Malicious PDF — malware analysis report

Static analysis result for SHA-256 71ac7721e10eceec…

MALICIOUS

PDF

28.2 KB Created: 2019-12-14 01:00:49 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.3.2 (Windows))
MD5: 00706d5d4cbceaf4db0fab30b4a3ac33 SHA-1: e7b05f3e5dae634631b33107394e1df5a7b9a905 SHA-256: 71ac7721e10eceec8cdb642ef8576330e6b57bebf87a92b2bdc00969d6d5b081
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm or a distribution mechanism for further malicious content. While no scripts were explicitly extracted, the PDF structure and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest an attempt to manipulate search engine results or to serve malicious documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8407

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dante-his-life-and-writings.pdf
    • http://www.gorillawalker.com/the-denny-s-story-how-a-company-in-crisis-resurrected.pdf
    • http://www.gorillawalker.com/the-art-of-seeing-the-collected-works-of-aldous-huxley.pdf
    • http://www.gorillawalker.com/the-poet-s-africa-africanness-in-the-poetry-of-nicolas.pdf
    • http://www.gorillawalker.com/fundamentals-of-aviation-law-kindle-edition.pdf
    • http://www.gorillawalker.com/anti-aging-cures-life-changing-secrets-to-reverse-the-effects.pdf
    • http://www.gorillawalker.com/fortran-77-programming-with-an-introduction-to-the-fortran-90.pdf
    • http://www.gorillawalker.com/work-me-out.pdf
    • http://www.gorillawalker.com/the-graves-srebrenica-and-vukovar.pdf
    • http://www.gorillawalker.com/the-second-horror-99-fear-street-book-2.pdf
    • http://www.gorillawalker.com/rsmeans-residential-cost-data-2009.pdf
    • http://www.gorillawalker.com/a-brief-compend-of-bible-truth.pdf
    • http://www.gorillawalker.com/the-epiplectic-bicycle-stated-first-editon.pdf
    • http://www.gorillawalker.com/langenscheidt-picture-dictionary-japanese.pdf
    • http://www.gorillawalker.com/the-war-has-brought-peace-to-mexico-world-war-ii.pdf
    • http://www.gorillawalker.com/descant-recorder-lessons-recorder-part.pdf
    • http://www.gorillawalker.com/veterinary-hematology-and-clinical-chemistry-text-and-clinical-case-presentations.pdf
    • http://www.gorillawalker.com/how-to-write-an-opinion-piece-core-writing-skills.pdf
    • http://www.gorillawalker.com/das-ich-und-das-es-metapsychologische-schriften-psychologie.pdf
    • http://www.gorillawalker.com/temptatiion.pdf
    • http://www.gorillawalker.com/language-communication-and-the-brain-association-for-research-in-nervous.pdf
    • http://www.gorillawalker.com/beef-practice-cow-calf-production-medicine.pdf
    • http://www.gorillawalker.com/dynamic-documents-with-r-and-knitr-second-edition-chapman-hall.pdf
    • http://www.gorillawalker.com/surprise-motherhood-a-guide-to-unexpected-adult-pregnancy.pdf
    • http://www.gorillawalker.com/comparative-politics-domestic-responses-to-global-challenges.pdf
    • http://www.gorillawalker.com/marketing-of-engineering-services-engineering-management.pdf
    • http://www.gorillawalker.com/getting-it-wrong-from-the-beginning-our-progressivist-inheritance-from.pdf
    • http://www.gorillawalker.com/tokugawa-japan.pdf
    • http://www.gorillawalker.com/clans-and-tartans-map-of-scotland-pictorial-map-pictorial-maps.pdf
    • http://www.gorillawalker.com/retreat-and-adapt-a-galaxy-unknown-book-9-kindle-edition.pdf
    • http://www.gorillawalker.com/letters-from-harrisburg.pdf
    • http://www.gorillawalker.com/manufacturing-technology-foundry-forming-and-welding-paperback.pdf
    • http://www.gorillawalker.com/swinging-the-maelstrom-a-critical-edition-canadian-literature-collection.pdf
    • http://www.gorillawalker.com/building-blocks-of-the-universe-hardcover.pdf
    • http://www.gorillawalker.com/my-muse-florence-an-italian-travel-journalism-single.pdf
    • http://www.gorillawalker.com/southern-living-casseroles-cookbook.pdf
    • http://www.gorillawalker.com/a-journey-through-the-landscape-of-philosophy.pdf
    • http://www.gorillawalker.com/computational-neuroanatomy-principles-and-methods.pdf
    • http://www.gorillawalker.com/georgia-high-school-football-peach-state-pigskin-history.pdf
    • http://www.gorillawalker.com/the-foremost-good-fortune-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.