Malicious PDF — malware analysis report

Static analysis result for SHA-256 94327141c505e1d3…

MALICIOUS

PDF

31.8 KB Created: 2020-02-21 01:55:29 +03:00 Authoring application: mPDF 6.0 First seen: 2020-12-28
MD5: 6d05970b2b343b164f0cae6277fdcb83 SHA-1: e5a8f370cd873312f99f16be19ae333277a009ad SHA-256: 94327141c505e1d3025692d651dd97059d5dbac1bcc6550937dee1282e2da241
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning tactic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links and the heuristic firings indicate a malicious intent to direct users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/on-brokeback-mountain-meditations-about-masculinity-fear-and-love-in.pdf In PDF document text
    • http://www.gorillawalker.com/a-faint-cold-fear-grant-county-mysteries.pdfIn PDF document text
    • http://www.gorillawalker.com/favorite-movie-themes-violin-cd-pkg.pdfIn PDF document text
    • http://www.gorillawalker.com/shadowed-lives-undocumented-immigrants-in-american-society-case-studies-in.pdfIn PDF document text
    • http://www.gorillawalker.com/poo-and-puke-eaters-of-the-animal-world-blazers-disgusting.pdfIn PDF document text
    • http://www.gorillawalker.com/dive-in-fun-faith-builders-easy-prep-lessons.pdfIn PDF document text
    • http://www.gorillawalker.com/le-th-or-me-de-travolta.pdfIn PDF document text
    • http://www.gorillawalker.com/ancient-leadership-wisdom.pdfIn PDF document text
    • http://www.gorillawalker.com/jennifer-lopez-ll-latinos-in-the-limelight.pdfIn PDF document text
    • http://www.gorillawalker.com/shakespeare-and-modernism.pdfIn PDF document text
    • http://www.gorillawalker.com/highway-code-test-getting-it-right.pdfIn PDF document text
    • http://www.gorillawalker.com/princess-kc-s-foot-fetish-photo-collection-vol-1-feet.pdfIn PDF document text
    • http://www.gorillawalker.com/who-holds-the-cards-now-5-lethal-steps-to-win.pdfIn PDF document text
    • http://www.gorillawalker.com/beyond-the-cascade-classic-3-ball-juggling-tricks.pdfIn PDF document text
    • http://www.gorillawalker.com/pets-jigsaw-art.pdfIn PDF document text
    • http://www.gorillawalker.com/nobody-heard-me-cry.pdfIn PDF document text
    • http://www.gorillawalker.com/bad-seeds-and-holy-terrors-the-child-villains-of-horror.pdfIn PDF document text
    • http://www.gorillawalker.com/kompetenzabgrenzung-und-kompetenzaus-bung-in-der-europ-ischen-union-eine.pdfIn PDF document text
    • http://www.gorillawalker.com/jungle-king-secrets-a-libido-liberating-lifestyle-for-superior-sexual.pdfIn PDF document text
    • http://www.gorillawalker.com/african-democratization-and-military-coups-medicine-209.pdfIn PDF document text
    • http://www.gorillawalker.com/gustav-klimt-painter-of-women.pdfIn PDF document text
    • http://www.gorillawalker.com/time-out-sydney-time-out-sydney-guide.pdfIn PDF document text
    • http://www.gorillawalker.com/wildlife-of-pennsylvania-and-the-northeast.pdfIn PDF document text
    • http://www.gorillawalker.com/steck-vaughn-top-line-math-math-inventory-sheet-30pk.pdfIn PDF document text
    • http://www.gorillawalker.com/tests-especiales-para-el-examen-en-ortopedia-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/the-songs-of-maldoror-solar-books-solar-nocturnal.pdfIn PDF document text
    • http://www.gorillawalker.com/color-atlas-of-microsurgery-in-endodontics-1e.pdfIn PDF document text
    • http://www.gorillawalker.com/disputed-moral-issues-a-reader.pdfIn PDF document text
    • http://www.gorillawalker.com/dental-laboratory-procedures-complete-dentures-volume-1.pdfIn PDF document text
    • http://www.gorillawalker.com/life-remembering-elvis-30-years-later.pdfIn PDF document text
    • http://www.gorillawalker.com/weight-training-for-running-the-ultimate-guide.pdfIn PDF document text
    • http://www.gorillawalker.com/no-choice-but-to-follow.pdfIn PDF document text
    • http://www.gorillawalker.com/mcdougal-littell-discovering-french-nouveau-audio-cd-program-level-1.pdfIn PDF document text
    • http://www.gorillawalker.com/mexican-killing-ballads-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/yemen-the-unknown-war.pdfIn PDF document text
    • http://www.gorillawalker.com/craft-and-business-of-songwriting-3rd-edition-craft-business-of.pdfIn PDF document text
    • http://www.gorillawalker.com/outposts-of-the-forgotten-socially-terminal-people-in-slum-hotels.pdfIn PDF document text
    • http://www.gorillawalker.com/dk-essential-managers-motivating-people.pdfIn PDF document text
    • http://www.gorillawalker.com/still-foolin-em-where-i-ve-been-where-i-m.pdfIn PDF document text
    • http://www.gorillawalker.com/neuroeconomics-second-edition-decision-making-and-the-brain.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text