Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e51069eaa69a0d1…

MALICIOUS

PDF

33.9 KB Created: 2019-12-14 07:56:09 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: 45f54d8bac2ff01e5ca88707f12869c2 SHA-1: 4313e61e899d40e5440c4406bc55099c2ad47a1e SHA-256: 8e51069eaa69a0d10f8066bd5de05868ae7bed683217801abdd2241752ab73cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-eurasian.pdf
    • http://www.gorillawalker.com/cells-to-civilizations-the-principles-of-change-that-shape-life.pdf
    • http://www.gorillawalker.com/mine-tonight-the-blue-dynasty.pdf
    • http://www.gorillawalker.com/blake-et-mortimer-english-version-volume-19-the-time-trap.pdf
    • http://www.gorillawalker.com/love-after-innocence.pdf
    • http://www.gorillawalker.com/28-kinds-of-clever-use-of-salt-i-want-to.pdf
    • http://www.gorillawalker.com/graphic-design-process-from-problem-to-solution-20-case-studies.pdf
    • http://www.gorillawalker.com/prehistoric-worlds-an-interactive-book-with-tabs-folds-flaps-acetates.pdf
    • http://www.gorillawalker.com/physical-examination-for-the-spine-and-extremities.pdf
    • http://www.gorillawalker.com/the-psychopharmacology-primer-a-guide-to-understanding-the-use-of.pdf
    • http://www.gorillawalker.com/the-visual-effects-arsenal-vfx-solutions-for-the-independent-filmmaker.pdf
    • http://www.gorillawalker.com/economics-for-cambridge-igcse-first-edition.pdf
    • http://www.gorillawalker.com/holt-mcdougal-modern-chemistry-texas-student-edition-2015.pdf
    • http://www.gorillawalker.com/raindrops-a-shower-of-colors.pdf
    • http://www.gorillawalker.com/the-tiniest-mansion-how-to-live-in-luxury-on-the.pdf
    • http://www.gorillawalker.com/the-denial-of-death.pdf
    • http://www.gorillawalker.com/clear-and-present-danger-brilliance-audio-on-compact-disc.pdf
    • http://www.gorillawalker.com/hungary-people-to-people-guides-for-the-real-traveler.pdf
    • http://www.gorillawalker.com/the-heritage-of-italian-cooking.pdf
    • http://www.gorillawalker.com/the-music-of-fantasy-cinema-genre-music-and-sound.pdf
    • http://www.gorillawalker.com/hadji-murat-russian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/reforming-international-institutions-another-world-is-possible.pdf
    • http://www.gorillawalker.com/an-arctic-tundra-food-chain-odysseys-in-nature.pdf
    • http://www.gorillawalker.com/mel-bay-presents-tommy-emmanuel-the-mystery-transcriptions.pdf
    • http://www.gorillawalker.com/reckless-the-thoughtless-trilogy-book-3-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/parallel-lives-of-jesus-a-guide-to-the-four-gospels.pdf
    • http://www.gorillawalker.com/home-guide-to-plumbing-heating-air-conditioning.pdf
    • http://www.gorillawalker.com/engineering-and-construction-short-subcontract-nec.pdf
    • http://www.gorillawalker.com/cry-from-the-deep-the-sinking-of-the-kursk-the.pdf
    • http://www.gorillawalker.com/lo-strano-mistero-dell-orient-express-enewton-narrativa-italian-edition.pdf
    • http://www.gorillawalker.com/blade-fighting-back.pdf
    • http://www.gorillawalker.com/a-colony-of-girls.pdf
    • http://www.gorillawalker.com/my-math-grade-3.pdf
    • http://www.gorillawalker.com/atlas-of-primary-care-procedures.pdf
    • http://www.gorillawalker.com/evernote-evernote-cracked-the-beginners-guide-on-how-to-master.pdf
    • http://www.gorillawalker.com/one-day-crocheting-projects-part-ii-15-more-fun-quick.pdf
    • http://www.gorillawalker.com/last-stand-of-chinese-conservatism-the-t-ng-chih-restoration.pdf
    • http://www.gorillawalker.com/the-ancient-reality-teachings-perfect-knowledge-series.pdf
    • http://www.gorillawalker.com/criar-con-apego-spanish-edition.pdf
    • http://www.gorillawalker.com/revolution-history-news-gareth-stevens.pdf
    • http://www.gorillawalker.com/graphic-design-process-from-problem-to-solution-20-case-studies
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.