Malicious PDF — malware analysis report

Static analysis result for SHA-256 9b050e602ffaa466…

MALICIOUS

PDF

38.0 KB Created: 2019-11-10 05:17:06 +03:00 Authoring application: Adobe Photoshop 5.0 (via Adobe Photoshop for Windows)
MD5: 36e0df7e2c42bced3096153fa8c61fcd SHA-1: ae4f85456548d79498c24693fe3cc4531f6c4e8e SHA-256: 9b050e602ffaa466e6e428df68738e81a04733bb8ce9928c359f78fd62c8b344
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/boating-and-fishing-newfoundland-labrador-canada-1965-1966-photo-albums.pdf
    • http://www.gorillawalker.com/the-complete-encyclopedia-of-elves-goblins-and-other-little-creatures.pdf
    • http://www.gorillawalker.com/stress-ribbon-and-cable-supported-pedestrian-bridges-structures-and-buildings.pdf
    • http://www.gorillawalker.com/croatia-cultures-of-the-world.pdf
    • http://www.gorillawalker.com/sheet-metal-forming-new-manufacturing-processes-materials.pdf
    • http://www.gorillawalker.com/a-comparison-of-income-expenditures-and-home-market-value-distributions.pdf
    • http://www.gorillawalker.com/social-work-services-in-schools-with-pearson-etext-access-card.pdf
    • http://www.gorillawalker.com/forgotten-realms-adventures-advanced-dungeons-and-dragons-hardcover-accessory-rulebook.pdf
    • http://www.gorillawalker.com/slow-cooker-recipes-delicious-slow-cooker-recipes-with-5-ingredients.pdf
    • http://www.gorillawalker.com/doctor-on-the-boil.pdf
    • http://www.gorillawalker.com/a-thousand-miles-in-the-rob-roy-canoe.pdf
    • http://www.gorillawalker.com/fundamentals-of-hvac-control-systems-i-p.pdf
    • http://www.gorillawalker.com/the-faber-report-how-wall-street-really-works-and-how.pdf
    • http://www.gorillawalker.com/statistical-methods-in-applied-chemistry-physical-sciences-data.pdf
    • http://www.gorillawalker.com/ensemble-methods-in-data-mining-improving-accuracy-through-combining-predictions.pdf
    • http://www.gorillawalker.com/luftwaffe-mistel-composite-bomber-units-combat-aircraft.pdf
    • http://www.gorillawalker.com/managing-sport-organizations-responsibility-for-performance-kindle-edition.pdf
    • http://www.gorillawalker.com/zen-skin-zen-marrow-will-the-real-zen-buddhism-please.pdf
    • http://www.gorillawalker.com/and-the-band-played-on.pdf
    • http://www.gorillawalker.com/pathfinder-module-masks-of-the-living-god.pdf
    • http://www.gorillawalker.com/keys-to-governance-strategic-leadership-for-quality-of-life.pdf
    • http://www.gorillawalker.com/business-model-innovation-for-shipbrokers-in-the-drybulk-industry-a.pdf
    • http://www.gorillawalker.com/mosby-s-diagnostic-and-laboratory-test-reference-12e.pdf
    • http://www.gorillawalker.com/best-approximation-in-normed-linear-spaces-by-elements-of-linear.pdf
    • http://www.gorillawalker.com/the-mosaic-of-christian-belief-twenty-centuries-of-unity-diversity.pdf
    • http://www.gorillawalker.com/the-cervantes-encyclopedia-2-volumes.pdf
    • http://www.gorillawalker.com/the-awakening-a-roxy-bell-trilogy-book-1.pdf
    • http://www.gorillawalker.com/immobilienbewertung-mit-hedonischen-preismodellen-theoretische-grundlagen-und-praktische-anwendung-german.pdf
    • http://www.gorillawalker.com/alexey-brodovitch-portfolio-assouline.pdf
    • http://www.gorillawalker.com/traveling-the-lewis-and-clark-trail-3rd-historic-trail-guide.pdf
    • http://www.gorillawalker.com/the-business-environment-of-europe-firms-governments-and-institutions.pdf
    • http://www.gorillawalker.com/geology-of-southern-california-bulletin-170-chapter-iii-historical-geology.pdf
    • http://www.gorillawalker.com/yosemite-high-sierra-hiiking-guide-a-complete-guide-to-the.pdf
    • http://www.gorillawalker.com/the-st-louis-football-cardinals-a-celebration-of-the-big.pdf
    • http://www.gorillawalker.com/the-immanence-of-the-infinite-hans-blumenberg-and-the-threshold.pdf
    • http://www.gorillawalker.com/listen-to-light-haiku.pdf
    • http://www.gorillawalker.com/the-handbook-of-blended-learning-global-perspectives-local-designs.pdf
    • http://www.gorillawalker.com/chapman-nakielny-s-aids-to-radiological-differential-diagnosis-expert-consult.pdf
    • http://www.gorillawalker.com/star-wars-clone-wars-adventures-4.pdf
    • http://www.gorillawalker.com/antidepressants-and-breast-feeding-an-article-from-family-practice-news.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.