Malicious PDF — malware analysis report

Static analysis result for SHA-256 69eeb79f24f06cda…

MALICIOUS

PDF

33.9 KB Created: 2019-12-13 14:06:25 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.01 for Windows)
MD5: 6b6324331df77e011447e3e108e0b184 SHA-1: 28837a5dd37af1950133263af4ab8a3c7b25a6df SHA-256: 69eeb79f24f06cdadd3cf6a3bfb9167701ba556bbafa67524a2817e17e532145
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This pattern is indicative of a link farm or SEO manipulation tactic, often used to distribute malicious content or drive traffic. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/panzer-i.pdf
    • http://www.gorillawalker.com/psoriasis-french-language-edition-french-edition.pdf
    • http://www.gorillawalker.com/the-best-of-discovery-jazz-alto-sax-2.pdf
    • http://www.gorillawalker.com/the-butterfly-clues.pdf
    • http://www.gorillawalker.com/love-101-to-love-oneself-is-the-beginning-of-a.pdf
    • http://www.gorillawalker.com/awards-of-attorneys-fees-by-federal-courts-and-federal-agencies.pdf
    • http://www.gorillawalker.com/a-simple-guide-to-the-way-back-home.pdf
    • http://www.gorillawalker.com/complete-guide-to-google-android-kindle-edition.pdf
    • http://www.gorillawalker.com/mammals-of-europe-status-and-repartition-cartography.pdf
    • http://www.gorillawalker.com/musical-creativity-strategies-and-tools-in-composition-and-improvisation-computational.pdf
    • http://www.gorillawalker.com/a-discourse-on-the-damned-art-of-witchcraft-kindle-edition.pdf
    • http://www.gorillawalker.com/choosing-to-love-the-world-on-contemplation.pdf
    • http://www.gorillawalker.com/pediatric-anesthesia-and-emergency-drug-guide-macksey-pediatric-anesthesia-and.pdf
    • http://www.gorillawalker.com/requiem-for-my-friend-vocal-score-organ-and-voices.pdf
    • http://www.gorillawalker.com/early-metallurgy-of-the-persian-gulf-technology-trade-and-the.pdf
    • http://www.gorillawalker.com/why-stocks-go-up-and-down-4e.pdf
    • http://www.gorillawalker.com/dissoudre-une-association-loi-1901-une-formalit-simple-et-s.pdf
    • http://www.gorillawalker.com/recommended-hotels-game-lodges-southern-africa-mauritius-the-seychelles.pdf
    • http://www.gorillawalker.com/hispanic-child-youth-u-s-reference-books-on-family-issues.pdf
    • http://www.gorillawalker.com/a-study-of-angels.pdf
    • http://www.gorillawalker.com/adoptive-families-my-family.pdf
    • http://www.gorillawalker.com/hotel-chocolat-a-new-way-of-cooking-with-chocolate.pdf
    • http://www.gorillawalker.com/a-city-for-the-red-type-red-volume-2.pdf
    • http://www.gorillawalker.com/science-and-religion-in-the-english-speaking-world-1600-1727.pdf
    • http://www.gorillawalker.com/the-international-biotechnology-directory.pdf
    • http://www.gorillawalker.com/making-sense-of-suicide-an-in-depth-look-at-why.pdf
    • http://www.gorillawalker.com/the-traditional-tunes-of-the-child-ballads-vol-3.pdf
    • http://www.gorillawalker.com/the-thinking-body-a-study-of-the-balacing-forces-of.pdf
    • http://www.gorillawalker.com/fanaroff-and-martin-s-neonatal-perinatal-medicine-2-volume-set.pdf
    • http://www.gorillawalker.com/the-nondual-teachings-of-christ-vol-2-kindle-edition.pdf
    • http://www.gorillawalker.com/creating-the-nisei-market-race-and-citizenship-in-hawai-i.pdf
    • http://www.gorillawalker.com/smokin-in-the-boys-room-southern-recipes-from-the-winningest.pdf
    • http://www.gorillawalker.com/making-spirits-bright-familystories.pdf
    • http://www.gorillawalker.com/the-investigative-judgement-am-i-saved-kindle-edition.pdf
    • http://www.gorillawalker.com/inspection-authorization-test-prep-a-comprehensive-study-tool-to-prepare.pdf
    • http://www.gorillawalker.com/social-inclusion-of-people-with-disabilities-national-and-international-perspectives.pdf
    • http://www.gorillawalker.com/king-cobra-cobra-real-killer-snakes-serpientes-asesinas.pdf
    • http://www.gorillawalker.com/married-with-zombies-living-with-the-dead-book-1.pdf
    • http://www.gorillawalker.com/being-sawyer-knight.pdf
    • http://www.gorillawalker.com/tails-from-the-woodshed-three-male-male-spanking-stories.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.