Malicious PDF — malware analysis report

Static analysis result for SHA-256 9bcd7437f30d6b30…

MALICIOUS

PDF

35.3 KB Created: 2019-12-13 23:50:56 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: c96ed19bf686530e083e1005240e510e SHA-1: 64a428315cfb652e74bbc86ef2fa3aa39088b3c2 SHA-256: 9bcd7437f30d6b3066db412f8fb27633efd4aae26491f376ac657c0815f3cec5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a link farm or SEO manipulation tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-big-book-of-catholic-customs-and-traditions-for-children.pdf
    • http://www.gorillawalker.com/introduction-to-organic-laboratory-techniques-a-small-scale-approach-chem.pdf
    • http://www.gorillawalker.com/on-the-pragmatics-of-social-interaction.pdf
    • http://www.gorillawalker.com/the-origins-of-the-liturgical-year.pdf
    • http://www.gorillawalker.com/tres-habitaciones-y-un-cadaver-caso-de-aurora-roe-teagarden.pdf
    • http://www.gorillawalker.com/biomagnetica-biomagnetics-campos-magneticos-fuente-de-la-vida-magnetic-field.pdf
    • http://www.gorillawalker.com/how-to-improve-your-gymnastics-for-girls-and-women.pdf
    • http://www.gorillawalker.com/torn-sky.pdf
    • http://www.gorillawalker.com/4-ges-nge-op-33-verf-hrung-no-1-viola.pdf
    • http://www.gorillawalker.com/vampire-slayer-werewolf-gangbang-light-bdsm-paranormal-erotica.pdf
    • http://www.gorillawalker.com/with-charity-toward-none-a-fond-look-at-misanthropy.pdf
    • http://www.gorillawalker.com/transpersonal-medicine-a-new-approach-to-healing-body-mind-spirit.pdf
    • http://www.gorillawalker.com/anatomia-de-la-seduccion-spanish-edition.pdf
    • http://www.gorillawalker.com/metallurgy-of-gold-the-metallurgical-treatment-of-gold-bearing-ores.pdf
    • http://www.gorillawalker.com/teach-a-child-to-read-phonic-ebooks-sounds-made-easy.pdf
    • http://www.gorillawalker.com/the-european-union-and-the-united-states-convergence-and-competition.pdf
    • http://www.gorillawalker.com/postdramatic-theatre.pdf
    • http://www.gorillawalker.com/instructor-s-guide-to-good-food.pdf
    • http://www.gorillawalker.com/congress-and-defense-spending-the-distributive-politics-of-military-procurement.pdf
    • http://www.gorillawalker.com/iran-u-s-claims-tribunal-reports-volume-23.pdf
    • http://www.gorillawalker.com/ecoarchitecture-the-work-of-ken-yeang.pdf
    • http://www.gorillawalker.com/susie-s-shoesies-a-splendid-reward-volume-3.pdf
    • http://www.gorillawalker.com/introduction-to-nonlinear-systems-modular-mathematics-series.pdf
    • http://www.gorillawalker.com/nononsense-international-development-illusions-and-realities.pdf
    • http://www.gorillawalker.com/strategic-compensation-a-human-resource-management-approach-7th-edition.pdf
    • http://www.gorillawalker.com/why-do-ice-cubes-float-science-faq.pdf
    • http://www.gorillawalker.com/harcourt-science-teacher-edition-volume-3-grade-2-2006.pdf
    • http://www.gorillawalker.com/introduction-to-digital-computers-prentice-hall-series-in-electronic-technology.pdf
    • http://www.gorillawalker.com/broodstock-management-and-egg-and-larval-quality.pdf
    • http://www.gorillawalker.com/principles-of-medicinal-chemistry.pdf
    • http://www.gorillawalker.com/radical-and-marxist-theories-of-crime-the-library-of-essays.pdf
    • http://www.gorillawalker.com/master-the-ssat-isee-practice-test-5-practice-test-5.pdf
    • http://www.gorillawalker.com/fearless-in-high-heels-high-heels-mysteries-6-kindle-edition.pdf
    • http://www.gorillawalker.com/welding-print-reading-6th-sixth-textb-edition-by-walker-john.pdf
    • http://www.gorillawalker.com/medical-problem-solving-an-analysis-of-clinical-reasoning.pdf
    • http://www.gorillawalker.com/aesops-fables-volume-one-twenty-ancient-stories.pdf
    • http://www.gorillawalker.com/phenomenological-inquiry-in-psychology-existential-and-transpersonal-dimensions.pdf
    • http://www.gorillawalker.com/behind-the-faery-veil-writings-from-the-mystical-realms.pdf
    • http://www.gorillawalker.com/nfpa-25-standard-for-the-inspection-testing-and-maintenance-of.pdf
    • http://www.gorillawalker.com/really-big-book-of-cool-crafts-for-kids-with-cd.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.