Malicious PDF — malware analysis report

Static analysis result for SHA-256 a59bb389ceb09bbe…

MALICIOUS

PDF

35.2 KB Created: 2019-12-14 05:49:01 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: b5d175859ac2b67b93f9192aee6f8f7f SHA-1: 9dda68d92c84d87359811272fc771d39525efb42 SHA-256: a59bb389ceb09bbe23208ad324b694356011782654576da4c90b4485b10e5941
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to various documents on the gorillawalker.com domain, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/china-in-a-polycentric-world-essays-in-chinese-comparative-literature.pdf
    • http://www.gorillawalker.com/wisdom-of-smart-followers-argentine-tango-for-women.pdf
    • http://www.gorillawalker.com/taken-by-the-caveman-monster-erotica-erotic-time-traveling-chronicles.pdf
    • http://www.gorillawalker.com/poker-isometrics-and-poker-fitness.pdf
    • http://www.gorillawalker.com/theoretical-and-experimental-sonochemistry-involving-inorganic-systems.pdf
    • http://www.gorillawalker.com/glaucoma-an-issue-of-veterinary-clinics-of-north-america-small.pdf
    • http://www.gorillawalker.com/la-monarquia-clasicos-del-pensamiento-classics-of-thought-spanish-edition.pdf
    • http://www.gorillawalker.com/contours-of-ableism-the-production-of-disability-and-abledness.pdf
    • http://www.gorillawalker.com/geological-map-of-birkat-al-mawz-sheet-nf-40-7b.pdf
    • http://www.gorillawalker.com/applied-mergers-and-acquisitions-textbook-and-student-workbook.pdf
    • http://www.gorillawalker.com/classic-rock-horn-easy-instrumental-play-along-audio-online-hal.pdf
    • http://www.gorillawalker.com/ferrocement-laminated-cementitious-composites.pdf
    • http://www.gorillawalker.com/mount-vesuvius-a-descriptive-historical-and-geological-account-of-the.pdf
    • http://www.gorillawalker.com/forbidden-passion-the-black-white-gay-shifter-romance-mm-series.pdf
    • http://www.gorillawalker.com/psychology-of-health-illness-and-medical-care-an-individual-perspective.pdf
    • http://www.gorillawalker.com/the-broadview-anthology-of-expository-prose-second-edition-broadview-editions.pdf
    • http://www.gorillawalker.com/roster-of-the-general-society-of-the-war-of-1812.pdf
    • http://www.gorillawalker.com/the-elijah-legends-and-jehu-s-coup.pdf
    • http://www.gorillawalker.com/the-mysterious-affair-at-styles.pdf
    • http://www.gorillawalker.com/rosen-aus-dem-s-den-op-388-full-score-a2101.pdf
    • http://www.gorillawalker.com/adventure-through-red-devon.pdf
    • http://www.gorillawalker.com/mr-benson-a-novel.pdf
    • http://www.gorillawalker.com/playboy-may-1958.pdf
    • http://www.gorillawalker.com/brief-counseling-that-works-a-solution-focused-therapy-approach-for.pdf
    • http://www.gorillawalker.com/tosca-an-opera-in-three-acts.pdf
    • http://www.gorillawalker.com/moon-brazil-moon-handbooks.pdf
    • http://www.gorillawalker.com/braided-worlds.pdf
    • http://www.gorillawalker.com/dutch-soccer-drills-vol-1-individual-skills.pdf
    • http://www.gorillawalker.com/faith-sharing-for-small-church-communities.pdf
    • http://www.gorillawalker.com/the-beast-within-art-of-ken-barr-hardcover-ed-hardcover.pdf
    • http://www.gorillawalker.com/soups-for-all-seasons.pdf
    • http://www.gorillawalker.com/peptides-and-protein-phosphorylation.pdf
    • http://www.gorillawalker.com/toward-an-integral-practice-of-architecture.pdf
    • http://www.gorillawalker.com/soils-geomorphology-3rd-edition.pdf
    • http://www.gorillawalker.com/the-storyteller-a-memoir-of-secrets-magic-and-lies.pdf
    • http://www.gorillawalker.com/town-country-the-art-of-gratitude-thank-you-notes-for.pdf
    • http://www.gorillawalker.com/high-mileage-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/a-test-in-phonetics-500-questions-and-answers-on-english.pdf
    • http://www.gorillawalker.com/scott-foresman-addison-wesley-middle-school-math-course-2.pdf
    • http://www.gorillawalker.com/moltke-and-his-generals-a-study-in-leadership.pdf
    • http://www.gorillawalker.com/la-monarquia-clasicos-del-pensamien
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.