Malicious PDF — malware analysis report

Static analysis result for SHA-256 6aff0c1ce6100f83…

MALICIOUS

PDF

32.1 KB Created: 2020-01-17 04:25:22 +03:00 Authoring application: XSL Formatter V4.3 MR8 for Windows (via Acrobat Distiller 7.0.5 (Windows))
MD5: 35a60e2492fcfc72646d2487b9e8cce3 SHA-1: 59a720c254d81cee215701c0a4eff4714976491b SHA-256: 6aff0c1ce6100f83ca9f91f68a41c7bea30782141458f4d0e128a90bb5f16e7f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/arctic-wild.pdf
    • http://www.gorillawalker.com/advances-in-imaging-and-electron-physics-volume-140-advances-in.pdf
    • http://www.gorillawalker.com/principles-of-abilities-and-human-learning-principles-of-psychology.pdf
    • http://www.gorillawalker.com/biophysics-demystified.pdf
    • http://www.gorillawalker.com/jesus-the-word.pdf
    • http://www.gorillawalker.com/artisan-cheese-making-at-home-techniques-recipes-for-mastering-world.pdf
    • http://www.gorillawalker.com/british-built-aircraft-volume-3-south-east-england.pdf
    • http://www.gorillawalker.com/the-observer-s-guide-to-planetary-motion-explaining-the-cycles.pdf
    • http://www.gorillawalker.com/cut-and-fold-techniques-for-promotional-materials-kindle-edition.pdf
    • http://www.gorillawalker.com/the-moonlight-mistress-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/david-liebman-transcriptions-a-collection-of-solos-on-jazz-standards.pdf
    • http://www.gorillawalker.com/aren-t-we-sioux-enough-the-truth-behind-the-attack.pdf
    • http://www.gorillawalker.com/biofluid-mechanics-the-human-circulation-second-edition.pdf
    • http://www.gorillawalker.com/cooking-with-colorado-s-greatest-chefs.pdf
    • http://www.gorillawalker.com/armorel-of-lyonesse-a-romance-of-to-day.pdf
    • http://www.gorillawalker.com/the-royal-easter-tea-party.pdf
    • http://www.gorillawalker.com/theory-and-practice-of-robots-and-manipulators-proceedings-of-romansy.pdf
    • http://www.gorillawalker.com/breast-cancer-new-horizons-in-research-and-treatment.pdf
    • http://www.gorillawalker.com/he-comes-at-night-taboo-forbidden-erotica.pdf
    • http://www.gorillawalker.com/too-close-to-home.pdf
    • http://www.gorillawalker.com/the-weekly-law-reports-2004-v-3.pdf
    • http://www.gorillawalker.com/young-sexy-babe-book-66-glamour-girls-hot-photos.pdf
    • http://www.gorillawalker.com/my-first-passover-board-book-my-1st-board-books.pdf
    • http://www.gorillawalker.com/saudi-babylon-torture-corruption-and-cover-up-inside-the-house.pdf
    • http://www.gorillawalker.com/nursing-anesthesia-secrets.pdf
    • http://www.gorillawalker.com/unmentionable-cuisine.pdf
    • http://www.gorillawalker.com/gordon-s-sucky-summer.pdf
    • http://www.gorillawalker.com/mom-s-best-friend-taboo-first-time-younger-man-older.pdf
    • http://www.gorillawalker.com/prayer-and-action-or-the-three-notable-duties-classic-reprint.pdf
    • http://www.gorillawalker.com/sleep-deprivation-its-consequences-young-adult-s-guide-to-the.pdf
    • http://www.gorillawalker.com/children-s-classics-in-spanish-blancanieves-spanish-edition.pdf
    • http://www.gorillawalker.com/disillusioned-victorian-photography-and-the-discerning-subject.pdf
    • http://www.gorillawalker.com/journey-of-faith-catholic-marriage-preparation.pdf
    • http://www.gorillawalker.com/carmen-lomas-garza-a-ver.pdf
    • http://www.gorillawalker.com/children-s-books-on-ancient-greek-and-roman-mythology-an.pdf
    • http://www.gorillawalker.com/taste-true-books-health.pdf
    • http://www.gorillawalker.com/in-mijn-koffer-op-zolder-levensverhalen-van-ouderen-voor-ouderen.pdf
    • http://www.gorillawalker.com/change-me-stories-of-sexual-transformation-from-ovid.pdf
    • http://www.gorillawalker.com/geometric-wave-equations-courant-lecture-notes.pdf
    • http://www.gorillawalker.com/oliver-twist-penguin-readers-level-4.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.