Malicious PDF — malware analysis report

Static analysis result for SHA-256 e32d6e526e0ff507…

MALICIOUS

PDF

35.3 KB Created: 2019-12-13 16:41:08 +03:00 Authoring application: Adobe InDesign CS4 (6.0) (via Adobe PDF Library 9.0)
MD5: 0764871b607323db79186a0b36e3d7b7 SHA-1: 99712bd063beb836c0373b53fc5359611535bea3 SHA-256: e32d6e526e0ff507a58fecf6481c1c4119de811def21da3c74383b1701a36aba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a vast collection of URLs hosted on www.gorillawalker.com, likely for SEO manipulation or to serve as a landing page for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/microfluidic-fuel-cells-and-batteries-springerbriefs-in-energy.pdf
    • http://www.gorillawalker.com/florida-state-seminoles-2012-vintage-football-calendar.pdf
    • http://www.gorillawalker.com/klassische-meisterwerke-f-r-e-bass-leichte-st-cke-von.pdf
    • http://www.gorillawalker.com/god-without-being-hors-texte-second-edition-religion-and-postmodernism.pdf
    • http://www.gorillawalker.com/c-is-for-corpse-the-kinsey-millhone-alphabet-mysteries.pdf
    • http://www.gorillawalker.com/bolivia-constitution-and-citizenship-laws-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/constitution-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/a-stroke-of-midnight-urban-fantasy-merry-gentry-4-a.pdf
    • http://www.gorillawalker.com/vascular-imaging-direct-diagnosis-in-radiology.pdf
    • http://www.gorillawalker.com/porsche-924-928-944.pdf
    • http://www.gorillawalker.com/m-c-escher-his-life-and-complete-graphic-work-with.pdf
    • http://www.gorillawalker.com/celiac-friendly-solution-smoothies-recipes-ultimate-celiac-cookbook-series-for.pdf
    • http://www.gorillawalker.com/the-superman-routine-how-to-get-a-fit-body-in.pdf
    • http://www.gorillawalker.com/forever-lasting-everlasting-series-book-2.pdf
    • http://www.gorillawalker.com/the-horror-of-the-heights-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/a-parent-s-guide-to-san-diego-and-baja-california.pdf
    • http://www.gorillawalker.com/constituciones-fundacionales-de-puerto-rico-leyes-spanish-edition.pdf
    • http://www.gorillawalker.com/handbook-of-politics-in-indian-states-region-parties-and-economic.pdf
    • http://www.gorillawalker.com/environments-for-learning.pdf
    • http://www.gorillawalker.com/birbal-sahni-kindle-edition.pdf
    • http://www.gorillawalker.com/orbit-stephen-king.pdf
    • http://www.gorillawalker.com/orations-of-the-fatimid-caliphs-festival-sermons-of-the-ismaili.pdf
    • http://www.gorillawalker.com/ce-besoin-d-espagne.pdf
    • http://www.gorillawalker.com/echo-of-the-soul-the-sacredness-of-the-human-body.pdf
    • http://www.gorillawalker.com/3d-atlas-of-zion-national-park.pdf
    • http://www.gorillawalker.com/who-runs-congress.pdf
    • http://www.gorillawalker.com/the-three-pigs.pdf
    • http://www.gorillawalker.com/india-holy-song.pdf
    • http://www.gorillawalker.com/the-merchant-shipping-life-saving-appliances-for-passenger-ships-of.pdf
    • http://www.gorillawalker.com/the-rise-of-the-automated-aristocrats-the-burton-swinburne-adventures.pdf
    • http://www.gorillawalker.com/only-the-shadow-knows-how-will-the-increased-condo-inventory.pdf
    • http://www.gorillawalker.com/carol-of-the-snow-incorporating-a-ukrainian-folk-song-arr.pdf
    • http://www.gorillawalker.com/underestimated.pdf
    • http://www.gorillawalker.com/snail-eggs-samphire-dispatches-from-the-food-front.pdf
    • http://www.gorillawalker.com/the-rule-of-law-history-theory-and-criticism-law-and.pdf
    • http://www.gorillawalker.com/hedgehog-care-must-know-tips-for-raising-hedgehogs.pdf
    • http://www.gorillawalker.com/quem-mexeu-no-meu-trema-portuguese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-the-global-gateway-strategies-for-successful-multilingual.pdf
    • http://www.gorillawalker.com/solving-science-mysteries-science-mini-unit-intermediate-vol-8.pdf
    • http://www.gorillawalker.com/thunder-on-the-mountain-death-at-massey-and-the-dirty.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.