Malicious PDF — malware analysis report

Static analysis result for SHA-256 705a9480276f6f51…

MALICIOUS

PDF

45.7 KB Created: 2019-03-19 10:53:15 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: c786ce411063c3b14fe8715ade93f0d8 SHA-1: 5d39bedd5881a8aab3f9cfef6fdfdcd102354c29 SHA-256: 705a9480276f6f5197edba5fec9659798cd02522f7c820654eac3769e68905b8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine rankings or redirect users to potentially malicious content hosted on the `gorillawalker.com` domain. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/groups-that-work-and-those-that-don-t-creating-conditions.pdf
    • http://www.gorillawalker.com/medicines-out-of-control-antidepressants-and-the-conspiracy-of-goodwill.pdf
    • http://www.gorillawalker.com/magia-de-las-hadas-coleccion-magia-y-ocultismo-spanish-edition.pdf
    • http://www.gorillawalker.com/the-shape-of-the-new-four-big-ideas-and-how.pdf
    • http://www.gorillawalker.com/immunoassay-a-practical-guide-ellis-horwood-series-in-pharmaceutical-technology.pdf
    • http://www.gorillawalker.com/regulating-credit-rating-agencies-elgar-financial-law-series.pdf
    • http://www.gorillawalker.com/wildfowl-calendar.pdf
    • http://www.gorillawalker.com/california-ghosting.pdf
    • http://www.gorillawalker.com/fertilized-in-space-implantation-bondage-pregnancy-erotica-pregnancy-in-space.pdf
    • http://www.gorillawalker.com/iso-723-1991-rock-drilling-equipment-forged-collared-shanks-and.pdf
    • http://www.gorillawalker.com/taste-of-home-cookbook-3rd-edition-best-loved-classics-and.pdf
    • http://www.gorillawalker.com/world-travel-giclee-art-print-delta-air-lines-jamaica-16.pdf
    • http://www.gorillawalker.com/the-entrepreneurial-venture-practice-of-management-series.pdf
    • http://www.gorillawalker.com/star-wars-quiz-quest-return-of-the-jedi-funfax.pdf
    • http://www.gorillawalker.com/7-steps-out-of-wage-slavery.pdf
    • http://www.gorillawalker.com/messenger-of-beauty-the-life-and-visionary-art-of-nicholas.pdf
    • http://www.gorillawalker.com/david-90-days-with-a-heart-like-his-personal-reflections.pdf
    • http://www.gorillawalker.com/all-around-men-heroes-of-a-forgotten-sport.pdf
    • http://www.gorillawalker.com/manual-razonado-de-pr-ctica-civil-forense-mexicana-obra-escrita.pdf
    • http://www.gorillawalker.com/the-lexicon-an-unauthorized-guide-to-harry-potter-fiction-and.pdf
    • http://www.gorillawalker.com/my-first-futa-massage-futanari-massage-1-futa-on-female.pdf
    • http://www.gorillawalker.com/curious-george-takes-a-job-book-cd-read-along-book.pdf
    • http://www.gorillawalker.com/english-speaking-caribbean-immigrants-transnational-identities.pdf
    • http://www.gorillawalker.com/conference-on-lasers-and-electro-optics-1991-summaries-of-papers.pdf
    • http://www.gorillawalker.com/building-blocks-for-tobacco-control-a-handbook-tools-for-advancing.pdf
    • http://www.gorillawalker.com/how-to-be-an-international-tour-director-and-travel-the.pdf
    • http://www.gorillawalker.com/addy-s-paper-dolls-american-girls-pastimes.pdf
    • http://www.gorillawalker.com/nick-s-mission-lerner-mysteries.pdf
    • http://www.gorillawalker.com/advanced-signal-processing-theory-and-implementation-for-sonar-radar-and.pdf
    • http://www.gorillawalker.com/haunted-ontario-ghostly-inns-hotels-and-other-eerie-places.pdf
    • http://www.gorillawalker.com/willie-mays-a-biography-baseball-s-all-time-greatest-hitters.pdf
    • http://www.gorillawalker.com/older-workers-in-an-ageing-society-critical-topics-in-research.pdf
    • http://www.gorillawalker.com/strange-maps-an-atlas-of-cartographic-curiosities.pdf
    • http://www.gorillawalker.com/take-this-cup-the-jerusalem-chronicles.pdf
    • http://www.gorillawalker.com/iso-21848-2005-road-vehicles-electrical-and-electronic-equipment-for.pdf
    • http://www.gorillawalker.com/competencias-y-matem-tica-spanish-edition.pdf
    • http://www.gorillawalker.com/asthmas-breathtaking-punch-african-american-children-are-being-affected-in.pdf
    • http://www.gorillawalker.com/the-monkey-king-karadi-tales.pdf
    • http://www.gorillawalker.com/vices-of-my-blood-murdoch-mysteries.pdf
    • http://www.gorillawalker.com/golden-booklet-of-the-true-christian-life.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.