Malicious PDF — malware analysis report

Static analysis result for SHA-256 860c874a44f1a7a5…

MALICIOUS

PDF

44.6 KB Created: 2019-03-17 01:39:20 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: 218967d93ed4c2c600f1065543d8a4ab SHA-1: b494137745e6ae4d8020c7fe19bd27269095df18 SHA-256: 860c874a44f1a7a53bec77c26cb28fa5e127081d9f6ca863a605d21b9cbcd4c2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by an ML classifier as malicious. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, predominantly hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of embedded links suggests a campaign to distribute further malicious content or manipulate search engine results. The document body contained obfuscated text and embedded URLs, reinforcing the malicious nature.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sexy-samantha-book-2-blond-hair-blue-eyes-the-adventures.pdf
    • http://www.gorillawalker.com/the-expositor-s-bible-commentary-volume-4-1-2-kings.pdf
    • http://www.gorillawalker.com/hansel-y-gretel-fairy-tale-favourites-pop-ups-hansel-and.pdf
    • http://www.gorillawalker.com/the-p-c-industry-and-the-l-a-riots-the.pdf
    • http://www.gorillawalker.com/driving-the-great-western-trail-in-arizona-an-off-road.pdf
    • http://www.gorillawalker.com/broadcast-century-and-beyond-a-biography-of-american-broadcasting-4th.pdf
    • http://www.gorillawalker.com/the-poetry-gymnasium-94-proven-exercises-to-shape-your-best.pdf
    • http://www.gorillawalker.com/magic-for-you.pdf
    • http://www.gorillawalker.com/real-world-ocaml-functional-programming-for-the-masses.pdf
    • http://www.gorillawalker.com/string-quartet-3-op-44-1-d-major-study-score.pdf
    • http://www.gorillawalker.com/hong-kong-the-best-of-everything-search-word-pro-search.pdf
    • http://www.gorillawalker.com/stoney-point-guide-climbing-in-los-angeles.pdf
    • http://www.gorillawalker.com/peanut-butter-greats-delicious-peanut-butter-recipes-the-top-85.pdf
    • http://www.gorillawalker.com/absolute-instinct-jessica-coran-novels.pdf
    • http://www.gorillawalker.com/juicing-smoothies-low-carb-recipes.pdf
    • http://www.gorillawalker.com/gis-and-cartographic-modeling.pdf
    • http://www.gorillawalker.com/at-the-drop-of-a-veil.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-fedora-and-red-hat-enterprise-linux.pdf
    • http://www.gorillawalker.com/the-principles-of-inductive-logic-ams-chelsea-publishing.pdf
    • http://www.gorillawalker.com/venice-city-break-short-guides.pdf
    • http://www.gorillawalker.com/ncaa-men-s-final-four-records-book-official-ncaa-final.pdf
    • http://www.gorillawalker.com/esthetic-rehabilitation-in-fixed-prosthodontics-esthetic-analysis-a-systematic-approach.pdf
    • http://www.gorillawalker.com/the-modern-witchcraft-spell-book-your-complete-guide-to-crafting.pdf
    • http://www.gorillawalker.com/mann-s-bluegrass-an-entry-from-gale-s-beacham-s.pdf
    • http://www.gorillawalker.com/duns-scotus-on-god-ashgate-studies-in-the-history-of.pdf
    • http://www.gorillawalker.com/foundations-of-health-healing-with-herbs-foods-herbs-and-health.pdf
    • http://www.gorillawalker.com/trees-and-shrubs-a-gardener-s-encyclopedia.pdf
    • http://www.gorillawalker.com/michelin-road-map-no-753-sweden.pdf
    • http://www.gorillawalker.com/rising-darkness-chronicles-of-the-host-3.pdf
    • http://www.gorillawalker.com/the-salts-of-the-earth-and-synthetic-insanity-the-bipolar.pdf
    • http://www.gorillawalker.com/think-big-and-kick-ass-in-business-and-life.pdf
    • http://www.gorillawalker.com/what-re-you-lookin-at-collected-angry-youth-comix-vol.pdf
    • http://www.gorillawalker.com/alfred-s-teach-yourself-to-play-banjo-complete-starter-pack.pdf
    • http://www.gorillawalker.com/essays-in-librarianship-and-bibliography.pdf
    • http://www.gorillawalker.com/fodor-s-costa-rica-2015-full-color-travel-guide-kindle.pdf
    • http://www.gorillawalker.com/take-me-to-the-river-fishing-swimming-and-dreaming-on.pdf
    • http://www.gorillawalker.com/ngugi-wa-thiong-o-an-exploration-of-his-writings-studies.pdf
    • http://www.gorillawalker.com/2000-census-of-population-and-housing-new-mexico.pdf
    • http://www.gorillawalker.com/christmas-in-summer.pdf
    • http://www.gorillawalker.com/evaluation-a-special-issue-of-the-energy-services-journal.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.