MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a heuristic firing for a large number of embedded external links, suggesting a link farm or SEO manipulation tactic. Additionally, an embedded script payload was detected, which is often used to download and execute further malicious content. The presence of these elements indicates a malicious intent, likely related to distributing malware or phishing content through a large number of seemingly legitimate but controlled links.
Machine Learning
- Nyx PDF Classifier malicious score 0.8389
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded script payload in PDF stream high PDF_EMBEDDED_SCRIPT_PAYLOADPDF stream bytes contain script execution markers such as ActiveXObject/CreateObject, WScript.Shell, PowerShell, or shell-exec primitives. This is stronger than ordinary PDF JavaScript because it indicates a staged external script payload hidden in stream bytes.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.gorillawalker.com/florence-nightingale-for-children-the-famous-nurse-who-made-hospitals.pdf
- http://www.gorillawalker.com/zack-the-art.pdf
- http://www.gorillawalker.com/high-blood-pressure-lowered-naturally-your-arteries-can-clean-themselves.pdf
- http://www.gorillawalker.com/speech-production-and-perception.pdf
- http://www.gorillawalker.com/the-gendered-pulpit-paperback.pdf
- http://www.gorillawalker.com/criminal-evidence-principles-and-cases.pdf
- http://www.gorillawalker.com/kulturflatrate-l-sung-aller-probleme-german-edition.pdf
- http://www.gorillawalker.com/drown.pdf
- http://www.gorillawalker.com/forex-trading-revealed-little-dirty-secrets-and-should-be-forbidden.pdf
- http://www.gorillawalker.com/mixed-media-artist-s-library-series.pdf
- http://www.gorillawalker.com/high-throughput-screening-for-novel-anti-inflammatories-progress-in-inflammation.pdf
- http://www.gorillawalker.com/loving-aidan.pdf
- http://www.gorillawalker.com/thinking-investor-s-guide-to-the-stock-market.pdf
- http://www.gorillawalker.com/souful-sultry-a-collection-of-poetry-and-relections-volume-1.pdf
- http://www.gorillawalker.com/dr-earl-mindell-s-what-you-should-know-about-fiber.pdf
- http://www.gorillawalker.com/detection-and-its-designs-narrative-power-in-19th-century-detection.pdf
- http://www.gorillawalker.com/alzheimer-s-the-pride-half-and-the-half-cure-kindle.pdf
- http://www.gorillawalker.com/prediction-of-changes.pdf
- http://www.gorillawalker.com/ornaments-of-awareness-a-poetic-journal-in-the-search-for.pdf
- http://www.gorillawalker.com/a-funny-thing-happened-on-the-way-to-heaven-or.pdf
- http://www.gorillawalker.com/windows-powershell-cookbook-the-complete-guide-to-scripting-microsoft-s.pdf
- http://www.gorillawalker.com/k-nig-heinrich-iv-erster-und-zweiter-teil-german-edition.pdf
- http://www.gorillawalker.com/saint-antoine-le-grand-dans-l-orient-chr-tien-dossier.pdf
- http://www.gorillawalker.com/bill-evans-how-my-heart-sings.pdf
- http://www.gorillawalker.com/new-complete-medical-and-health-encyclopedia.pdf
- http://www.gorillawalker.com/cpt-2011-cpt-current-procedural-terminology-professional-edition.pdf
- http://www.gorillawalker.com/how-to-make-money-trading-everything-you-need-to-know.pdf
- http://www.gorillawalker.com/the-social-construction-of-technological-systems-new-directions-in-the.pdf
- http://www.gorillawalker.com/lead-the-field-unabridged-audible-audio-edition.pdf
- http://www.gorillawalker.com/christian-classics-piano-solo.pdf
- http://www.gorillawalker.com/south-western-federal-taxation-2010-corporations-partnerships-estates-and-trusts.pdf
- http://www.gorillawalker.com/descendants-of-david-mcwhirter-mary-posten-volume-1.pdf
- http://www.gorillawalker.com/playing-the-state-australian-feminist-interventions-questions-for-feminism.pdf
- http://www.gorillawalker.com/textbook-of-dermatology.pdf
- http://www.gorillawalker.com/operacion-pata-de-oso-operation-bear-paw-cuentos-mitos-y.pdf
- http://www.gorillawalker.com/us-army-technical-manual-tm-5-4220-201-12-life.pdf
- http://www.gorillawalker.com/have-book-will-travel-a-guide-to-book-touring-out.pdf
- http://www.gorillawalker.com/exhibition-collection-earth-from-the-air.pdf
- http://www.gorillawalker.com/paediatric-orthopaedics-a-system-of-decision-making.pdf
- http://www.gorillawalker.com/code-of-federal-regulations-title-8-aliens-and-nationality-revised.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/mm/
- http://www.aiim.org/pdfa/ns/extension/
- http://www.aiim.org/pdfa/ns/schema#
- http://www.aiim.org/pdfa/ns/property#
- http://www.aiim.org/pdfa/ns/id/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_pdf_script_0000725f.binde07882f30320b66aa24cd7cae2b24f3aecd2c9ca5c48d332416e6c048625ace |
pdf-embedded-script | PDF decompressed stream script payload at offset 0x725F | 36636 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 shell/COM execution token(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.