307…

MALICIOUS

PDF

32.6 KB Created: 2019-11-10 05:16:14 +03:00 Authoring application: - (via ABBYY FineReader 11)
MD5: 9ab1c9dc542690ee51cb422651c83056 SHA-1: ad9ec6fa16bbd6e7b54d1a909e04eb2284f5466c SHA-256: 442a843caae9e3078e5cac995881772328081b6dc9ec4e72fa361c31feff4c88
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by an ML classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This suggests a link farm or a lure to download further content, potentially malicious. No scripts were extracted, and the document body was unreadable, limiting further analysis of the exact intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-nervous-splendor-vienna-1888-1889.pdf
    • http://www.gorillawalker.com/the-meat-racket-the-secret-takeover-of-america-s-food.pdf
    • http://www.gorillawalker.com/vietnam-a-dragon-embattled-vol-i-from-colonialism-to-the.pdf
    • http://www.gorillawalker.com/what-happened-at-fatima.pdf
    • http://www.gorillawalker.com/the-handbook-on-optical-constants-of-metals-in-tables-and.pdf
    • http://www.gorillawalker.com/prohibition-of-abuse-of-law-a-new-general-principle-of.pdf
    • http://www.gorillawalker.com/where-have-all-the-young-people-gone-revised.pdf
    • http://www.gorillawalker.com/introduction-to-singularities.pdf
    • http://www.gorillawalker.com/french-horn-soloist-student-instrumental-course-level-one-1-i.pdf
    • http://www.gorillawalker.com/all-about-fixie-bikes-things-to-know-before-getting-your.pdf
    • http://www.gorillawalker.com/the-christmas-toy-factory-geronimo-stilton-no-27.pdf
    • http://www.gorillawalker.com/lions-wilde-begierde-german-edition.pdf
    • http://www.gorillawalker.com/pocket-atlas-of-radiographic-anatomy-thieme-flexibooks.pdf
    • http://www.gorillawalker.com/america-in-the-1980s-1990s-grades-4-7-american-history.pdf
    • http://www.gorillawalker.com/respiratory-care-anatomy-and-physiology-foundations-for-clinical-practice-3e.pdf
    • http://www.gorillawalker.com/awesome-air-shows-maximize-the-thrills-kindle-edition.pdf
    • http://www.gorillawalker.com/concerning-osteopathy-a-compilation-of-selections-from-articles-published-in.pdf
    • http://www.gorillawalker.com/network-guide-to-networks-networking-course-technology-print-replica-kindle.pdf
    • http://www.gorillawalker.com/arte-chicano-a-comprehensive-annotated-bibliography-of-chicano-art-1965.pdf
    • http://www.gorillawalker.com/pathfinder-campaign-setting-giantslayer-poster-map-folio.pdf
    • http://www.gorillawalker.com/the-arts-crafts-house-then-and-now.pdf
    • http://www.gorillawalker.com/what-every-babysitter-should-know.pdf
    • http://www.gorillawalker.com/sticky-sticky-stuck.pdf
    • http://www.gorillawalker.com/stampy-and-the-ender-sword-novel-inspired-by-stampylongnose-stampy.pdf
    • http://www.gorillawalker.com/bad-to-the-bone-crafting-electronics-systems-with-beaglebone-and.pdf
    • http://www.gorillawalker.com/tuxedo-cats-2011-wall-calendar.pdf
    • http://www.gorillawalker.com/cnc-robotics-build-your-own-workshop-bot.pdf
    • http://www.gorillawalker.com/eroding-the-commons-the-politics-of-ecology-in-baringo-kenya.pdf
    • http://www.gorillawalker.com/the-power-of-framing-creating-the-language-of-leadership.pdf
    • http://www.gorillawalker.com/raspburied-tort-black-cat-cafe-cozy-mystery-series-volume-5.pdf
    • http://www.gorillawalker.com/bible-cover-medium-all-in-one-green-trim.pdf
    • http://www.gorillawalker.com/the-licex-solutions-system-natural-lice-treatment-home-system-kindle.pdf
    • http://www.gorillawalker.com/hillary-rodham-clinton-do-all-the-good-you-can.pdf
    • http://www.gorillawalker.com/cook-up-a-crime-jane-amanda-edwards-mysteries.pdf
    • http://www.gorillawalker.com/cell-biology-genetics-molecular-biology-evolution-and-ecology.pdf
    • http://www.gorillawalker.com/the-walls-of-edinburgh-a-short-guide.pdf
    • http://www.gorillawalker.com/design-and-simulation-of-fractal-antenna-for-wlan-using-ie3d.pdf
    • http://www.gorillawalker.com/uncle-tungsten-memories-of-a-chemical-boyhood-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/hang-gliding-flying-skills.pdf
    • http://www.gorillawalker.com/hong-kong-fbc-542-city-map.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.