Malicious PDF — malware analysis report

Static analysis result for SHA-256 8ad49df98df02c6d…

MALICIOUS

PDF

44.8 KB Created: 2019-03-17 07:03:53 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 049643998ec1bf6f88da829c8c849546 SHA-1: b65256874bf2c5f13d634c4ef01579f1aded90a6 SHA-256: 8ad49df98df02c6ddedf29fd44a881e15936a3efc7d55ac33e4bb37e3091ca2e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This heuristic, combined with the ML classification, suggests a malicious intent, likely related to SEO manipulation or a link farm designed to direct users to potentially harmful content. No scripts were extracted, and the document body contained obfuscated text and URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fab-abs-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-book-of-herbs-a-practical-guide-to-growing.pdf
    • http://www.gorillawalker.com/the-lady-seal-seals-book-6-kindle-edition.pdf
    • http://www.gorillawalker.com/the-days-of-abandonment-10th-anniversary-edition.pdf
    • http://www.gorillawalker.com/wake-me-up-love-and-the-afterlife.pdf
    • http://www.gorillawalker.com/new-rules-regulation-markets-and-the-quality-of-american-health.pdf
    • http://www.gorillawalker.com/orthognathic-surgery-pageburst-e-book-on-kno-retail-access-card.pdf
    • http://www.gorillawalker.com/christie-sanders-and-cardi-s-cases-and-materials-on-the.pdf
    • http://www.gorillawalker.com/her-highland-fling-a-novella.pdf
    • http://www.gorillawalker.com/agricultural-trade-in-china-china-in-the-21st-century-agriculture.pdf
    • http://www.gorillawalker.com/anticancer-drugs-from-animals-plants-and-microorganisms.pdf
    • http://www.gorillawalker.com/the-vatican-murders-the-life-and-death-of-john-paul.pdf
    • http://www.gorillawalker.com/insects-abroad-being-a-popular-account-of-foreign-insects-their.pdf
    • http://www.gorillawalker.com/images-and-relics-theological-perceptions-and-visual-images-in-sixteenth.pdf
    • http://www.gorillawalker.com/case-studies-in-communications.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-newcomer-kit-level-ii.pdf
    • http://www.gorillawalker.com/journeys-texas-student-materials-package-level-1-2011.pdf
    • http://www.gorillawalker.com/wallpaper-city-guide-tokyo-2012-update-wallpaper-city-guides.pdf
    • http://www.gorillawalker.com/man-and-his-symbols-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/the-politically-incorrect-guide-to-the-founding-fathers-the-politically.pdf
    • http://www.gorillawalker.com/last-rally-the-german-defence-of-east-prussia-pomerania-and.pdf
    • http://www.gorillawalker.com/acting-without-agony-an-alternative-to-the-method-2nd-edition.pdf
    • http://www.gorillawalker.com/twentieth-century-american-poetry.pdf
    • http://www.gorillawalker.com/clymer-powersport-vehicle-blue-book-fall-winter-2006.pdf
    • http://www.gorillawalker.com/the-complete-color-directory.pdf
    • http://www.gorillawalker.com/traumatologia-scheletrica-imaging-integrato-clinico-radiologico-italian-edition.pdf
    • http://www.gorillawalker.com/learning-his-place-cuckold-hotwife-interracial-submission.pdf
    • http://www.gorillawalker.com/hide-and-seek-puzzles-cars-trucks-things-that-go.pdf
    • http://www.gorillawalker.com/high-performance-polymers-volume-2-publication-ifp.pdf
    • http://www.gorillawalker.com/el-origen-de-las-especies-tomo-2-volume-2-spanish.pdf
    • http://www.gorillawalker.com/metro-2033-in-russian.pdf
    • http://www.gorillawalker.com/exporting-entertainment-america-in-the-world-film-market-1907-1934.pdf
    • http://www.gorillawalker.com/innovation-strategy-for-enterprises-in-emerging-economies-case-studies-for.pdf
    • http://www.gorillawalker.com/picture-dictionary-grades-k-4-spanish-english.pdf
    • http://www.gorillawalker.com/sammy-keyes-and-the-killer-cruise.pdf
    • http://www.gorillawalker.com/the-boxcar-children.pdf
    • http://www.gorillawalker.com/czechs-and-germans-1848-2004-the-sudeten-question-and-the.pdf
    • http://www.gorillawalker.com/the-relation-of-metabolism-and-myoelectrical-activity-in-human-skeletal.pdf
    • http://www.gorillawalker.com/el-cocodrilo-caballo-alado-zoo-spanish-edition.pdf
    • http://www.gorillawalker.com/principles-of-the-theory-of-solids.pdf
    • http://www.gorillawalker.com/her-hi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.