Malicious PDF — malware analysis report

Static analysis result for SHA-256 a46244c4768818eb…

MALICIOUS

PDF

43.6 KB Created: 2019-03-17 09:09:56 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86)) First seen: 2021-06-28
MD5: a5696136e3e5808dda4ec084866ec7fb SHA-1: 617193d3cb710a1ea5ecc30e6be1d84a7cce1a76 SHA-256: a46244c4768818eb58dc21e60ddb88e037a23b567b284f285dbd9dbbd86b0124
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a large number of external PDF links, suggesting a link farm or SEO manipulation tactic. While no explicit malicious script was found, the embedded URLs point to a large collection of PDF files, indicating a potential distribution or redirection mechanism. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-really-happened-christmas-morning-examine-the-evidence.pdf In PDF document text
    • http://www.gorillawalker.com/sounds-of-holiness-sounds-of-sinai-sounds-of-promise-songbook.pdfIn PDF document text
    • http://www.gorillawalker.com/down-a-lost-road-lost-road-chronicles-book-1-kindle.pdfIn PDF document text
    • http://www.gorillawalker.com/the-hitopadesa-penguin-classics.pdfIn PDF document text
    • http://www.gorillawalker.com/business-for-higher-awards-lecturer-s-pack.pdfIn PDF document text
    • http://www.gorillawalker.com/a-manual-of-the-theory-practice-of-classical-theatrical-dancing.pdfIn PDF document text
    • http://www.gorillawalker.com/ict-for-local-governments-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/wilderness-defender-horace-m-albright-and-conservation.pdfIn PDF document text
    • http://www.gorillawalker.com/stromateis-books-1-3-fathers-of-the-church-patristic-series.pdfIn PDF document text
    • http://www.gorillawalker.com/slave-life-in-america.pdfIn PDF document text
    • http://www.gorillawalker.com/definitive-trichology-s-complete-guide-to-healthy-beautiful-hair.pdfIn PDF document text
    • http://www.gorillawalker.com/maria-icona-della-chiesa-modello-e-presenza-italian-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/solar-energy-storage.pdfIn PDF document text
    • http://www.gorillawalker.com/frommer-s-arizona-2004-frommer-s-complete-guides.pdfIn PDF document text
    • http://www.gorillawalker.com/china-s-modern-medical-technology-innovation-international-comparison-a-full.pdfIn PDF document text
    • http://www.gorillawalker.com/the-bad-thing-about-us.pdfIn PDF document text
    • http://www.gorillawalker.com/hot-springs-a-novel-earl-swagger.pdfIn PDF document text
    • http://www.gorillawalker.com/penguins-hate-stuff-2015-wall-calendar.pdfIn PDF document text
    • http://www.gorillawalker.com/vogue-on-christian-dior.pdfIn PDF document text
    • http://www.gorillawalker.com/physical-science-the-100-series-tm.pdfIn PDF document text
    • http://www.gorillawalker.com/html-xhtml-and-css-your-visual-blueprint-for-designing-effective.pdfIn PDF document text
    • http://www.gorillawalker.com/erwin-rommel-command-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-make-money-growing-trees.pdfIn PDF document text
    • http://www.gorillawalker.com/paul-the-jew-jewish-christian-dialogue-colloquy-ctr-for-hermeneutical.pdfIn PDF document text
    • http://www.gorillawalker.com/continuum-mechanics-dover-books-on-physics.pdfIn PDF document text
    • http://www.gorillawalker.com/seismic-engineering-volume-2-earthquakes-risks-and-prevention-v-2.pdfIn PDF document text
    • http://www.gorillawalker.com/fighting-power-german-and-u-s-army-performance-1939-1945.pdfIn PDF document text
    • http://www.gorillawalker.com/planning-control-using-primavera-p6-version-7-for-all-industries.pdfIn PDF document text
    • http://www.gorillawalker.com/modern-electroplating.pdfIn PDF document text
    • http://www.gorillawalker.com/the-eastern-front-memoirs-of-a-waffen-ss-volunteer-1941.pdfIn PDF document text
    • http://www.gorillawalker.com/mercator-the-man-who-mapped-the-planet.pdfIn PDF document text
    • http://www.gorillawalker.com/almas-errantes-spanish-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/grace-fallen-from-wesleyan-poetry-series.pdfIn PDF document text
    • http://www.gorillawalker.com/raw-food-recipes-no-meat-no-heat.pdfIn PDF document text
    • http://www.gorillawalker.com/cutting-edge-research-in-developing-the-library-of-the-future.pdfIn PDF document text
    • http://www.gorillawalker.com/mcat-verbal-reasoning-hyperlearning-2007.pdfIn PDF document text
    • http://www.gorillawalker.com/man-repeller-seeking-love-finding-overalls.pdfIn PDF document text
    • http://www.gorillawalker.com/code-of-federal-regulations-title-21-food-and-drugs-pt.pdfIn PDF document text
    • http://www.gorillawalker.com/50-tips-to-help-you-stay-positive.pdfIn PDF document text
    • http://www.gorillawalker.com/field-manual-fm-3-21-20-fm-7-20-the.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text