Malicious PDF — malware analysis report

Static analysis result for SHA-256 69dabca223f5b3c6…

MALICIOUS

PDF

34.2 KB Created: 2020-02-08 18:29:23 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: 49d03e8191605dc350fa6092206a88f4 SHA-1: b9ae4673dae667212dad9d47e9abc6df742299be SHA-256: 69dabca223f5b3c6228eecc5ad164c6f24ab0256bedd0b1b26a3a3ae856d820f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/g-i-joe-cobra.pdf
    • http://www.gorillawalker.com/hucow-6-doubling-her-milk-the-captive-series-hucow-series.pdf
    • http://www.gorillawalker.com/cyprus-cadogan-guides.pdf
    • http://www.gorillawalker.com/acci-n-suave-alternativas-innovadoras-para-un-mundo-en-crisis.pdf
    • http://www.gorillawalker.com/the-philosophy-of-law-an-exposition-of-the-fundamental-principles.pdf
    • http://www.gorillawalker.com/a-private-affair-scandal-and-steamy-romance-romance-passion-and.pdf
    • http://www.gorillawalker.com/american-patchwork-quilting-2010-calendar.pdf
    • http://www.gorillawalker.com/spying-on-democracy-government-surveillance-corporate-power-and-public-resistance.pdf
    • http://www.gorillawalker.com/principles-of-agribusiness-management-fifth-edition.pdf
    • http://www.gorillawalker.com/all-time-snacks-and-sandwiches.pdf
    • http://www.gorillawalker.com/a-multi-trace-element-coral-record-of-land-use-changes.pdf
    • http://www.gorillawalker.com/subaltern-appeal-to-experience-self-identity-late-modernity-and-the.pdf
    • http://www.gorillawalker.com/traitor-s-duty.pdf
    • http://www.gorillawalker.com/q-a-revision-guide-land-law-2015-2016.pdf
    • http://www.gorillawalker.com/predator-wars-animal-wars.pdf
    • http://www.gorillawalker.com/blood-type-diet-the-ultimate-guide-to-eating-food-meant.pdf
    • http://www.gorillawalker.com/praxis-ii-middle-school-mathematics-0069-teacher-certification-study-guide.pdf
    • http://www.gorillawalker.com/authentic-mexican-cooking-80-delicious-traditional-recipes-for-tacos-burritos.pdf
    • http://www.gorillawalker.com/christopher-columbus-journal-of-the-first-voyage-columbus-journal-of.pdf
    • http://www.gorillawalker.com/god-s-truth-about-gender-unraveling-the-lies-of-modern.pdf
    • http://www.gorillawalker.com/a-proposito-del-relativismo-cultural-an-article-from-revista-de.pdf
    • http://www.gorillawalker.com/jumping-landing-taking.pdf
    • http://www.gorillawalker.com/mauritius-hotspots.pdf
    • http://www.gorillawalker.com/1984-to-1984-a-companion-to-the-classic-novel-of.pdf
    • http://www.gorillawalker.com/the-music-of-life-biology-beyond-genes.pdf
    • http://www.gorillawalker.com/i-accuse-the-council.pdf
    • http://www.gorillawalker.com/judas-maccabeus-o-lovely-peace-piano-sheet-music.pdf
    • http://www.gorillawalker.com/forever-erma-best-loved-writing-from-america-s-favorite-humorist.pdf
    • http://www.gorillawalker.com/incontri-attuali.pdf
    • http://www.gorillawalker.com/victor-moritz-goldschmidt-father-of-modern-geochemistry-special-publication-no.pdf
    • http://www.gorillawalker.com/service-a-navy-seal-at-war.pdf
    • http://www.gorillawalker.com/disciplining-deborah-a-regency-erotica-school-for-whores.pdf
    • http://www.gorillawalker.com/piano-sonata-in-a-op-2-no-2-signature.pdf
    • http://www.gorillawalker.com/creative-chemistry-descriptive-of-recent-achievements-in-the-chemical-industries.pdf
    • http://www.gorillawalker.com/dinner-pawsible-a-cookbook-of-nutritious-homemade-meals-for-cats.pdf
    • http://www.gorillawalker.com/quantum-theory-of-many-particle-systems-dover-books-on-physics.pdf
    • http://www.gorillawalker.com/a-drive-down-memory-lane-the-named-state-and-federal.pdf
    • http://www.gorillawalker.com/la-excelencia-en-ortodoncia-aparato-de-autoligado-miniimplantes-y-extracciones.pdf
    • http://www.gorillawalker.com/nursing-care-of-infants-and-children.pdf
    • http://www.gorillawalker.com/rethinking-working-class-history.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.