Malicious PDF — malware analysis report

Static analysis result for SHA-256 94f039d66b22c2a9…

MALICIOUS

PDF

33.0 KB Created: 2020-03-12 17:17:39 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: 8ee2cb427d9ca45fd792e25b8a3bc6b2 SHA-1: 3ddfe9f8c2f350284118dd86c1a7335fd17b928b SHA-256: 94f039d66b22c2a9a6398217f552a581feda22d969f7d7ce356c9e4f7e75f015
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links to PDF files hosted on gorillawalker.com. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8157

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/i-don-t-look-back-in-anger.pdf
    • http://www.gorillawalker.com/the-hye-ch-o-diary-memoir-of-the-pilgrimage-to.pdf
    • http://www.gorillawalker.com/autism-adhd-and-anorexia-nervosa-essays-on-three-childhood-disorders.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-quantum-chemistry.pdf
    • http://www.gorillawalker.com/dracula-starring-lon-chaney-an-alternate-history-for-classic-film.pdf
    • http://www.gorillawalker.com/prehistoric-britain.pdf
    • http://www.gorillawalker.com/entrega-a-domicilio-spanish-edition.pdf
    • http://www.gorillawalker.com/an-official-red-book-a-guide-book-of-shield-and.pdf
    • http://www.gorillawalker.com/freakonomics-b-de-books-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/south-and-meso-american-mythology-a-to-z-mythology-a.pdf
    • http://www.gorillawalker.com/last-hurrah-from-beijing-to-arnhem-2005.pdf
    • http://www.gorillawalker.com/textbook-of-syrian-semitic-inscriptions-volume-2-aramaic-inscriptions-including.pdf
    • http://www.gorillawalker.com/sermons-on-the-gospel-readings-series-ii-cycle-b.pdf
    • http://www.gorillawalker.com/buddhism-an-introduction-a-teach-yourself-guide-teach-yourself-reference.pdf
    • http://www.gorillawalker.com/lifespan-development-and-the-brain-the-perspective-of-biocultural-co.pdf
    • http://www.gorillawalker.com/great-car.pdf
    • http://www.gorillawalker.com/traversing-the-frontier-the-i-man-yoshu-i-account-of.pdf
    • http://www.gorillawalker.com/the-harbormaster.pdf
    • http://www.gorillawalker.com/concrete-pressure-on-formwork-report.pdf
    • http://www.gorillawalker.com/africa-through-100-eyes-portraits-of-beauty-and-hope.pdf
    • http://www.gorillawalker.com/chemistry-molecular-science-enhanced-version-2nd-05-by-moore-john.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-track-and-field.pdf
    • http://www.gorillawalker.com/crystal-and-multilayer-optics-21-22-july-1998-san-diego.pdf
    • http://www.gorillawalker.com/oscilloscopes-fifth-edition.pdf
    • http://www.gorillawalker.com/walt-disney-s-mickey-and-the-gang-classic-stories-in.pdf
    • http://www.gorillawalker.com/branding-from-brief-to-finished-solution-digital-lab-print-electronic.pdf
    • http://www.gorillawalker.com/weight-watchers-miracle-foods-more-fruits-more-veggies.pdf
    • http://www.gorillawalker.com/handbook-of-water-and-wastewater-treatment-technologies-kindle-edition.pdf
    • http://www.gorillawalker.com/pain-the-fifth-vital-sign.pdf
    • http://www.gorillawalker.com/the-changeling-new-mermaids.pdf
    • http://www.gorillawalker.com/hanna-s-daughters.pdf
    • http://www.gorillawalker.com/linear-algebra-in-signals-systems-and-control.pdf
    • http://www.gorillawalker.com/the-pirate-island-a-story-of-the-south-pacific.pdf
    • http://www.gorillawalker.com/labconnection-on-dvd-network-guide-to-networks.pdf
    • http://www.gorillawalker.com/trigonometry-with-tables.pdf
    • http://www.gorillawalker.com/veterinary-surgery-small-animal-2-volume-set-kindle-edition.pdf
    • http://www.gorillawalker.com/decadent-poetry-penguin-classics.pdf
    • http://www.gorillawalker.com/moral-development-and-reality-beyond-the-theories-of-kohlberg-and.pdf
    • http://www.gorillawalker.com/conrad-weiser-s-journal-of-a-tour-to-the-ohio.pdf
    • http://www.gorillawalker.com/bureau-of-the-centre-for-the-study-of-surrealism-and.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.