Malicious PDF — malware analysis report

Static analysis result for SHA-256 863f73b33c3c71e0…

MALICIOUS

PDF

33.6 KB Created: 2019-12-14 07:14:55 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: 4dce65de8812510742264fb8ecd60b25 SHA-1: e2ffa12ddcddf376bf37cf5bf61460f72a15b5bc SHA-256: 863f73b33c3c71e025886aa3fef6d8c7d025912588a3e591db71fd23e04e303f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to numerous resources. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/special-effects-a-guide-to-professional-lighting-techniques-pro-lighting.pdf
    • http://www.gorillawalker.com/the-incarnations.pdf
    • http://www.gorillawalker.com/tastes-of-wales.pdf
    • http://www.gorillawalker.com/inmate-shopper-spring-summer-issue-2015-censored.pdf
    • http://www.gorillawalker.com/jack-welch-the-g-e-way-management-insights-and-leadership.pdf
    • http://www.gorillawalker.com/the-essential-drucker-the-best-of-sixty-years-of-peter.pdf
    • http://www.gorillawalker.com/rats-incredible-an-illustrated-dictionary-of-rats.pdf
    • http://www.gorillawalker.com/mr-jack-hamlin-s-mediation.pdf
    • http://www.gorillawalker.com/how-to-adapt-anything-into-a-screenplay.pdf
    • http://www.gorillawalker.com/unique-healing.pdf
    • http://www.gorillawalker.com/australia-and-papua-new-guinea-daily-telegraph-map.pdf
    • http://www.gorillawalker.com/the-wisdom-commentary-volume-1-kindle-edition.pdf
    • http://www.gorillawalker.com/international-behavioural-and-social-sciences-library-communications-in-the-building.pdf
    • http://www.gorillawalker.com/ambiguous-relationship-yaoi-manga-kindle-edition.pdf
    • http://www.gorillawalker.com/mexican-cooking-dude-cookbook-authentic-mexican-recipes-from-mexico-and.pdf
    • http://www.gorillawalker.com/history-romance-of-the-horse.pdf
    • http://www.gorillawalker.com/within-four-walls-a-classic-of-escape.pdf
    • http://www.gorillawalker.com/blueprints-pediatrics-blueprints-series.pdf
    • http://www.gorillawalker.com/the-breakdown-of-the-state-in-lebanon-1967-1976.pdf
    • http://www.gorillawalker.com/the-year-of-the-intern-signet.pdf
    • http://www.gorillawalker.com/how-slow-the-wind-study-score-orchestra.pdf
    • http://www.gorillawalker.com/the-ultimate-your-self-revealed.pdf
    • http://www.gorillawalker.com/the-ultimate-pok-mon-x-and-y-strategy-guide.pdf
    • http://www.gorillawalker.com/stone-house-construction.pdf
    • http://www.gorillawalker.com/her-darkest-secret-wild-darkness-calls.pdf
    • http://www.gorillawalker.com/perverse-psychology-the-pathologization-of-sexual-violence-and-transgenderism-concepts.pdf
    • http://www.gorillawalker.com/the-legendary-series-flute.pdf
    • http://www.gorillawalker.com/high-blood-pressure-simple-steps-to-lower-your-blood-pressure.pdf
    • http://www.gorillawalker.com/jean-paul-gaultier-universe-of-fashion.pdf
    • http://www.gorillawalker.com/pastel-a-comprehensive-guide-to-pastel-painting.pdf
    • http://www.gorillawalker.com/journey-to-the-sun-junipero-serra-s-dream-and-the.pdf
    • http://www.gorillawalker.com/es-facil-dejar-de-fumar-si-sabes-como-spanish-edition.pdf
    • http://www.gorillawalker.com/deeds-of-my-fathers.pdf
    • http://www.gorillawalker.com/paper-blanks-old-leather-wraps-foiled-leather.pdf
    • http://www.gorillawalker.com/the-100-most-influential-world-leaders-of-all-time-the.pdf
    • http://www.gorillawalker.com/trolley-days-the-trolley-days-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/when-someone-dies-things-you-need-to-know-and-do.pdf
    • http://www.gorillawalker.com/reflexe-und-reflexionen-von-modernit-t-1933-1945-german-edition.pdf
    • http://www.gorillawalker.com/complementarity-in-the-line-of-fire-the-catalysing-effect-of.pdf
    • http://www.gorillawalker.com/news-to-me-remembrances-of-a-texas-newswoman.pdf
    • http://www.gorillawalker.com/ambiguous-relationship-yaoi-manga
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.