Malicious PDF — malware analysis report

Static analysis result for SHA-256 993e71896650e714…

MALICIOUS

PDF

45.5 KB Created: 2019-04-03 18:54:34 +03:00 Authoring application: Adobe Acrobat 6.0 (via Adobe Acrobat 6.0 Paper Capture Plug-in) First seen: 2021-06-28
MD5: da41eb29b51eed2ac3ff188252d72c23 SHA-1: 076f245171481481db11f39b4eb4c3300a96064f SHA-256: 993e71896650e714905438082917f05a9dc94232867865fc45235e201dd10789
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing indicating a link farm with 32 external PDF links, primarily hosted on www.gorillawalker.com. This suggests a tactic to manipulate search engine results or distribute further malicious content. While no scripts were extracted, the sheer volume of links points towards a malicious intent, likely related to SEO manipulation or a phishing lure. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/caregiver-s-journal.pdf In PDF document text
    • http://www.gorillawalker.com/slash-your-grocery-budget-and-eat-a-whole-foods-diet.pdfIn PDF document text
    • http://www.gorillawalker.com/understanding-the-middle-east-history-religion-and-the-clash-of.pdfIn PDF document text
    • http://www.gorillawalker.com/land-title-origins-a-tale-of-force-and-fraud.pdfIn PDF document text
    • http://www.gorillawalker.com/it-s-bad-business-to-injure-your-customer-retail-safety.pdfIn PDF document text
    • http://www.gorillawalker.com/erotic-bondage-the-art-of-rope.pdfIn PDF document text
    • http://www.gorillawalker.com/second-parish-registers-of-belize-1813-1827-the-first-newspaper.pdfIn PDF document text
    • http://www.gorillawalker.com/the-paleobiological-revolution-essays-on-the-growth-of-modern-paleontology.pdfIn PDF document text
    • http://www.gorillawalker.com/the-re-forming-tradition-presbyterians-and-mainstream-protestantism-the-presbyterian.pdfIn PDF document text
    • http://www.gorillawalker.com/handbook-of-transformer-design-and-applications.pdfIn PDF document text
    • http://www.gorillawalker.com/the-life-of-general-albert-sidney-johnston-embracing-his-services.pdfIn PDF document text
    • http://www.gorillawalker.com/the-entrepreneur-roller-coaster-why-now-is-the-time-to.pdfIn PDF document text
    • http://www.gorillawalker.com/third-update-on-adult-learning-theory-new-directions-for-adult.pdfIn PDF document text
    • http://www.gorillawalker.com/god-the-holy-spirit-great-doctrines-of-the-bible-great.pdfIn PDF document text
    • http://www.gorillawalker.com/we-do-not-fear-anarchy-we-invoke-it-the-first.pdfIn PDF document text
    • http://www.gorillawalker.com/what-makes-great-great.pdfIn PDF document text
    • http://www.gorillawalker.com/by-michelle-a-green-jo-ann-c-rowell-workbook-for.pdfIn PDF document text
    • http://www.gorillawalker.com/the-social-face-of-complexity-science-a-festschrift-for-professor.pdfIn PDF document text
    • http://www.gorillawalker.com/medical-classifications-pocket.pdfIn PDF document text
    • http://www.gorillawalker.com/doomsday-book.pdfIn PDF document text
    • http://www.gorillawalker.com/reaching-higher-a-handbook-for-union-organizing-committee-members.pdfIn PDF document text
    • http://www.gorillawalker.com/japanese-mythology.pdfIn PDF document text
    • http://www.gorillawalker.com/combat-team-the-captain-s-war-an-interactive-exercise-in.pdfIn PDF document text
    • http://www.gorillawalker.com/corporate-trust-administration-and-management.pdfIn PDF document text
    • http://www.gorillawalker.com/chicago-bears-101-my-first-team-board-book.pdfIn PDF document text
    • http://www.gorillawalker.com/science-for-sale-the-perils-rewards-and-delusions-of-campus.pdfIn PDF document text
    • http://www.gorillawalker.com/preludes-signature-series-abrsm.pdfIn PDF document text
    • http://www.gorillawalker.com/war-plan-iraq-ten-reasons-against-war-with-iraq.pdfIn PDF document text
    • http://www.gorillawalker.com/sunday-school-that-really-excels-real-life-examples-of-churches.pdfIn PDF document text
    • http://www.gorillawalker.com/ice-time-the-story-of-hockey.pdfIn PDF document text
    • http://www.gorillawalker.com/social-and-political-philosophy.pdfIn PDF document text
    • http://www.gorillawalker.com/a-pond-full-of-ink.pdfIn PDF document text
    • http://www.gorillawalker.com/out-at-home.pdfIn PDF document text
    • http://www.gorillawalker.com/the-ghost-files-volume-1.pdfIn PDF document text
    • http://www.gorillawalker.com/beauty-queens-audio-library-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-make-money-online-with-clickbank-unabridged-audible-audio.pdfIn PDF document text
    • http://www.gorillawalker.com/alfred-s-basic-adult-piano-course-lesson-book-1-alfred.pdfIn PDF document text
    • http://www.gorillawalker.com/north-biscay-the-west-coast-of-france-brest-to-bordeaux.pdfIn PDF document text
    • http://www.gorillawalker.com/mostly-durham-watercolour-paintings-and-drawings-of-durham-and-beyond.pdfIn PDF document text
    • http://www.gorillawalker.com/bernstein-s-handbook-of-arbitration-and-dispute-resolution-practice-vol.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text