Malicious PDF — malware analysis report

Static analysis result for SHA-256 d74efd8f2f082cea…

MALICIOUS

PDF

42.0 KB Created: 2019-04-28 08:17:16 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: 33366ff6e05035b57342e3b8f4022d59 SHA-1: b8c291e4ffe08b9dc7be609781436d73f80ce66d SHA-256: d74efd8f2f082ceae8da92f60bd1b3f32d79acb11568014984d931fe2e6acd07
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, indicating a potential SEO manipulation or redirection scheme. The document body contains numerous URLs pointing to PDFs hosted on 'gorillawalker.com', suggesting a link farm or a method to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-letter-of-james-the-new-international-commentary-on-the.pdf
    • http://www.gorillawalker.com/mindsets-2ed-the-role-of-culture-and-perception-in-international.pdf
    • http://www.gorillawalker.com/sweeney-todd-movie-selections-piano-vocal.pdf
    • http://www.gorillawalker.com/claim-me-the-stark-trilogy-book-2.pdf
    • http://www.gorillawalker.com/the-super-bowl-50-delicious-dips.pdf
    • http://www.gorillawalker.com/bmj-clinical-review-general-practice-study-text.pdf
    • http://www.gorillawalker.com/fecal-urinary-diversions-management-principles-1e.pdf
    • http://www.gorillawalker.com/typhoon-holidays-taiwan-global-kids-storybooks.pdf
    • http://www.gorillawalker.com/the-power-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-phantom-coach-a-connoisseur-s-collection-of-victorian-ghost.pdf
    • http://www.gorillawalker.com/mathematical-ideas-books-a-la-carte-edition-11th-edition.pdf
    • http://www.gorillawalker.com/preserving-korean-music-intangible-cultural-properties-as-icons-of-identity.pdf
    • http://www.gorillawalker.com/100-days-of-blessing-volume-1-devotions-for-wives-and.pdf
    • http://www.gorillawalker.com/letters-to-my-muslim-friends-some-thoughts-of-a-buddhist.pdf
    • http://www.gorillawalker.com/the-green-house.pdf
    • http://www.gorillawalker.com/career-counseling-over-the-internet-an-emerging-model-for-trusting.pdf
    • http://www.gorillawalker.com/paralegal-coursemate-with-ebook-printed-access-card-for-tepper-s.pdf
    • http://www.gorillawalker.com/histology-of-the-fowl.pdf
    • http://www.gorillawalker.com/numicon-number-pattern-and-calculating-5-teaching-pack-5.pdf
    • http://www.gorillawalker.com/highland-sparks-logan-and-gwyneth-clan-grant.pdf
    • http://www.gorillawalker.com/sense-of-taste-the-paperback-blastoff-readers-the-senses.pdf
    • http://www.gorillawalker.com/strapped-down-strapped-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-judgments-of-nativities.pdf
    • http://www.gorillawalker.com/black-rose-kindle-edition.pdf
    • http://www.gorillawalker.com/a-boy-named-beckoning-the-true-story-of-dr-carlos.pdf
    • http://www.gorillawalker.com/dreams-symbols-and-homeopathy-archetypal-dimensions-of-healing.pdf
    • http://www.gorillawalker.com/discovering-the-city-of-david.pdf
    • http://www.gorillawalker.com/rules-of-thumb-2.pdf
    • http://www.gorillawalker.com/ideas-en-psicoanalisis-ideas-in-psychoanalysis-actos-fallidos-spanish-edition.pdf
    • http://www.gorillawalker.com/honolulu-hi-street-map.pdf
    • http://www.gorillawalker.com/cooking-essentials-williams-sonoma-williams-sonoma-essentials.pdf
    • http://www.gorillawalker.com/jokes-riddles-and-wisdom.pdf
    • http://www.gorillawalker.com/the-meaning-of-irony-a-psychoanalytic-investigation-s-u-n.pdf
    • http://www.gorillawalker.com/dragon-songs-love-and-adventure-among-crocodiles-alligators-and-other.pdf
    • http://www.gorillawalker.com/north-carolina-waterfalls-where-to-find-them-how-to-photograph.pdf
    • http://www.gorillawalker.com/milligan-mayhem.pdf
    • http://www.gorillawalker.com/heroine-of-the-titanic-the.pdf
    • http://www.gorillawalker.com/avancemos-florida-eedition-cd-rom-level-1-2007-spanish-edition.pdf
    • http://www.gorillawalker.com/the-flute-vol-1.pdf
    • http://www.gorillawalker.com/first-force-recon-company-sunrise-at-midnight.pdf
    • http://www.gorillawalker.com/the-phantom-coach-a-connoisseur-s-collect
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.