Malicious PDF — malware analysis report

Static analysis result for SHA-256 627378d75983eb09…

MALICIOUS

PDF

35.7 KB Created: 2019-12-13 19:47:26 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: b16ce2dd28d8891ac97cd482106f2a7e SHA-1: b0cb19139503d1d3717e49d83fd4d0ff59b8b4f8 SHA-256: 627378d75983eb09d90bc924c4f617dd01c2fdec4e5b23c300581971f916e664
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the 'gorillawalker.com' domain. While no scripts were explicitly extracted, the nature of the link farm suggests a potential for SEO manipulation or distribution of further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5176

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/devita-planetas-noslepums-the-secret-of-the-ninth-planet-latvian.pdf
    • http://www.gorillawalker.com/spotlight-on-brazil-spotlight-on-my-country.pdf
    • http://www.gorillawalker.com/fishing-boats-of-the-world-1.pdf
    • http://www.gorillawalker.com/moleskine-classic-notebook-pocket-squared-magenta-hard-cover-3-5.pdf
    • http://www.gorillawalker.com/combinatorial-mathematics-carus-mathematical-monographs-no-14.pdf
    • http://www.gorillawalker.com/annual-report-of-the-american-bible-society-volume-98-afrikaans.pdf
    • http://www.gorillawalker.com/theater-of-envy-william-shakespeare-carthage-reprint.pdf
    • http://www.gorillawalker.com/places-in-the-sand.pdf
    • http://www.gorillawalker.com/no-girls-allowed-devotions-for-boys.pdf
    • http://www.gorillawalker.com/ni-wo-ta-developing-chinese-fluency-an-introductory-course-simplified.pdf
    • http://www.gorillawalker.com/the-fabulous-one-my-thoughts-on-lance-von-erich-the.pdf
    • http://www.gorillawalker.com/stylistic-variation-in-prehistoric-ceramics-design-analysis-in-the-american.pdf
    • http://www.gorillawalker.com/nephrology-secrets-2e.pdf
    • http://www.gorillawalker.com/relations-between-obsessive-compulsive-disorder-and-personality-beyond-an-article.pdf
    • http://www.gorillawalker.com/communications-equipment-retailing-in-thailand-market-snapshot-to-2015-download.pdf
    • http://www.gorillawalker.com/sonata-for-horn-piano.pdf
    • http://www.gorillawalker.com/the-future-of-life-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-wonders-of-nevada.pdf
    • http://www.gorillawalker.com/king-arthur-and-the-knights-of-the-round-table-lb.pdf
    • http://www.gorillawalker.com/les-sables-d-olonne-to-la-gironde-imray-c-chart.pdf
    • http://www.gorillawalker.com/jataka-tales-of-the-buddha-volume-ii.pdf
    • http://www.gorillawalker.com/dreamlover-der-liebhaber-aus-einer-anderen-welt-paranormal-romance-german.pdf
    • http://www.gorillawalker.com/mammals-of-arizona.pdf
    • http://www.gorillawalker.com/tyouzetukirenakodakenoshasinnshuu-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-exceptional-man.pdf
    • http://www.gorillawalker.com/immersive-environments-augmented-realities-and-virtual-worlds-assessing-future-trends.pdf
    • http://www.gorillawalker.com/love-for-the-living-meditations-on-the-meaning-of-marriage.pdf
    • http://www.gorillawalker.com/entrenamiento-de-alta-intensidad-deportes-n-27-spanish-edition.pdf
    • http://www.gorillawalker.com/highway-statistics-1997.pdf
    • http://www.gorillawalker.com/a-competitive-neural-network-approach-for-meteorological-situation-clustering-an.pdf
    • http://www.gorillawalker.com/principles-of-public-speaking-16th-edition.pdf
    • http://www.gorillawalker.com/the-packaging-and-design-templates-sourcebook.pdf
    • http://www.gorillawalker.com/credo.pdf
    • http://www.gorillawalker.com/papua-and-new-guinea-in-pictures-a-book-of-elementary.pdf
    • http://www.gorillawalker.com/handbook-of-the-birds-of-india-and-pakistan-together-with.pdf
    • http://www.gorillawalker.com/priceless-turning-ordinary-products-into-extraordinary-experiences.pdf
    • http://www.gorillawalker.com/herrscher-uber-mekka-die-geschichte-der-pilgerfahrt-german-edition.pdf
    • http://www.gorillawalker.com/organizational-processes-and-received-wisdom-research-in-organizational-sciences.pdf
    • http://www.gorillawalker.com/maddalene-fra-sogno-e-realt.pdf
    • http://www.gorillawalker.com/the-moonshawl.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.