Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8e19bf4d99d9f5f…

MALICIOUS

PDF

32.5 KB Created: 2019-12-14 00:22:51 +03:00 Authoring application: Adobe InDesign CS3 (5.0) (via Adobe PDF Library 8.0)
MD5: c83fe0f5ccb3b118067f0873c976410c SHA-1: 61a97ce72e9bfb5dcb2136bfbda4b91a07771230 SHA-256: a8e19bf4d99d9f5f3c86ac48d80328194f615a310bbe16ebe9c6a8d2ab7dc500
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded external links, as detected by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the domain www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the file with high confidence. The purpose appears to be to direct users to a large collection of external resources, potentially for SEO manipulation or to host malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lewis-starts-school-look-for-loneliness.pdf
    • http://www.gorillawalker.com/the-social-life-of-materials-studies-in-materials-and-society.pdf
    • http://www.gorillawalker.com/the-big-boat-race-team-umizoomi-hologramatic-sticker-book.pdf
    • http://www.gorillawalker.com/restful-web-apis-kindle-edition.pdf
    • http://www.gorillawalker.com/the-true-story-of-kaluaikoolau.pdf
    • http://www.gorillawalker.com/tonight-from-west-side-story-sheet-music.pdf
    • http://www.gorillawalker.com/reading-2013-common-core-student-edition-grade-3-1.pdf
    • http://www.gorillawalker.com/flute-solos-level-ii-solo-book.pdf
    • http://www.gorillawalker.com/the-world-of-flams.pdf
    • http://www.gorillawalker.com/god-created-the-heavens-and-the-earth.pdf
    • http://www.gorillawalker.com/fashionable-clothing-from-the-sears-catalogs-early-1970s-schiffer-book.pdf
    • http://www.gorillawalker.com/city21-the-search-for-the-second-enlightenment.pdf
    • http://www.gorillawalker.com/coremacroeconomics-course-tutor-2nd-second-edition-by-stone-gerald-published.pdf
    • http://www.gorillawalker.com/1997-children-s-writer-s-illustrator-s-market-children-s.pdf
    • http://www.gorillawalker.com/symposium-of-gastrointestinal-medicine-and-surgery-vol-2-no-1.pdf
    • http://www.gorillawalker.com/gender-and-the-south-china-miracle-two-worlds-of-factory.pdf
    • http://www.gorillawalker.com/f-o-r-m-a-conociendo-cu-l-es-el.pdf
    • http://www.gorillawalker.com/woman-s-world-cookery-calendar-being-a-selection-of-tested.pdf
    • http://www.gorillawalker.com/06-06-2015-max-cap-stocks-buy-sell-hold-ratings.pdf
    • http://www.gorillawalker.com/drawing-trucks-and-diggers-a-book-of-10-stencils.pdf
    • http://www.gorillawalker.com/one-last-lie.pdf
    • http://www.gorillawalker.com/microbial-inoculants-bio-accumulation-and-phytoremediation-using-bioinoculants.pdf
    • http://www.gorillawalker.com/one-drawing-a-day-a-6-week-course-exploring-creativity.pdf
    • http://www.gorillawalker.com/no-mercy-dark-hunter-world.pdf
    • http://www.gorillawalker.com/rough-complete-series.pdf
    • http://www.gorillawalker.com/new-insights-into-audiovisual-translation-and-media-accessibility-media-for.pdf
    • http://www.gorillawalker.com/harrington-the-commonwealth-of-oceana-and-a-system-of-politics.pdf
    • http://www.gorillawalker.com/travels-in-india-ceylon-and-borneo-the-broadway-travellers.pdf
    • http://www.gorillawalker.com/yoga-for-young-mothers.pdf
    • http://www.gorillawalker.com/the-perfectly-imperfect-home-how-to-decorate-and-live-well.pdf
    • http://www.gorillawalker.com/one-year-to-an-organized-work-life-from-your-desk.pdf
    • http://www.gorillawalker.com/developing-an-effective-and-accountable-school-counseling-program-2nd-edition.pdf
    • http://www.gorillawalker.com/harlequin-kiss-june-2014-bundle-don-t-tell-the-wedding.pdf
    • http://www.gorillawalker.com/the-new-testament-in-scots-congate-classics.pdf
    • http://www.gorillawalker.com/hello-kitty-jumbo-coloring-activity-book.pdf
    • http://www.gorillawalker.com/enchanted-evenings-the-broadway-musical-from-show-boat-to-sondheim.pdf
    • http://www.gorillawalker.com/consolation-the-consolation-duet-volume-1.pdf
    • http://www.gorillawalker.com/blood-and-tears-greece-1940-1949-a-story-of-war.pdf
    • http://www.gorillawalker.com/zagatsurvey-1996-update-chicago-restaurants-annual.pdf
    • http://www.gorillawalker.com/new-york-for-kids-travel-guide-2014-places-for-kids.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.