Malicious PDF — malware analysis report

Static analysis result for SHA-256 a67f68f7e738a6e8…

MALICIOUS

PDF

34.3 KB Created: 2020-01-17 19:19:22 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: fbfe5ea3bc7a5fe7e0f5ffd35fd68eb4 SHA-1: 653ec668d3f1cf28c52b267854d93cdefbcc83f6 SHA-256: a67f68f7e738a6e8b7d9877ebc63ba914834f549d756f19ffaafbfad5f3f93e8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, primarily pointing to PDFs hosted on www.gorillawalker.com. This suggests a link farm or SEO manipulation tactic. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of linked PDFs indicates a malicious intent to direct users to potentially harmful content or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/suena-cuaderno-de-ejercicios-book-2-book-cd-spanish-edition.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-and-administration-of-the-sacraments.pdf
    • http://www.gorillawalker.com/handbook-of-chemical-and-biological-plant-analytical-methods-3-volume.pdf
    • http://www.gorillawalker.com/time-saver-standards-for-housing-and-residential-development.pdf
    • http://www.gorillawalker.com/turtles-2009.pdf
    • http://www.gorillawalker.com/digital-computers-and-nuclear-design.pdf
    • http://www.gorillawalker.com/poems-from-the-girl-next-door-imaginations-illusions-and-images.pdf
    • http://www.gorillawalker.com/breast-the.pdf
    • http://www.gorillawalker.com/the-hobbit-or-there-and-back-again-isis-clear-type.pdf
    • http://www.gorillawalker.com/explicit-instruction-effective-and-efficient-teaching-what-works-for-special.pdf
    • http://www.gorillawalker.com/cruising-through-the-menopause-managing-your-menopause-successfully-without-hrt.pdf
    • http://www.gorillawalker.com/menu-del-dia-more-than-100-classic-authentic-recipes-from.pdf
    • http://www.gorillawalker.com/professional-fly-tying-and-spinning-lure-making-manual.pdf
    • http://www.gorillawalker.com/unmonumental.pdf
    • http://www.gorillawalker.com/mastering-contract-law.pdf
    • http://www.gorillawalker.com/when-solomon-sings-urban-christian.pdf
    • http://www.gorillawalker.com/love-s-affliction.pdf
    • http://www.gorillawalker.com/2014-icd-9-cm-for-hospitals-volumes-1-2-3.pdf
    • http://www.gorillawalker.com/custody-for-fathers-a-practical-guide-through-the-combat-zone.pdf
    • http://www.gorillawalker.com/history-of-the-jews-in-modern-times.pdf
    • http://www.gorillawalker.com/paleo-recipes-super-bundle-delicious-paleo-diet-cookbook-by-the.pdf
    • http://www.gorillawalker.com/the-heirloom-kregel-inspirational-novella.pdf
    • http://www.gorillawalker.com/rf-circuit-fundamentals-pt-2.pdf
    • http://www.gorillawalker.com/impromptu-jazz-sheet-music.pdf
    • http://www.gorillawalker.com/gre-prep-test-commonly-confused-words-flash-cards-cram-now.pdf
    • http://www.gorillawalker.com/pharmacotherapy-casebook-a-patient-focused-approach-9-edition.pdf
    • http://www.gorillawalker.com/animal-reiki.pdf
    • http://www.gorillawalker.com/brain-games-sudoku-large-print.pdf
    • http://www.gorillawalker.com/shadowrun-shaken-no-job-too-small.pdf
    • http://www.gorillawalker.com/wood-block-printing-a-description-of-the-craft-of-woodcutting.pdf
    • http://www.gorillawalker.com/global-governance.pdf
    • http://www.gorillawalker.com/how-social-networking-doubled-my-business.pdf
    • http://www.gorillawalker.com/civil-avionics-systems-aerospace-series.pdf
    • http://www.gorillawalker.com/egyptian-designs-dover-pictorial-archive.pdf
    • http://www.gorillawalker.com/quails-about-raising-quails.pdf
    • http://www.gorillawalker.com/verb-crisis.pdf
    • http://www.gorillawalker.com/maisy-2001-calendar-maisy.pdf
    • http://www.gorillawalker.com/no-open-wounds-heal-traumatic-stress-now-complete-recovery-with.pdf
    • http://www.gorillawalker.com/american-rust-a-novel-random-house-reader-s-circle.pdf
    • http://www.gorillawalker.com/content-area-reading-and-literacy-succeeding-in-today-s-diverse.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.