Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1e3f30ea5c35881…

MALICIOUS

PDF

35.1 KB Created: 2020-01-03 01:15:17 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Word (via Acrobat Distiller 7.0 (Windows))
MD5: 9feba37d9fec81fad97744da468889e9 SHA-1: 7cdea5627635ce80f955587d3fca05252d81fc13 SHA-256: d1e3f30ea5c35881e6afa43d277e40e8f8b292a2219c65b02e5389ae37641f99
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically pointing to PDFs on the domain 'gorillawalker.com'. While no malicious scripts were extracted, the sheer volume of links suggests a malicious intent, likely for SEO manipulation or to distribute further malicious content. The ML classifier also indicated a malicious probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5172

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-book-of-success.pdf
    • http://www.gorillawalker.com/nutrition-diet-therapy-5th-10-by-paperback-2010.pdf
    • http://www.gorillawalker.com/dark-energy-theory-and-observations.pdf
    • http://www.gorillawalker.com/a-woman-of-substance-harte-family-saga.pdf
    • http://www.gorillawalker.com/conceptual-representation-a-special-issue-of-language-and-cognitive-processes.pdf
    • http://www.gorillawalker.com/bologna-emilia-romagna.pdf
    • http://www.gorillawalker.com/business-statistics-a-first-course-student-value-edition-plus-new.pdf
    • http://www.gorillawalker.com/llewellyn-s-2002-magical-almanac.pdf
    • http://www.gorillawalker.com/shipwrecks-of-new-york-gary-gentile-s-popular-dive-guide.pdf
    • http://www.gorillawalker.com/the-official-christian-babysitting-guide.pdf
    • http://www.gorillawalker.com/what-are-state-and-local-governments-let-s-find-out.pdf
    • http://www.gorillawalker.com/viking-thrall.pdf
    • http://www.gorillawalker.com/in-the-footsteps-of-the-prophet-lessons-from-the-life.pdf
    • http://www.gorillawalker.com/an-alpha-in-the-making-nehalem-pack-12-siren-publishing.pdf
    • http://www.gorillawalker.com/differential-diagnosis-in-surgical-pathology-expert-consult-online-and-print.pdf
    • http://www.gorillawalker.com/billion-dollar-brain-secret-files.pdf
    • http://www.gorillawalker.com/irish-drinking-songs-with-chords-kindle-edition.pdf
    • http://www.gorillawalker.com/abundant-comfort-and-grace.pdf
    • http://www.gorillawalker.com/la-cruz-y-el-pu.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-compressor-technology.pdf
    • http://www.gorillawalker.com/tragedy-and-the-tragic-greek-theatre-and-beyond.pdf
    • http://www.gorillawalker.com/invariance-and-variability-in-speech-processes.pdf
    • http://www.gorillawalker.com/handbook-of-veterinary-pharmacology-digital.pdf
    • http://www.gorillawalker.com/they-killed-our-president-63-reasons-to-believe-there-was.pdf
    • http://www.gorillawalker.com/no-more-christian-nice-girl-when-just-being-nice-instead.pdf
    • http://www.gorillawalker.com/a-matter-of-circumstance-and-celludrones-dark-matters-book-1.pdf
    • http://www.gorillawalker.com/copra-ship-voyage-to-fiji-s-outlying-islands.pdf
    • http://www.gorillawalker.com/clary-genealogy-four-early-american-lines-and-related-families.pdf
    • http://www.gorillawalker.com/barron-s-regents-exams-and-answers-2nd-second-edition-byhunter.pdf
    • http://www.gorillawalker.com/seepage-hydraulics-developments-in-water-science.pdf
    • http://www.gorillawalker.com/pancho-rabbit-and-the-coyote-a-migrant-s-tale-tomas.pdf
    • http://www.gorillawalker.com/organisational-design-what-your-university-forgot-to-teach-you.pdf
    • http://www.gorillawalker.com/duke-university-2012.pdf
    • http://www.gorillawalker.com/eortc-genitourinary-group-monograph-7-prostate-cancer-and-testicular-cancer.pdf
    • http://www.gorillawalker.com/animal-rescue-book-1-seals-sea-lions-and-elephant-seals.pdf
    • http://www.gorillawalker.com/bride-s-book-of-etiquette.pdf
    • http://www.gorillawalker.com/sicily-s-historic-coasts.pdf
    • http://www.gorillawalker.com/essays-on-the-theory-of-numbers-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/trinidad-tobago-construction-contract-award-for-planned-5-000-metric.pdf
    • http://www.gorillawalker.com/music-in-bali-experiencing-music-expressing-culture-includes-cd-global.pdf
    • http://www.gorillawalker.com/the-off
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.