Malicious PDF — malware analysis report

Static analysis result for SHA-256 b16fbc757bd9eeff…

MALICIOUS

PDF

32.0 KB Created: 2020-02-08 21:01:13 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: a5b016fbc919a365402a80a6025cda82 SHA-1: 03df3b8975f0debd15da979dc9fea95d54913276 SHA-256: b16fbc757bd9eeffbe1d5978bb25a1f8b1d0f502ca175068fdb8128b1ff35c8f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/life-pre-intermediate-with-dvd.pdf
    • http://www.gorillawalker.com/defying-male-civilization-women-in-the-spanish-civil-war-women.pdf
    • http://www.gorillawalker.com/triathlons-an-entry-from-charles-scribner-s-sons-encyclopedia-of.pdf
    • http://www.gorillawalker.com/the-social-life-of-trees-anthropological-perspectives-on-tree-symbolism.pdf
    • http://www.gorillawalker.com/organ-music.pdf
    • http://www.gorillawalker.com/the-global-fight-for-climate-justice-anticapitalist-responses-to-global.pdf
    • http://www.gorillawalker.com/gregg-shorthand-for-colleges-transcription-diamond-jubilee-series.pdf
    • http://www.gorillawalker.com/letters-to-santa-claus.pdf
    • http://www.gorillawalker.com/handbook-on-ceo-board-relations-and-responsibilities.pdf
    • http://www.gorillawalker.com/liquid-heat-elymyntyl-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-papered-wall-history-pattern-technique.pdf
    • http://www.gorillawalker.com/sonate-no-1-sheet-music.pdf
    • http://www.gorillawalker.com/on-the-road-with-janis-joplin-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/teacher-as-counselor-developing-the-helping-skills-you-need-survival.pdf
    • http://www.gorillawalker.com/memoirs-and-travels-of-mauritius-augustus-count-de-benyowsky-consisting.pdf
    • http://www.gorillawalker.com/the-bronx-river-in-history-folklore.pdf
    • http://www.gorillawalker.com/merlin-the-pendragon-cycle.pdf
    • http://www.gorillawalker.com/masters-of-deception-escher-dal-the-artists-of-optical-illusion.pdf
    • http://www.gorillawalker.com/exploracion-oficial-por-la-primera-vez-desde-el-norte-de.pdf
    • http://www.gorillawalker.com/dragon-marked-supernatural-prison-1-kindle-edition.pdf
    • http://www.gorillawalker.com/bunnicula-a-rabbit-tale-of-mystery.pdf
    • http://www.gorillawalker.com/achieving-accountability-in-higher-education-balancing-public-academic-and-market.pdf
    • http://www.gorillawalker.com/tamoxifen-new-hope-in-the-fight-against-breast-cancer.pdf
    • http://www.gorillawalker.com/titian-his-life.pdf
    • http://www.gorillawalker.com/cooking-for-two-today.pdf
    • http://www.gorillawalker.com/value-respect-and-attachment-the-seeley-lectures.pdf
    • http://www.gorillawalker.com/we-are-the-music-makers-volume-ii-string-trios-a.pdf
    • http://www.gorillawalker.com/matthew-barney-drawing-restraint-7.pdf
    • http://www.gorillawalker.com/cote-d-or-saone-et-loire-2003-michelin-local-maps.pdf
    • http://www.gorillawalker.com/the-psychology-of-revolution.pdf
    • http://www.gorillawalker.com/the-claiming-episode-one-mf-voyeur-sex-club-the-millionaire.pdf
    • http://www.gorillawalker.com/complementary-holistic-medicine-for-prostate-cancer-it-s-your-life.pdf
    • http://www.gorillawalker.com/outsourcing-wars-comparing-risk-benefits-and-motivation-of-contractors-and.pdf
    • http://www.gorillawalker.com/happiness-and-place-why-life-is-better-outside-of-the.pdf
    • http://www.gorillawalker.com/children-s-books-the-farm-rhyming-picture-book-farm-animals.pdf
    • http://www.gorillawalker.com/fastmap-minneapolis-st-paul.pdf
    • http://www.gorillawalker.com/ivy-global-s-new-sat-2016-practice-test-2-2nd.pdf
    • http://www.gorillawalker.com/beyond-the-gym-grade-1-physical-activity-lessons-for-the.pdf
    • http://www.gorillawalker.com/models-craft-workshop.pdf
    • http://www.gorillawalker.com/rick-steves-snapshot-barcelona-rick-steves-snapshot.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.