Malicious PDF — malware analysis report

Static analysis result for SHA-256 447f7fb9467121f7…

MALICIOUS

PDF

33.7 KB Created: 2020-02-19 10:04:50 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 8e41e626136add14fb615e9068c9529b SHA-1: 2a2b347baef651f553f3223b97eeca7259eb620d SHA-256: 447f7fb9467121f73a54aac1e5d71906194bc57f8b84bf11a120730046a794be
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8015

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kevin-kell-origin-of-the-species.pdf
    • http://www.gorillawalker.com/harlequin-historical-may-2014-bundle-1-of-2-notorious-in.pdf
    • http://www.gorillawalker.com/just-me-cookin.pdf
    • http://www.gorillawalker.com/three-little-pop-tunes-recorder-quartet.pdf
    • http://www.gorillawalker.com/2005-professional-section-membership-directory-who-s-who-in-diabetes.pdf
    • http://www.gorillawalker.com/ecuador-y-las-islas-galapagos-country-guide-spanish-edition.pdf
    • http://www.gorillawalker.com/the-adventures-of-polo.pdf
    • http://www.gorillawalker.com/how-to-profit-from-reading-annual-reports.pdf
    • http://www.gorillawalker.com/greenwich-ct-images-of-america.pdf
    • http://www.gorillawalker.com/the-oee-primer-understanding-overall-equipment-effectiveness-reliability-and-maintainability.pdf
    • http://www.gorillawalker.com/applied-cryptography-protocols-algorithms-and-source-code-in-c.pdf
    • http://www.gorillawalker.com/misapplied-magic-legal-discipline.pdf
    • http://www.gorillawalker.com/boundary-waters-west-canoe-area-wilderness-superior-national-forest-national.pdf
    • http://www.gorillawalker.com/goosebumps-how-to-draw-goosebumps.pdf
    • http://www.gorillawalker.com/american-pocket-medical-dictionary.pdf
    • http://www.gorillawalker.com/dk-eyewitness-books-ancient-china.pdf
    • http://www.gorillawalker.com/the-thousand-mile-summer-in-desert-and-high-sierra.pdf
    • http://www.gorillawalker.com/cyclops-volume-1.pdf
    • http://www.gorillawalker.com/mercadeo-para-escritores-como-promocionar-mis-libros-spanish-edition.pdf
    • http://www.gorillawalker.com/el-banquero-de-los-pobres-banker-of-the-poor-los.pdf
    • http://www.gorillawalker.com/colecci-n-de-los-tratados-y-convenciones-celebrados-por-la.pdf
    • http://www.gorillawalker.com/chemical-history-reviews-of-the-recent-literature.pdf
    • http://www.gorillawalker.com/pathology-secrets-1e.pdf
    • http://www.gorillawalker.com/taste-my-senses.pdf
    • http://www.gorillawalker.com/consumer-credit-vol-57.pdf
    • http://www.gorillawalker.com/volcanoes-kindle-edition.pdf
    • http://www.gorillawalker.com/thank-heaven-for-little-girls.pdf
    • http://www.gorillawalker.com/concepts-of-technique-for-tuba.pdf
    • http://www.gorillawalker.com/interactive-science-wheels-reproducible-easy-to-make-manipulatives-that-teach.pdf
    • http://www.gorillawalker.com/pocket-manual-for-radiographic-anatomy-and-positioning.pdf
    • http://www.gorillawalker.com/club-girl-hell-brigade-motorcycle-club-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/my-best-friend-is-invisible-goosebumps-no-57.pdf
    • http://www.gorillawalker.com/peace-in-every-bite-a-vegan-cookbook-with-recipes-for.pdf
    • http://www.gorillawalker.com/danza-en-espiral-la-spanish-edition.pdf
    • http://www.gorillawalker.com/social-democracy-and-welfare-capitalism-a-century-of-income-security.pdf
    • http://www.gorillawalker.com/punished-darby-creek-exceptional-titles.pdf
    • http://www.gorillawalker.com/russian-emigres-in-the-intellectual-and-literary-life-of-interwar.pdf
    • http://www.gorillawalker.com/la-repubblica-di-san-marino-e-il-suo-prestito-a.pdf
    • http://www.gorillawalker.com/fun-crafts-with-colors-arts-and-crafts-fun.pdf
    • http://www.gorillawalker.com/james-g-endicott-rebel-out-of-china.pdf
    • http://www.gorillawalker.com/the-oee-primer-understanding-overall-equipment-effectiveness-reliability-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.