Malicious PDF — malware analysis report

Static analysis result for SHA-256 a36797ce68e05b32…

MALICIOUS

PDF

32.9 KB Created: 2020-02-08 18:22:04 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: aa1dafb5c4407310620ab047ee85ff18 SHA-1: 78152bb8fd6de8a728d574f2a0bf07b8dc32f95b SHA-256: a36797ce68e05b3255662c6b81a362b4a2223d05cb533a5808e32e8bced46e98
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/your-gifts-for-children-spiritual-gifts-adventure.pdf
    • http://www.gorillawalker.com/your-genes-your-health-a-critical-family-guide-that-could.pdf
    • http://www.gorillawalker.com/gaining-efficiencies-in-air-traffic-control-through-leveraging-new-radar.pdf
    • http://www.gorillawalker.com/perfect-victim.pdf
    • http://www.gorillawalker.com/taoist-tai-chi-for-special-needs-adapted-exercises-for-improved.pdf
    • http://www.gorillawalker.com/the-witch-princess-spirals.pdf
    • http://www.gorillawalker.com/notecracker-jokes-and-quotes.pdf
    • http://www.gorillawalker.com/the-gnostic-paul-gnostic-exegesis-of-the-pauline-letters.pdf
    • http://www.gorillawalker.com/provence-intime-la-provence-intime-on-ne-la-decouvre-en.pdf
    • http://www.gorillawalker.com/small-satellites-for-earth-observation-selected-contributions.pdf
    • http://www.gorillawalker.com/del-hielo-mundo-prehistorico-prehistoric-world-spanish-edition.pdf
    • http://www.gorillawalker.com/george-gauld-surveyor-and-cartographer-of-the-gulf-coast.pdf
    • http://www.gorillawalker.com/warship-under-sail-the-uss-decatur-in-the-pacific-west.pdf
    • http://www.gorillawalker.com/the-angry-black-woman-s-guide-to-life.pdf
    • http://www.gorillawalker.com/all-the-things-you-are-plus-12-jazz-classics-for.pdf
    • http://www.gorillawalker.com/beginning-algebra-7th-edition.pdf
    • http://www.gorillawalker.com/lectures-of-col-r-g-ingersoll-latest.pdf
    • http://www.gorillawalker.com/learn-italian-with-paul-noble.pdf
    • http://www.gorillawalker.com/atomic-physics-8th-edition-dover-books-on-physics.pdf
    • http://www.gorillawalker.com/superwomen-100-women-100-sports.pdf
    • http://www.gorillawalker.com/international-review-of-cell-and-molecular-biology.pdf
    • http://www.gorillawalker.com/cambridge-english-first-1-for-revised-exam-from-2015-student.pdf
    • http://www.gorillawalker.com/tunnel-vision-trial-error.pdf
    • http://www.gorillawalker.com/master-the-hiset.pdf
    • http://www.gorillawalker.com/bed-and-sofa-the-film-companion-kinofiles-film-companion.pdf
    • http://www.gorillawalker.com/the-face-of-mercy-a-photographic-history-of-medicine-at.pdf
    • http://www.gorillawalker.com/der-tanz-the-dance-franz-schubert-sab-sab-sheet-music.pdf
    • http://www.gorillawalker.com/book-of-yields-instructor-s-manual-and-single-user-cd.pdf
    • http://www.gorillawalker.com/sri-lanka-war-torn-island-world-in-conflict.pdf
    • http://www.gorillawalker.com/consider-testing-for-allergic-contact-dermatitis-when-treating-venous-leg.pdf
    • http://www.gorillawalker.com/the-conquest-of-constantinople-records-of-western-civilization-series.pdf
    • http://www.gorillawalker.com/hunter-valley-australian-wine-regions.pdf
    • http://www.gorillawalker.com/batman-vol-7-endgame.pdf
    • http://www.gorillawalker.com/introduction-to-radiometry-and-photometry.pdf
    • http://www.gorillawalker.com/coins-and-currency-of-panama.pdf
    • http://www.gorillawalker.com/the-middle-east-a-guide-to-politics-economics-society-and.pdf
    • http://www.gorillawalker.com/scholastic-rhyming-dictionary.pdf
    • http://www.gorillawalker.com/mixed-media-teacher-s-book.pdf
    • http://www.gorillawalker.com/organosilicon-chemistry-i-from-molecules-to-materials-v-1.pdf
    • http://www.gorillawalker.com/ender-s-shadow-unabridged-audible-audio-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.