Malicious PDF — malware analysis report

Static analysis result for SHA-256 f4364ea72b0ba9f1…

MALICIOUS

PDF

36.5 KB Created: 2020-03-13 01:08:43 +03:00 Authoring application: Adobe Acrobat 6.0 (via Adobe Acrobat 6.0 Paper Capture Plug-in)
MD5: f464575ac359edcd1313ee6ba891c363 SHA-1: a6e0ed2132672c978d5f471e01688e216fb76aad SHA-256: f4364ea72b0ba9f10979741e9d20d6421e7fed1eb64fc4ae9d4f7dcb0eb6e827
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links to other PDFs hosted on www.gorillawalker.com indicates a potential distribution or redirection mechanism. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/position-play-in-three-cushion-billiards.pdf
    • http://www.gorillawalker.com/the-violin-masterpieces-of-guarneri-del-ges.pdf
    • http://www.gorillawalker.com/civil-litigation-and-dispute-resolution-legal-english-exercise-book.pdf
    • http://www.gorillawalker.com/calling-all-customers-calling-all-book-3.pdf
    • http://www.gorillawalker.com/fishes-an-introduction-to-ichthyology-second-edition-s5.pdf
    • http://www.gorillawalker.com/web-based-learning-solutions-for-communities-of-practice-developing-virtual.pdf
    • http://www.gorillawalker.com/art-for-baby.pdf
    • http://www.gorillawalker.com/the-instructor-the-man-and-the-job-a-handbook-for.pdf
    • http://www.gorillawalker.com/clarkesworld-issue-81.pdf
    • http://www.gorillawalker.com/spectral-elements-for-transport-dominated-equations-lecture-notes-in-computational.pdf
    • http://www.gorillawalker.com/the-formula-how-algorithms-solve-all-our-problems-and-create.pdf
    • http://www.gorillawalker.com/now-playing-at-the-valencia-pulitzer-prize-winning-essays-on.pdf
    • http://www.gorillawalker.com/the-truth-about-the-harbinger-addressing-the-controversy-and-discovering.pdf
    • http://www.gorillawalker.com/siegels-constitutional-law-essay-multi-choice-q-a-fifth-edition.pdf
    • http://www.gorillawalker.com/dreamscapes-magical-menagerie-creating-fantasy-creatures-and-animals-with-watercolor.pdf
    • http://www.gorillawalker.com/el-gaucho-martin-fierro-the-gaucho-martin-fierro-bilingual-edition.pdf
    • http://www.gorillawalker.com/gay-erotic-stories-gay-erotica-club-unlimited-gay-romance-erotic.pdf
    • http://www.gorillawalker.com/hall-effect-devices-second-edition-series-in-sensors.pdf
    • http://www.gorillawalker.com/fat-shortcuts.pdf
    • http://www.gorillawalker.com/the-norton-history-of-the-human-sciences-norton-history-of.pdf
    • http://www.gorillawalker.com/the-path-to-corporate-nirvana-applying-the-relationship-age-framework.pdf
    • http://www.gorillawalker.com/thunder-bay-diy-city-guide-and-travel-journal-city-notebook.pdf
    • http://www.gorillawalker.com/the-ancient-history-of-the-egyptians-carthaginians-assyrians-babylonians-ct.pdf
    • http://www.gorillawalker.com/the-art-of-aromatherapy.pdf
    • http://www.gorillawalker.com/mini-atlas-of-laparoscopic-surgery-in-infertility-and-gynaecology-anshan.pdf
    • http://www.gorillawalker.com/cracking-the-sat-ii-spanish-2003-2004-edition-college-test.pdf
    • http://www.gorillawalker.com/page-one-inside-the-new-york-times-and-the-future.pdf
    • http://www.gorillawalker.com/becoming-a-truck-driver-the-raw-truth-about-truck-driving.pdf
    • http://www.gorillawalker.com/head-first-c-second-edition-head-first-guides.pdf
    • http://www.gorillawalker.com/an-introduction-to-fire-dynamics.pdf
    • http://www.gorillawalker.com/atlas-of-human-histology-ultrastructure.pdf
    • http://www.gorillawalker.com/math-76-an-incremental-development-teacher-s-edition.pdf
    • http://www.gorillawalker.com/taking-the-lead-alec-london-series.pdf
    • http://www.gorillawalker.com/the-breakdown-of-democratic-regimes.pdf
    • http://www.gorillawalker.com/christian-counseling-healing-the-tribes-of-man.pdf
    • http://www.gorillawalker.com/background-notes-czech-republic-sudoc-s-1-123-c-99.pdf
    • http://www.gorillawalker.com/multimedia-deals-in-the-music-industry-reports-presented-at-the.pdf
    • http://www.gorillawalker.com/101-cello-tips-bk-cd-stuff-all-the-pros-know.pdf
    • http://www.gorillawalker.com/the-crossover-kindle-edition.pdf
    • http://www.gorillawalker.com/the-pot-book-a-complete-guide-to-cannabis-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.