Malicious PDF — malware analysis report

Static analysis result for SHA-256 447d40a32c66d351…

MALICIOUS

PDF

45.6 KB Created: 2019-04-30 16:29:05 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 9ce2e7a02bdc8faa13586619d61e1853 SHA-1: b15b329500e356189436ababc0456122758f29c9 SHA-256: 447d40a32c66d351bf04fe6d1357a5c2d6de39e4d75e2ca8f49f6bcd6095bafc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or SEO poisoning tactic, likely intended to drive traffic to the linked content or potentially serve as a distribution point for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis to the link farm heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fellini.pdf
    • http://www.gorillawalker.com/a-stochastic-control-framework-for-real-options-in-strategic-evaluation.pdf
    • http://www.gorillawalker.com/saudi-arabia-technocrats-in-a-traditional-society-american-university-studies.pdf
    • http://www.gorillawalker.com/obvious-adams-the-story-of-a-successful-business-man.pdf
    • http://www.gorillawalker.com/how-to-increase-your-lung-capacity-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-voice-of-reason-fundamentals-of-critical-thinking.pdf
    • http://www.gorillawalker.com/a-guide-to-the-passion-100-questions-about-the-passion.pdf
    • http://www.gorillawalker.com/dead-of-night-a-zombie-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/my-ex-changed-me-into-a-man-gender-swap-erotica.pdf
    • http://www.gorillawalker.com/creeping-bentgrass-management-second-edition.pdf
    • http://www.gorillawalker.com/warfare-in-atlantic-africa-1500-1800-warfare-and-history.pdf
    • http://www.gorillawalker.com/2015-pennsylvania-real-estate-exam-prep-questions-and-answers-study.pdf
    • http://www.gorillawalker.com/david-busch-s-nikon-d7000-guide-to-digital-slr-photography.pdf
    • http://www.gorillawalker.com/bloomsbury-illustrated-dictionary-of-information-technology-bloomsbury-illustrated-dictionaries.pdf
    • http://www.gorillawalker.com/handbook-of-genetics-volume-5-molecular-genetics.pdf
    • http://www.gorillawalker.com/lexicon-gregorianum-worterbuch-zu-den-schriften-gregors-von-nyssa-lexicon.pdf
    • http://www.gorillawalker.com/little-blog-on-the-prairie.pdf
    • http://www.gorillawalker.com/the-running-log.pdf
    • http://www.gorillawalker.com/chasing-jupiter-kindle-edition.pdf
    • http://www.gorillawalker.com/all-the-places-we-lived.pdf
    • http://www.gorillawalker.com/everything-i-ever-needed-to-know-about-succeeding-in-hollywood.pdf
    • http://www.gorillawalker.com/from-the-center-of-the-ring.pdf
    • http://www.gorillawalker.com/cultivating-pluralism-psychological-social-and-cultural-perspectives-on-a-changing.pdf
    • http://www.gorillawalker.com/smokestack-lightning-adventures-in-the-heart-of-barbecue-country.pdf
    • http://www.gorillawalker.com/writing-and-adhd-tips-to-help-finish-your-novel-and.pdf
    • http://www.gorillawalker.com/ray-campbell-smith-s-way-with-watercolour-exploring-landscape-painting.pdf
    • http://www.gorillawalker.com/denim-from-cowboys-to-catwalks-a-history-of-the-world.pdf
    • http://www.gorillawalker.com/der-freisch-tz-op-77-full-score-a2357.pdf
    • http://www.gorillawalker.com/historical-medieval-erotica-the-red-door.pdf
    • http://www.gorillawalker.com/child-protection-focus-on-social-work-law.pdf
    • http://www.gorillawalker.com/the-tao-of-montessori-reflections-on-compassionate-teaching.pdf
    • http://www.gorillawalker.com/let-s-go-map-guide-boston-let-s-go-map.pdf
    • http://www.gorillawalker.com/the-shankill-butchers-the-real-story-of-cold-blooded-mass.pdf
    • http://www.gorillawalker.com/stephen-sondheim-sweeney-todd-vocal-score-book-by-various-2010.pdf
    • http://www.gorillawalker.com/taken-by-the-marble-statue.pdf
    • http://www.gorillawalker.com/franz-schubert-a-biography-clarendon-paperbacks.pdf
    • http://www.gorillawalker.com/adams-ceramics-staffordshire-potters-and-pots-1779-1998-a-schiffer.pdf
    • http://www.gorillawalker.com/harvest-of-fear-a-history-of-australia-s-vietnam-war.pdf
    • http://www.gorillawalker.com/march-s-advanced-organic-chemistry-reactions-mechanisms-and-structure-by.pdf
    • http://www.gorillawalker.com/superintelligence-paths-dangers-strategies-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/dead-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.