Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4c9e057811998f3…

MALICIOUS

PDF

33.7 KB Created: 2020-01-17 19:18:58 +03:00 Authoring application: - (via XEP 4.4 build 20050610)
MD5: 5e2b68cee9c15f04cf83172d14f32fd0 SHA-1: 36265752a805647b281b05356a3ad3cb93de5dd5 SHA-256: e4c9e057811998f3759387f48979ab6a0835d0fbd878d76f0340e9a0695bd256
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to various documents on 'gorillawalker.com'. An ML classifier also identified the PDF as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of outbound links suggests a traffic-driving or content-distribution scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tome-of-horrors-op-d20-generic-system.pdf
    • http://www.gorillawalker.com/autonomous-agents-from-self-control-to-autonomy.pdf
    • http://www.gorillawalker.com/whisky-magazine-tastings-the-first-10-years.pdf
    • http://www.gorillawalker.com/hawaiian-home-cooking.pdf
    • http://www.gorillawalker.com/smoking-individual-differences-psychopathology-and-emotion-series-in-health-psychology.pdf
    • http://www.gorillawalker.com/reeds-ocean-handbook-digital.pdf
    • http://www.gorillawalker.com/orpheus-and-power-the-movimento-negro-of-rio-de-janeiro.pdf
    • http://www.gorillawalker.com/king-richard-ii-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/the-making-of-a-bestseller-from-author-to-reader.pdf
    • http://www.gorillawalker.com/big-data-analytics-in-bioinformatics-and-healthcare.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-ged-mathematics-the-most-comprehensive-and-reliable.pdf
    • http://www.gorillawalker.com/el-sabor-de-un-macho-spanish-edition.pdf
    • http://www.gorillawalker.com/ma-soeur-bibi.pdf
    • http://www.gorillawalker.com/what-lies-between-void-aesthetics-and-postwar-post-politics-disruptions.pdf
    • http://www.gorillawalker.com/the-commonitory-of-st-vincent-of-lerins-primary-source-edition.pdf
    • http://www.gorillawalker.com/2015-international-building-code.pdf
    • http://www.gorillawalker.com/2015-craft-beers-of-colorado-wall-calendar.pdf
    • http://www.gorillawalker.com/shakespeare-s-theatre-a-dictionary-of-his-stage-context-student.pdf
    • http://www.gorillawalker.com/the-gardener-s-guide-to-common-sense-pest-control-completely.pdf
    • http://www.gorillawalker.com/choose-this-not-that-for-ulcers-kindle-edition.pdf
    • http://www.gorillawalker.com/test-symposium-ats-2001-10th-asian.pdf
    • http://www.gorillawalker.com/corporate-environmental-management-a-study-with-reference-to-india.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-energy-healing-essential-guide-to-alpha.pdf
    • http://www.gorillawalker.com/djibouti-memorandum-of-understanding-concerning-scientific-and-technical-cooperation-in.pdf
    • http://www.gorillawalker.com/neuroanatomy-guide-coloring-book.pdf
    • http://www.gorillawalker.com/screws-machines-in-action.pdf
    • http://www.gorillawalker.com/mounting-optics-in-optical-instruments-spie-press-monograph-vol-pm110.pdf
    • http://www.gorillawalker.com/reframing-human-rights-and-trade-potential-and-limits-of-a.pdf
    • http://www.gorillawalker.com/super-t.pdf
    • http://www.gorillawalker.com/hapgood-a-play.pdf
    • http://www.gorillawalker.com/the-meanwhile-adventures-digital.pdf
    • http://www.gorillawalker.com/au-maroc-par-pierre-loti-french-edition.pdf
    • http://www.gorillawalker.com/churches-in-rome-a-complete-guide-to-the-most-important.pdf
    • http://www.gorillawalker.com/it-s-challah-time.pdf
    • http://www.gorillawalker.com/oregon.pdf
    • http://www.gorillawalker.com/kirk-s-current-veterinary-therapy-xiii-small-animal-practice.pdf
    • http://www.gorillawalker.com/bundle-finite-mathematics-enhanced-review-edition-with-cengagenow-personal-tutor.pdf
    • http://www.gorillawalker.com/educational-facilities-planning-modernization-and-management-4th-edition.pdf
    • http://www.gorillawalker.com/steck-vaughn-en-parajes-big-book-una-semana-muy-ocupada.pdf
    • http://www.gorillawalker.com/2003-ford-mustang-repair-shop-manual-original.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.