Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e4b42fed140cbea…

MALICIOUS

PDF

32.5 KB Created: 2019-10-29 08:47:19 +03:00 Authoring application: - (via ProcessText Group)
MD5: a6b549b4920d5dea97364b4724287790 SHA-1: e5e4aded5ad8de5f49262effc9d54e4447e9f41b SHA-256: 5e4b42fed140cbeab3514a93df58a820a824144c95150d5033460f3dad2902bc
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute secondary payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8215

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/grammar-of-the-shot-motion-picture-and-video-lighting-and.pdf
    • http://www.gorillawalker.com/a-leicestershire-soldier-in-the-second-sikh-war-recollections-of.pdf
    • http://www.gorillawalker.com/strength-training-anatomy-3rd-edition.pdf
    • http://www.gorillawalker.com/anatomy-of-a-shipwreck-disasters.pdf
    • http://www.gorillawalker.com/guerrilla-marketing-for-spas.pdf
    • http://www.gorillawalker.com/the-rise-of-neoliberalism-and-institutional-analysis-paperback.pdf
    • http://www.gorillawalker.com/basic-corrosion-and-oxidation.pdf
    • http://www.gorillawalker.com/fine-to-forcibly-book-27-know-your-bible-kindle-edition.pdf
    • http://www.gorillawalker.com/study-in-dostoevsky.pdf
    • http://www.gorillawalker.com/yes-you-can-full-time-rving-for-the-single-person.pdf
    • http://www.gorillawalker.com/aa-self-catering-getaways-suites-chalets-national-parks-reserves-caravan.pdf
    • http://www.gorillawalker.com/christmas-cookies-50-recipes-to-treasure-for-the-holiday-season.pdf
    • http://www.gorillawalker.com/broken-seas-true-tales-of-extraordinary-seafaring-adventures.pdf
    • http://www.gorillawalker.com/comparative-physiology-of-the-brain-and-comparative-psychology-scholar-s.pdf
    • http://www.gorillawalker.com/what-is-volume-rookie-read-about-science.pdf
    • http://www.gorillawalker.com/oral-history-theory.pdf
    • http://www.gorillawalker.com/bigino-sulle-tecniche-di-mentalismo-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/drives-around-york-highways-byways-s.pdf
    • http://www.gorillawalker.com/psychometric-testing-in-a-week-teach-yourself.pdf
    • http://www.gorillawalker.com/the-sanctified-life.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-shakespeare-explained.pdf
    • http://www.gorillawalker.com/proceedings-of-the-first-donegani-scientific-workshop-on-strategies-for.pdf
    • http://www.gorillawalker.com/romance-quickies-encounter-6-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hip-preservation-replacement-and-revision.pdf
    • http://www.gorillawalker.com/revenge-of-the-queen-cap.pdf
    • http://www.gorillawalker.com/sketchup-7-1-for-architectural-visualization-beginner-s-guide.pdf
    • http://www.gorillawalker.com/an-untamed-state.pdf
    • http://www.gorillawalker.com/negotiating-environmental-agreements-how-to-avoid-escalating-confrontation-needless-costs.pdf
    • http://www.gorillawalker.com/the-poppy-fields-book-1.pdf
    • http://www.gorillawalker.com/fortune-and-misery-sallie-rhett-roman-of-new-orleans-a.pdf
    • http://www.gorillawalker.com/college-algebra-enhanced-with-graphing-utilities-5th-fifth-edition.pdf
    • http://www.gorillawalker.com/the-extraordinaires-1-the-extinction-gambit-kindle-edition.pdf
    • http://www.gorillawalker.com/islam-on-the-street-religion-in-modern-arabic-literature.pdf
    • http://www.gorillawalker.com/the-co-operative-game-theory-of-the-firm.pdf
    • http://www.gorillawalker.com/transformed-by-triathlon-the-making-of-an-improbable-athlete.pdf
    • http://www.gorillawalker.com/shrinking-forests-our-fragile-planet.pdf
    • http://www.gorillawalker.com/playing-by-their-rules-coastal-teenage-girls-in-kenya-on.pdf
    • http://www.gorillawalker.com/rebel-moon.pdf
    • http://www.gorillawalker.com/operations-management-wiley-plus-blackboard-stand-alone-wiley-plus-products.pdf
    • http://www.gorillawalker.com/for-rent-dangerous-paradise-for-rent-mysteries.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.