Malicious PDF — malware analysis report

Static analysis result for SHA-256 925d2c9b9038d4b4…

MALICIOUS

PDF

33.1 KB Created: 2020-01-17 19:18:53 +03:00 Authoring application: ScanSnap Manager (via Acrobat Distiller 10.1.7 (Windows))
MD5: 46aa42d887767a1548213141fe2fb3df SHA-1: 18a386794a8973645327c926c361c70773f4231c SHA-256: 925d2c9b9038d4b445d617fc42a9189df7fd7e8f8be4d09d0f4d0ff71a56faf0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links, primarily pointing to PDF files on www.gorillawalker.com, suggest an attempt to manipulate search engine results or to distribute a large volume of content, potentially malicious. The document body itself is heavily obfuscated and does not provide clear textual clues about its intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/humedales-h-bitats-h-medos-ciencia-asombrosa-ecosistemas-spanish-edition.pdf
    • http://www.gorillawalker.com/introduction-to-western-concert-music.pdf
    • http://www.gorillawalker.com/acura-dashboard-navigation-system-uses-satellite-link-instead-of-cellular.pdf
    • http://www.gorillawalker.com/george-canby-robinson-dean-of-the-vanderbilt-medical-school-from.pdf
    • http://www.gorillawalker.com/muhammad-at-mecca.pdf
    • http://www.gorillawalker.com/southern-african-development-coordination-conference-2nd-maputo-proceedings.pdf
    • http://www.gorillawalker.com/a-journey-from-aleppo-to-jerusalem-at-easter-a-d.pdf
    • http://www.gorillawalker.com/betty-crocker-s-guide-to-easy-entertaining.pdf
    • http://www.gorillawalker.com/1-2-samuel-a-commentary.pdf
    • http://www.gorillawalker.com/the-playful-prince-lords-of-the-var-book-two.pdf
    • http://www.gorillawalker.com/constructing-cultures-topics-in-translation.pdf
    • http://www.gorillawalker.com/the-birdwatcher-the-terrorists-the-bird-watcher-book-1-kindle.pdf
    • http://www.gorillawalker.com/plasma-formulary-for-physics-technology-and-astrophysics.pdf
    • http://www.gorillawalker.com/the-psychology-of-spine-surgery.pdf
    • http://www.gorillawalker.com/the-miller-method-developing-the-capacities-of-children-on-the.pdf
    • http://www.gorillawalker.com/keep-watching-the-skies-american-science-fiction-movies-of-the.pdf
    • http://www.gorillawalker.com/mountain-bike-island-hopping-to-visit-time-of-tsushima-rishiri.pdf
    • http://www.gorillawalker.com/nutcracker-suite-op-71a-miniature-score-miniature-score-kalmus-edition.pdf
    • http://www.gorillawalker.com/my-ex-best-friend-s-little-brat.pdf
    • http://www.gorillawalker.com/the-moonlit-earth.pdf
    • http://www.gorillawalker.com/and-we-sold-the-rain-contemporary-fiction-from-central-america.pdf
    • http://www.gorillawalker.com/christmas-cowboy-kisses-a-family-for-christmas-a-christmas-miracle.pdf
    • http://www.gorillawalker.com/the-keeper-of-the-isis-light.pdf
    • http://www.gorillawalker.com/collins-french-english-dictionary-canadian-edition.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-a-blessing-in-disguise.pdf
    • http://www.gorillawalker.com/where-i-am-now-and-some-places-i-have-been.pdf
    • http://www.gorillawalker.com/muse-the-easy-piano-songbook.pdf
    • http://www.gorillawalker.com/the-lessons-of-love-rediscovering-our-passion-for-life-when.pdf
    • http://www.gorillawalker.com/the-last-great-game-duke-vs-kentucky-and-the-2.pdf
    • http://www.gorillawalker.com/intimacy-and-other-plays-digital.pdf
    • http://www.gorillawalker.com/long-after-midnight-at-the-nino-bien-the-tango-and.pdf
    • http://www.gorillawalker.com/calculus-single-variable-6e-binder-ready-version-wileyplus-registration-card.pdf
    • http://www.gorillawalker.com/a-game-of-two-halves-the-autobiography.pdf
    • http://www.gorillawalker.com/two-dimensional-wavelets-and-their-relatives.pdf
    • http://www.gorillawalker.com/sports-injuries-their-treatment-by-homoeopathy-acupressure.pdf
    • http://www.gorillawalker.com/idea-factory-s-the-great-bone-mysteries.pdf
    • http://www.gorillawalker.com/an-unauthorized-biography-of-the-world.pdf
    • http://www.gorillawalker.com/gp-psychotropic-handbook.pdf
    • http://www.gorillawalker.com/adolescent-depression-a-guide-for-parents-a-johns-hopkins-press.pdf
    • http://www.gorillawalker.com/emotional-health-the-secret-for-freedom-from-drama-trauma-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.