Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a4a565ceccc2840…

MALICIOUS

PDF

40.7 KB Created: 2019-02-13 19:32:43 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 0e299fc189ba1ddfb3cbe71bac8ecc80 SHA-1: 5d6626607a71dd6d5c482eef966531176845ef33 SHA-256: 7a4a565ceccc2840a845c8516865f4719e9c0938ffeeba5f2c0035f402f2143e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links, indicating a potential SEO spam or content distribution attack. The primary heuristic identified a link farm of 32 external PDF URLs, with the first being http://www.gorillawalker.com/sports-laughs.pdf. While no scripts were extracted, the sheer volume of links suggests a malicious intent to direct users to potentially harmful content or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sports-laughs.pdf
    • http://www.gorillawalker.com/joyful-path-of-good-fortune-the-complete-buddhist-path-to.pdf
    • http://www.gorillawalker.com/winnie-the-pooh-s-1-2-3.pdf
    • http://www.gorillawalker.com/lord-byron-s-last-journey-to-greece-new-ebook-edition.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-29-labor-parts-500-899.pdf
    • http://www.gorillawalker.com/las-llaves-del-reino-jes-s-y-la-c-bala.pdf
    • http://www.gorillawalker.com/aircraft-modelling-a-detailed-guide-to-building-finishing-1-72.pdf
    • http://www.gorillawalker.com/movie-monsters-monsters-myths.pdf
    • http://www.gorillawalker.com/book-of-mysterious-events.pdf
    • http://www.gorillawalker.com/substance-and-predication-in-aristotle.pdf
    • http://www.gorillawalker.com/the-basics-of-paralegal-studies-4th-edition.pdf
    • http://www.gorillawalker.com/language-development-an-introduction-8th-edition-allyn-bacon-communication-sciences.pdf
    • http://www.gorillawalker.com/the-going-rate-what-it-really-costs-to-drive-world.pdf
    • http://www.gorillawalker.com/ancient-rome-from-romulus-to-justinian.pdf
    • http://www.gorillawalker.com/minecraft-minecraft-stories-the-final-battle-connor-kills-ender-dragon.pdf
    • http://www.gorillawalker.com/stepbrother-s-rules-forbidden-firsts-book-3.pdf
    • http://www.gorillawalker.com/theoretical-foundations-of-nonlinear-acoustics-studies-in-soviet-science.pdf
    • http://www.gorillawalker.com/technology-in-action-introductory-9th-edition.pdf
    • http://www.gorillawalker.com/market-power-in-eu-antitrust-law.pdf
    • http://www.gorillawalker.com/miss-michaela.pdf
    • http://www.gorillawalker.com/legacy-vampire-beach.pdf
    • http://www.gorillawalker.com/erotica-my-bestie-s-dad-box-set-23-taboo-romance.pdf
    • http://www.gorillawalker.com/beyond-belief-modern-art-and-the-religious-imagination.pdf
    • http://www.gorillawalker.com/sankarea-10.pdf
    • http://www.gorillawalker.com/the-rain-forest-what-lives-there.pdf
    • http://www.gorillawalker.com/economics-of-federalism-economic-approaches-to-law-series.pdf
    • http://www.gorillawalker.com/twilight-of-the-celtic-gods-an-exploration-of-britain-s.pdf
    • http://www.gorillawalker.com/thrill-seeker.pdf
    • http://www.gorillawalker.com/the-evolution-of-the-massachusetts-public-school-system-a-historical.pdf
    • http://www.gorillawalker.com/the-bear-history-of-a-fallen-king.pdf
    • http://www.gorillawalker.com/icb-holy-bible-gilded-holographic-foil-softcover-edition.pdf
    • http://www.gorillawalker.com/doctor-who-the-legend-doctor-who-bbc-hardcover.pdf
    • http://www.gorillawalker.com/the-dragon-who-dared-henry-the-brave-hubert-the-happy.pdf
    • http://www.gorillawalker.com/manufacturing-strategy-how-to-formulate-and-implement-a-winning-plan.pdf
    • http://www.gorillawalker.com/trained-by-three-panthers-caves-of-correction-3-siren-publishing.pdf
    • http://www.gorillawalker.com/by-sidney-m-de-angelis-you-re-entitled-a-divorce.pdf
    • http://www.gorillawalker.com/the-deep-end-volume-8-giving-all-to-you.pdf
    • http://www.gorillawalker.com/drawing-on-the-right-side-of-the-brain-workbook-the.pdf
    • http://www.gorillawalker.com/reflections-of-change-children-s-literature-since-1945-contributions-to.pdf
    • http://www.gorillawalker.com/tuscany-artists-at-home.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.