Malicious PDF — malware analysis report

Static analysis result for SHA-256 77487e1c40b25263…

MALICIOUS

PDF

44.3 KB Created: 2018-11-26 08:33:33 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: f64bd25ea08893f7b064a29c0328d655 SHA-1: 0005e26db5ec4efe2f5f122f497d26211da727d9 SHA-256: 77487e1c40b25263ccf60aa24c9a056cc0e9960b55781e2adc69c097b5add2f9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This heuristic firing suggests a link farm or SEO manipulation tactic. While no scripts were explicitly extracted, the PDF structure and embedded URLs indicate a potential attempt to redirect users to malicious or misleading content, possibly as a form of phishing or to distribute further malware. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/9th-edition-examkrackers-mcat-biology-ii-systems.pdf
    • http://www.gorillawalker.com/walking-on-custard-the-meaning-of-life-a-guide-for.pdf
    • http://www.gorillawalker.com/social-gerontology-a-multidisciplinary-perspective-8th-edition.pdf
    • http://www.gorillawalker.com/convoy.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-suite-no-1-op-64-for-tuba.pdf
    • http://www.gorillawalker.com/the-compassionate-mind-approach-to-postnatal-depression.pdf
    • http://www.gorillawalker.com/don-t-say-a-word-puss-don-t-say-a.pdf
    • http://www.gorillawalker.com/violence-ritual-and-the-wari-empire-a-social-bioarchaeology-of.pdf
    • http://www.gorillawalker.com/la-palabra-el-nombre-la-sangre-spanish-edition.pdf
    • http://www.gorillawalker.com/sky-moon.pdf
    • http://www.gorillawalker.com/don-t-trust-don-t-fear-don-t-beg-the.pdf
    • http://www.gorillawalker.com/fifth-child-the-turbulent-path-that-led-to-parenting-our.pdf
    • http://www.gorillawalker.com/war-against-the-taliban-why-it-all-went-wrong-in.pdf
    • http://www.gorillawalker.com/pure-mathematics-2-and-3-international-cambridge-international-examinations.pdf
    • http://www.gorillawalker.com/kaplan-mat-kaplan-test-prep.pdf
    • http://www.gorillawalker.com/philosophy-of-punk.pdf
    • http://www.gorillawalker.com/arguing-about-gods.pdf
    • http://www.gorillawalker.com/infrastructure-provision-and-the-negotiating-process-urban-and-regional-planning.pdf
    • http://www.gorillawalker.com/nanoalloys-synthesis-structure-and-properties-engineering-materials.pdf
    • http://www.gorillawalker.com/christian-science-or-the-analogy-of-faith-a-discourse-delivered.pdf
    • http://www.gorillawalker.com/orientalism-a-reader.pdf
    • http://www.gorillawalker.com/breathtaking-respiratory-system-god-s-wondrous-machine.pdf
    • http://www.gorillawalker.com/in-the-park-first-sports-science.pdf
    • http://www.gorillawalker.com/kids-devotional-bible-journal.pdf
    • http://www.gorillawalker.com/the-best-chilli-jam-recipes-in-history-delicious-quick-and.pdf
    • http://www.gorillawalker.com/handbook-of-conducting-paperback.pdf
    • http://www.gorillawalker.com/gigs-a-beginner-s-guide-to-playing-music-jobs.pdf
    • http://www.gorillawalker.com/chinese-calligraphy-from-pictograph-to-ideogram-the-history-of-214.pdf
    • http://www.gorillawalker.com/airborne-early-warning.pdf
    • http://www.gorillawalker.com/alien-hunter-underworld-a-flynn-carroll-thriller-alien-hunter-series.pdf
    • http://www.gorillawalker.com/a-fine-and-private-place.pdf
    • http://www.gorillawalker.com/understanding-english-grammar-10th-edition.pdf
    • http://www.gorillawalker.com/ulcerative-colitis-relief-from-symptoms-freedom-from-pain-and-symptoms.pdf
    • http://www.gorillawalker.com/wilderness-and-the-common-good-a-new-ethic-of-citizenship.pdf
    • http://www.gorillawalker.com/fridge-over-troubled-water-a-collection-of-poems.pdf
    • http://www.gorillawalker.com/the-new-roget-s-thesaurus-in-dictionary-form-revised-edition.pdf
    • http://www.gorillawalker.com/totalitarianism-and-political-religion-an-intellectual-history.pdf
    • http://www.gorillawalker.com/moontellers-myths-of-the-moon-from-around-the-world.pdf
    • http://www.gorillawalker.com/bioinformatics-the-machine-learning-approach-second-edition-adaptive-computation-and.pdf
    • http://www.gorillawalker.com/jesus-morto-ou-vivo-portuguese-edition-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.