Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5300a1717bc06e3…

MALICIOUS

PDF

32.0 KB Created: 2020-01-17 19:20:36 +03:00 Authoring application: FrameMaker 12.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 7c3e03822c847ff3ae13bb1ff2392eec SHA-1: 5a0ba20ff35f9a899313040bf22aea1a1db3dc1d SHA-256: a5300a1717bc06e341f7f4ff21e72c3980479944dcf4b1369d296e98ed552cc3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to URLs on gorillawalker.com. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests a potential SEO poisoning or phishing attempt to drive traffic to malicious or compromised content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/set-theory-and-hierarchy-theory-a-memorial-tribute-to-andrzej.pdf
    • http://www.gorillawalker.com/hal-leonard-more-easy-songs-for-ukulele.pdf
    • http://www.gorillawalker.com/healing-your-heart-of-painful-emotions.pdf
    • http://www.gorillawalker.com/the-short-drop.pdf
    • http://www.gorillawalker.com/knocked-up-michelle-a-forbidden-taboo-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/morocco-cultureshock-cultureshock.pdf
    • http://www.gorillawalker.com/a-giant-cow-tipping-by-savages-inside-the-turbulent-world.pdf
    • http://www.gorillawalker.com/qualitative-methods-for-practice-research-pocket-guides-to-social-work.pdf
    • http://www.gorillawalker.com/same-job-new-life-how-to-work-from-home-from.pdf
    • http://www.gorillawalker.com/miss-don-t-touch-me-vol-2.pdf
    • http://www.gorillawalker.com/co-os-y-barro-spanish-edition.pdf
    • http://www.gorillawalker.com/sudoku-25x25-volume-3-sudoku-xtra-specials.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-team-building.pdf
    • http://www.gorillawalker.com/the-criminal-justice-system.pdf
    • http://www.gorillawalker.com/thomas-stonestreet-of-birchden-withyham-east-sussex-and-of-charles.pdf
    • http://www.gorillawalker.com/save-a-bundle-50-ways-to-save-big-on-baby.pdf
    • http://www.gorillawalker.com/beethoven-s-tempest-sonata-perspectives-of-analysis-and-performance-analysis.pdf
    • http://www.gorillawalker.com/community-service-lending-a-hand-cocurricular-activities-their-values-and.pdf
    • http://www.gorillawalker.com/a-voice-for-human-rights-pennsylvania-studies-in-human-rights.pdf
    • http://www.gorillawalker.com/aqa-gcse-sciences-biology-chemistry-and-physics-spec-by-step.pdf
    • http://www.gorillawalker.com/the-water-gates-water-rights-water-wars-in-the-50.pdf
    • http://www.gorillawalker.com/madrid-sevilla.pdf
    • http://www.gorillawalker.com/the-high-speed-blender-cookbook-how-to-get-the-best.pdf
    • http://www.gorillawalker.com/textbook-of-adverse-drug-reactions-oxford-medical-publications.pdf
    • http://www.gorillawalker.com/around-the-world-on-a-frayed-shoestring-travel-tales-for.pdf
    • http://www.gorillawalker.com/the-washington-manual-of-medical-therapeutics-thirty-first-edition-for.pdf
    • http://www.gorillawalker.com/frankfurt-vista-point-city-guide-and-plan.pdf
    • http://www.gorillawalker.com/dream-katcher.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-venture-capital.pdf
    • http://www.gorillawalker.com/financially-distressed-companies-answer-book-2013-4-practising-law-institute.pdf
    • http://www.gorillawalker.com/case-studies-in-chiropractic-radiology.pdf
    • http://www.gorillawalker.com/union-street-blow-your-house-down-paperback-common.pdf
    • http://www.gorillawalker.com/sixth-beatle-when-music-changed-the-world.pdf
    • http://www.gorillawalker.com/cast-upon-the-breakers.pdf
    • http://www.gorillawalker.com/the-tripping-spriggan.pdf
    • http://www.gorillawalker.com/the-bells-of-hell-acting-edition.pdf
    • http://www.gorillawalker.com/cracking-the-gre-chemistry-test-2nd-edition-graduate-test-prep.pdf
    • http://www.gorillawalker.com/colonialism-a-theoretical-overview.pdf
    • http://www.gorillawalker.com/misa-negra-black-mass-la-religion-apocaliptica-y-la-muerte.pdf
    • http://www.gorillawalker.com/fibers-made-by-people-innovations-in-science.pdf
    • http://www.gorillawalker.com/thomas-stonestreet-of-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.