Malicious PDF — malware analysis report

Static analysis result for SHA-256 6dafc1ab4a03f732…

MALICIOUS

PDF

36.4 KB Created: 2020-02-19 11:24:05 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: 7f70566a893b2d635d2ae007aa8d081f SHA-1: eb06aa4f8440abf6325812fae021b841122e4f6a SHA-256: 6dafc1ab4a03f732b012a3bf639712761812b0a2d0799415018c48cd0d1bb30f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to various documents on the 'gorillawalker.com' domain, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/piano-concerto-no-2-op-16-kalmus-edition.pdf
    • http://www.gorillawalker.com/how-to-write-a-thesis-4e-how-to-write-a.pdf
    • http://www.gorillawalker.com/size-doesn-t-matter-why-small-business-is-big-business.pdf
    • http://www.gorillawalker.com/italy-in-the-nineteenth-century-1796-1900-short-oxford-history.pdf
    • http://www.gorillawalker.com/beyond-violence-a-prevention-program-for-criminal-justice-involved-women.pdf
    • http://www.gorillawalker.com/new-history-of-korea.pdf
    • http://www.gorillawalker.com/the-bucolic-plague-1st-first-edition-text-only.pdf
    • http://www.gorillawalker.com/two-book-bundle-seeking-paradise-and-swinging-in-paradise.pdf
    • http://www.gorillawalker.com/making-aston-martin-english-and-german-edition.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-state.pdf
    • http://www.gorillawalker.com/the-minto-pyramid-principle-logic-in-writing-thinking-problem-solving.pdf
    • http://www.gorillawalker.com/allgemeine-kartensammlung-des-staatsarchivs-konigsberg-spezialinventar-veroffentlichungen-aus-den-archiven.pdf
    • http://www.gorillawalker.com/derrotero-de-la-costa-del-peru-spanish-edition.pdf
    • http://www.gorillawalker.com/psychotherapy-of-schizophrenia-the-treatment-of-choice-unknown-edition-by.pdf
    • http://www.gorillawalker.com/music-minus-one-bb-trumpet-eb-trumpet-or-d-trumpet.pdf
    • http://www.gorillawalker.com/tadelakt.pdf
    • http://www.gorillawalker.com/engelsauge-nacht-des-todes-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/secrets-of-successful-speculation.pdf
    • http://www.gorillawalker.com/a-visit-to-tomb-of-khai-dinh-photo-gallery-kindle.pdf
    • http://www.gorillawalker.com/yayoi-kusama-inventing-the-singular.pdf
    • http://www.gorillawalker.com/koasati-traditional-narratives-studies-in-the-anthropology-of-north-ame.pdf
    • http://www.gorillawalker.com/az-ezeregyejszaka-folytatasa-irak-visszaemlekezesek-hungarian-edition.pdf
    • http://www.gorillawalker.com/conquering-math-phobia-a-painless-primer.pdf
    • http://www.gorillawalker.com/ghost-hunter-s-guide-to-sheffield.pdf
    • http://www.gorillawalker.com/mapping-from-aerial-photographs-aspects-of-modern-land-surveying.pdf
    • http://www.gorillawalker.com/kingston-upon-hull-trolleybuses.pdf
    • http://www.gorillawalker.com/nobody-s-hero-rescue-me-saga-volume-2.pdf
    • http://www.gorillawalker.com/the-badminton-magazine-of-sports-and-pastimes-september-1907-containing.pdf
    • http://www.gorillawalker.com/energy-psychology-innovations-in-psychology.pdf
    • http://www.gorillawalker.com/canada-1911-the-decisive-election-that-shaped-the-country.pdf
    • http://www.gorillawalker.com/great-wolves-of-passion-alaska-volume-2-convincing-ethan-shane.pdf
    • http://www.gorillawalker.com/wisden-india-almanack-2015.pdf
    • http://www.gorillawalker.com/my-doodle-diary-art-journal-doodle-books-volume-3.pdf
    • http://www.gorillawalker.com/ford-sherman-54e100-backhoe-attachment-fordson-major-tractors-opt-pts.pdf
    • http://www.gorillawalker.com/the-hunter-s-trail-forever-a-pirate-book-13-kindle.pdf
    • http://www.gorillawalker.com/research-and-exploration-where-do-they-meet-4th-biennial-sga.pdf
    • http://www.gorillawalker.com/the-hindu-yogi-science-of-breath-a-complete-manual-of.pdf
    • http://www.gorillawalker.com/edelgase-eine-reise-durch-das-periodensystem-essentials-german-edition.pdf
    • http://www.gorillawalker.com/organ-transplant-study-paperback.pdf
    • http://www.gorillawalker.com/every-young-man-god-s-man-workbook-pursuing-confidence-courage.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.