Malicious PDF — malware analysis report

Static analysis result for SHA-256 92ec073ccfe2bc4a…

MALICIOUS

PDF

42.9 KB Created: 2019-03-17 05:30:57 +03:00 Authoring application: Acrobat PDFMaker 9.1 for Word (via Adobe PDF Library 9.0)
MD5: e2ad2a09962b7b042da962d677cb0d82 SHA-1: d0edc960349ae06662851be3cc65e477ebe0c828 SHA-256: 92ec073ccfe2bc4a1cc52f06ce388c1f1c1e987cc9feeb963327fc322e4ba173
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to PDF files on the domain www.gorillawalker.com. This indicates a link farm or a distribution mechanism for potentially malicious content, leveraging SEO tactics. No scripts were extracted, and the document body was unreadable, but the sheer volume of links suggests a malicious intent to redirect users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lucky-13-kindle-edition.pdf
    • http://www.gorillawalker.com/acoustical-aspects-of-woodwind-instruments-revised-edition.pdf
    • http://www.gorillawalker.com/fundamentals-of-foods-nutrition-and-diet-therapy.pdf
    • http://www.gorillawalker.com/murder-in-grosse-pointe-park-privilege-adultery-and-the-killing.pdf
    • http://www.gorillawalker.com/camarines-sur-philippines.pdf
    • http://www.gorillawalker.com/god-s-names-children-desiring-god.pdf
    • http://www.gorillawalker.com/jerry-jones-and-the-new-regime-memoirs-recollections-times-and.pdf
    • http://www.gorillawalker.com/drawing-fantastic-furries-the-ultimate-guide-to-drawing-anthropomorphic-characters.pdf
    • http://www.gorillawalker.com/the-fight-my-brother-is-a-robot.pdf
    • http://www.gorillawalker.com/applied-clinical-pharmacokinetics-3-e-kindle-edition.pdf
    • http://www.gorillawalker.com/in-defense-of-natural-law-by-george-robert-p-published.pdf
    • http://www.gorillawalker.com/crb-commodity-yearbook-2001.pdf
    • http://www.gorillawalker.com/the-philosophical-challenge-of-religious-diversity.pdf
    • http://www.gorillawalker.com/fun-with-good-luck-symbols-stencils-dover-stencils.pdf
    • http://www.gorillawalker.com/greek-mathematical-works-volume-ii-from-aristarchus-to-pappus-loeb.pdf
    • http://www.gorillawalker.com/21st-century-ultimate-medical-guide-to-lactose-intolerance-authoritative-clinical.pdf
    • http://www.gorillawalker.com/genuine-new-colored-pencil-drawing-birds-meng-chinese-edition.pdf
    • http://www.gorillawalker.com/con-carino-para-mi-hermano-with-love-for-my-brother.pdf
    • http://www.gorillawalker.com/una-sola-cosa-spanish-edition.pdf
    • http://www.gorillawalker.com/into-the-darkness.pdf
    • http://www.gorillawalker.com/the-western-church-in-the-later-middle-ages.pdf
    • http://www.gorillawalker.com/prime-times-2nd-ed-a-handbook-for-excellence-in-infant.pdf
    • http://www.gorillawalker.com/anthropological-filmmaking-anthropological-perspectives-on-the-production-of-film-and.pdf
    • http://www.gorillawalker.com/graduate-programs-in-the-humanities-arts-social-sciences-2010-nearly.pdf
    • http://www.gorillawalker.com/feeding-my-children.pdf
    • http://www.gorillawalker.com/gaud-the-complete-buildings-architecture-design.pdf
    • http://www.gorillawalker.com/the-leibniz-clarke-correspondence-with-extracts-from-newton-s-principia.pdf
    • http://www.gorillawalker.com/sex-sanger-op-88-nr-3-hvitsippan-die-sternblume-wilhelm.pdf
    • http://www.gorillawalker.com/god-s-answers-for-today-s-problems-proverbs-the-new.pdf
    • http://www.gorillawalker.com/bead-play-with-tassels-techniques-design-and-projects.pdf
    • http://www.gorillawalker.com/toward-an-islamic-reformation-civil-liberties-human-rights-and-international.pdf
    • http://www.gorillawalker.com/mark-zuckerberg-and-facebook-technology-titans.pdf
    • http://www.gorillawalker.com/a-conductor-s-guide-to-nineteenth-century-choral-orchestral-works.pdf
    • http://www.gorillawalker.com/creating-literacy-instruction-for-all-students-6th-edition.pdf
    • http://www.gorillawalker.com/generalized-quantifiers-linguistic-and-logical-approaches-studies-in-linguistics-and.pdf
    • http://www.gorillawalker.com/in-wilderness-a-novel.pdf
    • http://www.gorillawalker.com/notes-on-shakespeare-s-love-s-labour-s-lost-york.pdf
    • http://www.gorillawalker.com/a-killer-of-a-one-night-stand-the-complete-erotic.pdf
    • http://www.gorillawalker.com/molecular-insights-into-development-in-humans-studies-in-normal-development.pdf
    • http://www.gorillawalker.com/the-steps-to-the-supreme-court-a-guided-tour-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.