Malicious PDF — malware analysis report

Static analysis result for SHA-256 55393b73914c0fe2…

MALICIOUS

PDF

35.4 KB Created: 2020-02-20 05:03:17 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: ccd0d1a23412741da68b660d22a58638 SHA-1: 11690a6cddd4814b35c9141cb9772673e843529f SHA-256: 55393b73914c0fe2e7fb2848d9ad5e5dba448e1102d33d223f3b277120c67aa5
98 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the domain www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the presence of a visual download button lure (SE_DOWNLOAD_BUTTON) combined with the link farm indicates a likely attempt to drive traffic or distribute content through deceptive means.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8477

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-philosophy-of-existentialism-selected-essays-kindle-edition.pdf
    • http://www.gorillawalker.com/pampa-grande-and-the-mochica-culture.pdf
    • http://www.gorillawalker.com/the-complete-book-of-building-flying-your-own-plane.pdf
    • http://www.gorillawalker.com/coastal-vessels-a-colour-portfolio.pdf
    • http://www.gorillawalker.com/de-la-relaci.pdf
    • http://www.gorillawalker.com/access-for-all-proposals-to-promote-equal-opportunities-for-disabled.pdf
    • http://www.gorillawalker.com/charleston-icons-50-symbols-of-the-holy-city-kindle-edition.pdf
    • http://www.gorillawalker.com/emats-for-science-and-industry-noncontacting-ultrasonic-measurements.pdf
    • http://www.gorillawalker.com/by-flowing-waters-chant-for-the-liturgy.pdf
    • http://www.gorillawalker.com/origins-of-north-korea-s-juche-colonialism-war-and-development.pdf
    • http://www.gorillawalker.com/in-greek-waters-a-story-of-the-grecian-war-of.pdf
    • http://www.gorillawalker.com/history-fiction-or-science-chronology-vol-iv.pdf
    • http://www.gorillawalker.com/largo-winch-english-version-volume-1-the-heir.pdf
    • http://www.gorillawalker.com/the-wisdom-of-birds-an-illustrated-history-of-ornithology.pdf
    • http://www.gorillawalker.com/love-you-to-the-moon-and-back.pdf
    • http://www.gorillawalker.com/golden-retrievers-calendar-2015-wall-calendars-dog-calendars-monthly-wall.pdf
    • http://www.gorillawalker.com/summary-how-the-mighty-fall-jim-collins-and-why-some.pdf
    • http://www.gorillawalker.com/biocentrism-how-life-and-consciousness-are-the-keys-to-understanding.pdf
    • http://www.gorillawalker.com/zombie-fallout-3-5-dr-hugh-mann-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/reborn-the-born-trilogy-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/sick-day-i-like-to-read-i-like-to-read.pdf
    • http://www.gorillawalker.com/a-field-guide-to-insects-america-north-of-mexico-peterson.pdf
    • http://www.gorillawalker.com/teachings-of-lord-caitanya-the-golden-avatar-by-a-c.pdf
    • http://www.gorillawalker.com/collection-of-quebec-ephemera-including-montreal-april-1962-vintage-ski.pdf
    • http://www.gorillawalker.com/introduction-to-disaster-management-an-introduction-in-how-to-conduct.pdf
    • http://www.gorillawalker.com/romanian-folk-dances-sz-68-study-score.pdf
    • http://www.gorillawalker.com/ornithological-biography-or-an-account-of-the-habits-of-the.pdf
    • http://www.gorillawalker.com/collins-handwriting-developing-cursive-handwriting-bk-3.pdf
    • http://www.gorillawalker.com/sing-like-an-american-idol-women-s-edition-volume-1.pdf
    • http://www.gorillawalker.com/working-with-chi-practical-ways-to-harness-healing-energy.pdf
    • http://www.gorillawalker.com/from-famine-to-fullness-the-gospel-according-to-ruth.pdf
    • http://www.gorillawalker.com/exam-ref-70-486-developing-asp-net-mvc-web-applications.pdf
    • http://www.gorillawalker.com/whole-body-barefoot-transitioning-well-to-minimal-footwear-unabridged-audible.pdf
    • http://www.gorillawalker.com/can-i-have-the-keys-to-the-car-how-teens.pdf
    • http://www.gorillawalker.com/side-by-side-walking-with-others-in-wisdom-and-love.pdf
    • http://www.gorillawalker.com/8th-grade-cst-science-concept-review.pdf
    • http://www.gorillawalker.com/la-codependencia-facing-codependence-que-es-de-donde-procede-como.pdf
    • http://www.gorillawalker.com/amy-carmichael-rescuer-of-precious-gems-audiobook-christian-heroes-then.pdf
    • http://www.gorillawalker.com/the-legacy-of-chernobyl.pdf
    • http://www.gorillawalker.com/classic-portrait-painting-in-oils-keys-to-mastering-diverse-skin.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.