Malicious PDF — malware analysis report

Static analysis result for SHA-256 7361eb30950ccee3…

MALICIOUS

PDF

34.6 KB Created: 2020-02-20 06:01:13 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: 676120d97ce31094737dc010c828f383 SHA-1: 01fde24381fb65991b85d23af87f6140cc010baa SHA-256: 7361eb30950ccee3c811e8ca6ec91aa9d5f1727d7a9c804164805ff930450fd5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by an ML classifier and contains a large number of embedded external links, identified as a 'PDF_SEO_LINK_FARM'. The document body is heavily obfuscated and unreadable, but the presence of numerous links to other PDFs hosted on 'gorillawalker.com' suggests a coordinated effort to manipulate search engine results or distribute content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/individuality-in-pain-and-suffering-a-phoenix-book-p739.pdf
    • http://www.gorillawalker.com/aromaterapia-esencial-spanish-edition.pdf
    • http://www.gorillawalker.com/the-men-from-poudre-canyon-the-poudre-canyon-saga-book.pdf
    • http://www.gorillawalker.com/halloween-holidays-and-celebrations.pdf
    • http://www.gorillawalker.com/a-velencei-to-hungarian-edition.pdf
    • http://www.gorillawalker.com/choosing-the-right-learning-management-system.pdf
    • http://www.gorillawalker.com/bitter-ashes-fallen-timbers-at-shiloh.pdf
    • http://www.gorillawalker.com/veiatlas-norge-veikart-road-maps-strassenkarten-1-300-000-bykart.pdf
    • http://www.gorillawalker.com/the-ultimate-girls-guide-journal-to-feel-confident-pretty-and.pdf
    • http://www.gorillawalker.com/types-of-preachers-in-the-new-testament-kindle-edition.pdf
    • http://www.gorillawalker.com/pharmacology-for-dental-hygiene-practice-dental-assisting-procedures-1st-edition.pdf
    • http://www.gorillawalker.com/english-greek-dictionary.pdf
    • http://www.gorillawalker.com/a-king-in-hiding-how-a-child-refugee-became-a.pdf
    • http://www.gorillawalker.com/theory-of-elastic-waves-and-waveguides-north-holland-series-in.pdf
    • http://www.gorillawalker.com/white-coat-hypertension-an-unresolved-diagnostic-and-therapeutic-problem.pdf
    • http://www.gorillawalker.com/sacred-sanskrit-words-for-yoga-chant-and-meditation.pdf
    • http://www.gorillawalker.com/nihilism-and-metaphysics-the-third-voyage-suny-series-in-contemporary.pdf
    • http://www.gorillawalker.com/the-church-on-the-rock-or-the-claims-and-some.pdf
    • http://www.gorillawalker.com/evaluation-of-the-medicare-dod-subvention-demonstration-final-report.pdf
    • http://www.gorillawalker.com/indochine-the-collection.pdf
    • http://www.gorillawalker.com/wind-turbine-operations-maintenance-diagnosis-and-repair-art-and-science.pdf
    • http://www.gorillawalker.com/creative-room-styles-room-by-room-guide-to-interior-decorating.pdf
    • http://www.gorillawalker.com/bright-arrows-grace-livingston-hill.pdf
    • http://www.gorillawalker.com/classical-cats-the-rise-and-fall-of-the-sacred-cat.pdf
    • http://www.gorillawalker.com/a-dazzling-darkness-the-darren-barker-story.pdf
    • http://www.gorillawalker.com/my-first-devotional-my-first-study-bible.pdf
    • http://www.gorillawalker.com/keep-it-simple-batting-instruction-kindle-edition.pdf
    • http://www.gorillawalker.com/fifty-shades-of-chicken-a-parody-in-a-cookbook-fifty.pdf
    • http://www.gorillawalker.com/the-anxious-brain-the-neurobiological-basis-of-anxiety-disorders-and.pdf
    • http://www.gorillawalker.com/atlas-of-robotic-prostatectomy.pdf
    • http://www.gorillawalker.com/set-theory-a-volume-in-studies-in-logic-and-the.pdf
    • http://www.gorillawalker.com/the-subterraneans.pdf
    • http://www.gorillawalker.com/struggle-over-lebanon.pdf
    • http://www.gorillawalker.com/bound-to-respect-antebellum-narratives-of-black-imprisonment-servitude-and.pdf
    • http://www.gorillawalker.com/journey-to-freedom-bible-study-on-identity-especially-for-young.pdf
    • http://www.gorillawalker.com/scratch-built-a-celebration-of-the-static-scale-airplane-modellers.pdf
    • http://www.gorillawalker.com/introducing-comparative-literature-new-trends-and-applications.pdf
    • http://www.gorillawalker.com/painting-with-pure-pigments-an-artist-s-guide-a-resource.pdf
    • http://www.gorillawalker.com/stile-understanding-shape-and-measuring-book-1.pdf
    • http://www.gorillawalker.com/tastes-like-murder-cookies-chance-mysteries-book-1.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.