Malicious PDF — malware analysis report

Static analysis result for SHA-256 830d697cdf35d85c…

MALICIOUS

PDF

31.2 KB Created: 2019-12-14 01:05:00 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 88fb82f246af469b2cfc26c3ed5e8b22 SHA-1: 57a6fb50bcf2fe3b98b2d77a7a7cc7f71bdc51a9 SHA-256: 830d697cdf35d85c7a662baf806749c95e28c85e7afb154c0d586a54175101a7
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1190 Exploit Public-Facing Application

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'www.gorillawalker.com'. This is indicative of a link farm or a method to distribute additional malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mathieu-lehanneur.pdf
    • http://www.gorillawalker.com/make-your-own-beautiful-gem-trees-a-visual-guidebook-kindle.pdf
    • http://www.gorillawalker.com/temperament-theory-and-practice-basic-principles-into-practice.pdf
    • http://www.gorillawalker.com/la-ley-50-alta-definici.pdf
    • http://www.gorillawalker.com/ocean-to-ocean-an-account-personal-and-historical-of-nicaragua.pdf
    • http://www.gorillawalker.com/on-my-face-please.pdf
    • http://www.gorillawalker.com/jesus-the-christ-a-study-of-the-messiah-and-his.pdf
    • http://www.gorillawalker.com/smiley-s-people-a-george-smiley-novel-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/dance-with-the-devil-soul-s-harbor-pride.pdf
    • http://www.gorillawalker.com/kimono-fashioning-culture.pdf
    • http://www.gorillawalker.com/magnetic-resonance-force-microscopy-and-a-single-spin-measurement.pdf
    • http://www.gorillawalker.com/contemporary-hispanic-cinema-monograf-as-a.pdf
    • http://www.gorillawalker.com/dear-diary-i-m-pregnant-ten-real-life-stories.pdf
    • http://www.gorillawalker.com/contagious-leadership.pdf
    • http://www.gorillawalker.com/alvaro-siza-spanish-edition.pdf
    • http://www.gorillawalker.com/2006-ieee-avionics-fiber-optics-and-photonics-technology-conference.pdf
    • http://www.gorillawalker.com/definitions-uprising.pdf
    • http://www.gorillawalker.com/brother-toad-and-the-giants.pdf
    • http://www.gorillawalker.com/decision-making-models-in-production-operations-management.pdf
    • http://www.gorillawalker.com/the-distiller.pdf
    • http://www.gorillawalker.com/vector-space-projections-a-numerical-approach-to-signal-and-image.pdf
    • http://www.gorillawalker.com/the-qm2-story-story-series.pdf
    • http://www.gorillawalker.com/power-marketing-for-luxury-real-estate.pdf
    • http://www.gorillawalker.com/wisdom-of-the-mystic-mountain-warrior-life-lessons-from-a.pdf
    • http://www.gorillawalker.com/ahab-jezebel.pdf
    • http://www.gorillawalker.com/pistolfist.pdf
    • http://www.gorillawalker.com/god-s-image-of-you.pdf
    • http://www.gorillawalker.com/advanced-control-design-of-mems-vibratory-gyroscopes-electrical-engineering-developments.pdf
    • http://www.gorillawalker.com/beast-boyfriend-03-german-edition.pdf
    • http://www.gorillawalker.com/global-financial-system-1750-2000-reaktion-books-globalities.pdf
    • http://www.gorillawalker.com/survey-responses-an-evaluation-of-their-validity.pdf
    • http://www.gorillawalker.com/himavat-diary-leaves.pdf
    • http://www.gorillawalker.com/pirate-boy.pdf
    • http://www.gorillawalker.com/transnational-litigation-in-a-nutshell.pdf
    • http://www.gorillawalker.com/rosary-bead-tattoo-designs-and-inspiration-tattoo-design-collection-book.pdf
    • http://www.gorillawalker.com/international-orders-in-the-early-modern-world-before-the-rise.pdf
    • http://www.gorillawalker.com/random-musings-reflections-of-a-black-intellectual.pdf
    • http://www.gorillawalker.com/double-indemnity-the-complete-screenplay.pdf
    • http://www.gorillawalker.com/manual-de-medicion-del-trabajo-voluntario-manual-measurement-of-volunteer.pdf
    • http://www.gorillawalker.com/savor-the-moment-bride-quartet.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.