Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7371e3929c2e1e1…

MALICIOUS

PDF

32.4 KB Created: 2019-12-13 02:09:04 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: c7fdb14cd4f0ffc63622d8c47c89aef1 SHA-1: 4f01af62f0e177c3d1be6361864ee377048bb12f SHA-256: d7371e3929c2e1e19800e77b56008e41bd88d98653b6b6edeb2f13f499b5ce26
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com, likely for SEO manipulation or to host malicious content disguised as legitimate files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dan-sater-s-ultimate-mediterranean-home-plans-collection.pdf
    • http://www.gorillawalker.com/odd-man-in.pdf
    • http://www.gorillawalker.com/renouncing-the-world-yet-leading-the-church-the-monk-bishop.pdf
    • http://www.gorillawalker.com/excavation-and-grading-code-administration-inspection-and-enforcement.pdf
    • http://www.gorillawalker.com/the-models.pdf
    • http://www.gorillawalker.com/ready-set-potty-toilet-training-for-children-with-autism-and.pdf
    • http://www.gorillawalker.com/the-history-of-cartography-byharley.pdf
    • http://www.gorillawalker.com/dvd-for-fifty-strategies-for-teaching-english-language-learners.pdf
    • http://www.gorillawalker.com/electronic-music-systems-techniques-and-controls.pdf
    • http://www.gorillawalker.com/rand-mcnally-broward-county-streetfinder.pdf
    • http://www.gorillawalker.com/los-cuerpos-del-deseo-cuentos-er-ticos-spanish-edition.pdf
    • http://www.gorillawalker.com/willy-reilly-the-works-of-william-carleton-volume-one.pdf
    • http://www.gorillawalker.com/scarne-s-encyclopaedia-of-card-games-perennial-library-reprint-edition.pdf
    • http://www.gorillawalker.com/alaska-s-kenai-peninsula-a-traveler-s-guide.pdf
    • http://www.gorillawalker.com/first-aid-in-the-workplace-2nd-edition.pdf
    • http://www.gorillawalker.com/developments-in-rubber-technology4-volume-4.pdf
    • http://www.gorillawalker.com/salsas-picantes-para-valientes-food-heroes-spanish-edition.pdf
    • http://www.gorillawalker.com/beginning-directx-11-game-programming-kindle-edition.pdf
    • http://www.gorillawalker.com/cal-96-baseball.pdf
    • http://www.gorillawalker.com/managing-depression-with-cbt-for-dummies.pdf
    • http://www.gorillawalker.com/consolidated-ontario-education-statutes-and-regulation-2007.pdf
    • http://www.gorillawalker.com/the-gymnastics-history-of-8-thousand-90-years-1-version.pdf
    • http://www.gorillawalker.com/renaissance-mad-voyages-experiments-in-early-modern-english-travel-cultures.pdf
    • http://www.gorillawalker.com/handbook-of-energy-engineering-seventh-edition.pdf
    • http://www.gorillawalker.com/a-native-s-guide-to-chicago-s-south-suburbs.pdf
    • http://www.gorillawalker.com/the-agrarian-history-of-england-and-wales-part-2.pdf
    • http://www.gorillawalker.com/cabin-fever-diary-of-a-wimpy-kid.pdf
    • http://www.gorillawalker.com/things-to-do-in-amsterdam-museums-rijksmuseum-amsterdam-guide-van.pdf
    • http://www.gorillawalker.com/lectures-on-symplectic-geometry-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/la-costola-di-adamo-eden-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/juliana-s-bananas-where-do-your-bananas-come-from-is.pdf
    • http://www.gorillawalker.com/communication-revolution-critical-junctures-and-the-future-of-media.pdf
    • http://www.gorillawalker.com/sorrento-capri-amalfi-coast-footprint-focus.pdf
    • http://www.gorillawalker.com/terrorism-and-the-foreigner-a-decade-of-tension-around-the.pdf
    • http://www.gorillawalker.com/dual-languages-development-and-disorders-a-handbook-on-bilingualism-and.pdf
    • http://www.gorillawalker.com/chilton-s-chassis-electronics-service-manual-no-8152-motor-age.pdf
    • http://www.gorillawalker.com/tiny-tall-tales-from-corners-of-england-kindle-edition.pdf
    • http://www.gorillawalker.com/mcclellan-sherman-and-grant.pdf
    • http://www.gorillawalker.com/inside-out-british-columbia.pdf
    • http://www.gorillawalker.com/vargulf-special-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/scarne-s-encyclopaedia-of-card-games-perenn
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.