Malicious PDF — malware analysis report

Static analysis result for SHA-256 6ad12a53dcab82ad…

MALICIOUS

PDF

42.5 KB Created: 2019-03-18 18:23:28 +03:00 Authoring application: - (via iText 2.1.7 by 1T3XT)
MD5: 11347bcb8597e08b1787fbb529d727f3 SHA-1: e9bcb780e8cddeec3ac18b33d8f7375a78bbb41b SHA-256: 6ad12a53dcab82ad4b68b560287d1f69f4e3444aab054c6c1900d0242a0859c0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute secondary payloads. While no scripts were explicitly extracted, the PDF structure and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest malicious intent related to content distribution or redirection.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/digital-art-masters-volume-2-digital-art-masters-series.pdf
    • http://www.gorillawalker.com/you-wouldn-t-want-to-be-a-world-war-ii.pdf
    • http://www.gorillawalker.com/you-re-a-brave-man-julius-zimmerman-west-creek-middle.pdf
    • http://www.gorillawalker.com/connie-carew-and-the-house-of-eyes.pdf
    • http://www.gorillawalker.com/the-baptist-church-hymnal-revised-edition-hymns-and-tunes-foreword.pdf
    • http://www.gorillawalker.com/alfred-jazz-easy-play-along-easy-standards-vol-2-c.pdf
    • http://www.gorillawalker.com/juicing-recipes-101-juicing-recipes-for-weight-loss-detox-and.pdf
    • http://www.gorillawalker.com/effective-writing-basic-grammar-and-diagramming.pdf
    • http://www.gorillawalker.com/u-s-imperialism.pdf
    • http://www.gorillawalker.com/understanding-dyslexia-a-practical-approach-for-parents-and-teachers-paperback.pdf
    • http://www.gorillawalker.com/the-silver-chair-radio-theatre-chronicles-of-narnia.pdf
    • http://www.gorillawalker.com/concerto-for-clarinet-and-orchestra-clarinet-and-piano.pdf
    • http://www.gorillawalker.com/farmstead-chef.pdf
    • http://www.gorillawalker.com/structural-geology-of-the-continental-margin-off-pt-a-o.pdf
    • http://www.gorillawalker.com/42cm-big-bertha-and-german-siege-artillery-of-world-war.pdf
    • http://www.gorillawalker.com/the-life-of-edward-john-eyre-late-governor-of-jamaica.pdf
    • http://www.gorillawalker.com/hispanics-in-hollywood.pdf
    • http://www.gorillawalker.com/beautiful-decay-seven-deadly-sins.pdf
    • http://www.gorillawalker.com/st-james-infirmary-tales-of-the-saturni-book-5.pdf
    • http://www.gorillawalker.com/corduroy-giant-shaped-board-book.pdf
    • http://www.gorillawalker.com/heartsaver-pediatric-first-aid-textbook-student.pdf
    • http://www.gorillawalker.com/new-members-kindle-edition.pdf
    • http://www.gorillawalker.com/stuffed-the-hayling-cycle-kindle-edition.pdf
    • http://www.gorillawalker.com/bottom-line-call-center-management-improving-human-performance.pdf
    • http://www.gorillawalker.com/the-star-bitch-in-wasteland-warrior-a-vonda-andromeda-adventure.pdf
    • http://www.gorillawalker.com/beginner-s-racquetball.pdf
    • http://www.gorillawalker.com/a-bicycle-orgy-group-sex-public-sex-and-dildo-bikes.pdf
    • http://www.gorillawalker.com/born-to-smoke-nicotine-and-genetics-tobacco-the-deadly-drug.pdf
    • http://www.gorillawalker.com/gerald-ford-united-states-presidents.pdf
    • http://www.gorillawalker.com/an-essay-on-irish-bulls-classics-of-irish-history.pdf
    • http://www.gorillawalker.com/strangers-at-our-gates-canadian-immigration-and-immigration-policy-1540.pdf
    • http://www.gorillawalker.com/quantitative-methods-for-decision-makers-with-mathxl-5th-edition.pdf
    • http://www.gorillawalker.com/oubosokudorihkei-shizuku-syasinsyuu-vol1-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/finish-carpentry-a-complete-interior-exterior-guide.pdf
    • http://www.gorillawalker.com/the-doubleday-prayer-collection.pdf
    • http://www.gorillawalker.com/chemical-safety-data-sheets-volume-4-toxic-chemicals-part-b.pdf
    • http://www.gorillawalker.com/antolog-a-de-la-poes-a-hispanoamericana-alba-spanish-edition.pdf
    • http://www.gorillawalker.com/nonprofit-mergers-the-power-of-successful-partnerships-aspen-s-nonprofit.pdf
    • http://www.gorillawalker.com/informed-advocacy-in-early-childhood-care-and-education-making-a.pdf
    • http://www.gorillawalker.com/freedom-journeys-the-tale-of-exodus-and-wilderness-across-millennia.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.