Malicious PDF — malware analysis report

Static analysis result for SHA-256 49ca83c18f2ded3c…

MALICIOUS

PDF

35.0 KB Created: 2020-02-08 18:26:23 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: 1686f608e472a9a00d4b354784fd1877 SHA-1: 90381b615157584114be23c4e9440277789f758a SHA-256: 49ca83c18f2ded3c5c63a64e68e41edf4f6c1394891aade760bb57e58585bc97
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to various PDF documents hosted on gorillawalker.com. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of external links suggests a malicious intent, likely for SEO manipulation or to redirect users to potentially harmful content. The document body contained obfuscated data and date stamps, but no clear textual lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/achieve-toeic-test-preparation-guide-author-renald-rilcy-published-on.pdf
    • http://www.gorillawalker.com/buddhism-buddhism-for-beginners-the-complete-buddhism-guide-zen-buddhism.pdf
    • http://www.gorillawalker.com/the-harvard-medical-school-mental-health-letter-september-1994-sleep.pdf
    • http://www.gorillawalker.com/sixty-five-hours.pdf
    • http://www.gorillawalker.com/quiet-and-peaceable-life-people-s-place-book-no-2.pdf
    • http://www.gorillawalker.com/the-future-does-not-exist-retrotypes.pdf
    • http://www.gorillawalker.com/workbook-for-hinkle-wiersma-jurs-applied-statistics-for-the-behavioral.pdf
    • http://www.gorillawalker.com/the-blazing-world-and-other-writings-penguin-classics.pdf
    • http://www.gorillawalker.com/doonesbury-and-the-art-of-g-b-trudeau.pdf
    • http://www.gorillawalker.com/transforming-schools-with-technology.pdf
    • http://www.gorillawalker.com/to-play-the-king.pdf
    • http://www.gorillawalker.com/the-sports-doping-market-understanding-supply-and-demand-and-the.pdf
    • http://www.gorillawalker.com/an-american-s-journey-through-america-s-soul.pdf
    • http://www.gorillawalker.com/tah-gah-jute-or-logan-and-cresap-an-historical-essay.pdf
    • http://www.gorillawalker.com/s-is-for-snowman.pdf
    • http://www.gorillawalker.com/heavenly-bodies-remembering-hollywood-and-fashion-s-favorite-aids-benefit.pdf
    • http://www.gorillawalker.com/the-tag-teamed-collection-gay-mmm-interracial-cheating-erotic-m.pdf
    • http://www.gorillawalker.com/witness-travel-guide-eastern-inner-mongolia-northeast-china-paperback.pdf
    • http://www.gorillawalker.com/the-society-of-anna-with-weather-before-women-and-the.pdf
    • http://www.gorillawalker.com/arabic-antimissionary-treatises-a-select-annotated-bibliography-bibliography-an-article.pdf
    • http://www.gorillawalker.com/to-live-is-christ-the-life-and-ministry-of-paul.pdf
    • http://www.gorillawalker.com/philip-larkin-the-poems-analysing-texts.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-animation-techniques-a-comprehensive-step-by-step.pdf
    • http://www.gorillawalker.com/story-of-erskine-beveridge-and-st-leonard-s-works-1833.pdf
    • http://www.gorillawalker.com/sami-nounours-magique-quel-beau-cadeau-de-no-l-french.pdf
    • http://www.gorillawalker.com/media-training-a-guide-to-giving-great-interviews.pdf
    • http://www.gorillawalker.com/healing-from-within-be-still-and-know-fourth-edition.pdf
    • http://www.gorillawalker.com/examined-life-advanced-philosophy-for-kids.pdf
    • http://www.gorillawalker.com/low-back-pain-stiff-neck-be-cured-neat-to-be.pdf
    • http://www.gorillawalker.com/meadow-lark.pdf
    • http://www.gorillawalker.com/national-geographic-big-ideas-book-life-science-grade-3.pdf
    • http://www.gorillawalker.com/complete-art-foundation-course-drawing-watercolor-oils-and-acrylics-foundation.pdf
    • http://www.gorillawalker.com/feminist-methodologies-for-critical-researchers-bridging-differences-gender-lens-series.pdf
    • http://www.gorillawalker.com/good-night-willie-lee-i-146-ll-see-you-in.pdf
    • http://www.gorillawalker.com/kaplan-lsat-reading-comprehension-strategies-and-tactics-kaplan-lsat-strategies.pdf
    • http://www.gorillawalker.com/mad-about-mirabelle.pdf
    • http://www.gorillawalker.com/user-unfriendly.pdf
    • http://www.gorillawalker.com/where-jesus-walked.pdf
    • http://www.gorillawalker.com/how-to-make-ice-chunks-xylitol-mints-and-candy-kindle.pdf
    • http://www.gorillawalker.com/hydroponics-for-beginners-the-ultimate-guide-to-hydroponic-gardening-and.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.