Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc49b6057b9d7e04…

MALICIOUS

PDF

33.9 KB Created: 2020-02-20 04:52:42 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: 581280e4f0d26477915431f06458ff06 SHA-1: 388b02ee823f30c3a61e5abc72567bcc811d8569 SHA-256: fc49b6057b9d7e04bd104a92d87e12d16070d5f36c3770822b1b31ccf63a484f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-glossary-of-terms-in-nuclear-science-and-technology-section.pdf
    • http://www.gorillawalker.com/a-peep-into-ceylon-a-book-of-travel.pdf
    • http://www.gorillawalker.com/the-nature-of-the-judicial-process.pdf
    • http://www.gorillawalker.com/career-counseling-a-holistic-approach-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/wild-sea-creatures-sharks-whales-and-dolphins-wild-kratts-step.pdf
    • http://www.gorillawalker.com/max-beerbohm-caricatures.pdf
    • http://www.gorillawalker.com/primer-libro-de-los-santos-la-historia-de-sus-vidas.pdf
    • http://www.gorillawalker.com/cure-for-hiv-and-aids.pdf
    • http://www.gorillawalker.com/guide-to-bees-and-honey.pdf
    • http://www.gorillawalker.com/twister-the-original-screenplay.pdf
    • http://www.gorillawalker.com/calcutta-ttk-discover-india-series.pdf
    • http://www.gorillawalker.com/summary-the-crowdfunding-revolution-kevin-lawton-and-dan-marom-social.pdf
    • http://www.gorillawalker.com/baby-signing-for-dummies.pdf
    • http://www.gorillawalker.com/american-encounters-anglo-american-portraiture-in-an-era-of-revolution.pdf
    • http://www.gorillawalker.com/handbook-of-chronic-pain-management.pdf
    • http://www.gorillawalker.com/in-transition-from-the-harvard-business-school-club-of-new.pdf
    • http://www.gorillawalker.com/transport-properties-of-ions-in-gases.pdf
    • http://www.gorillawalker.com/wild-truth-bible-lessons-2.pdf
    • http://www.gorillawalker.com/the-ultimate-natural-health-and-healing-book-the-complete-guide.pdf
    • http://www.gorillawalker.com/android-app-entwicklung-fur-dummies-german-edition.pdf
    • http://www.gorillawalker.com/morning-and-evening-norwegian-literature-series.pdf
    • http://www.gorillawalker.com/limitless-20-proven-success-habits-to-master-your-days-reach.pdf
    • http://www.gorillawalker.com/pioneers-scholars-rogues-a-collected-history-of-the-university-of.pdf
    • http://www.gorillawalker.com/in-search-of-the-paper-tiger-a-sociological-perspective-of.pdf
    • http://www.gorillawalker.com/materialist-feminism-a-reader-in-class-difference-and-women-s.pdf
    • http://www.gorillawalker.com/applications-of-variational-inequalities-in-stochastic-control-studies-in-mathematics.pdf
    • http://www.gorillawalker.com/the-hundred-thousand-kingdoms-the-inheritance-trilogy-book-1.pdf
    • http://www.gorillawalker.com/fix-it-helping-hands.pdf
    • http://www.gorillawalker.com/a-defence-of-the-spirit-of-laws.pdf
    • http://www.gorillawalker.com/sticks-stones.pdf
    • http://www.gorillawalker.com/cheers-to-that-real-answers-investigations-book-3.pdf
    • http://www.gorillawalker.com/day-is-done-sa-with-optional-guitar-as-recorded-by.pdf
    • http://www.gorillawalker.com/aim-for-a-job-in-welding.pdf
    • http://www.gorillawalker.com/international-human-right-to-conscientious-objection-to-military-service-and.pdf
    • http://www.gorillawalker.com/her-viking-wolf-50-loving-states-colorado.pdf
    • http://www.gorillawalker.com/freddie-hubbard-trumpet-transcribed.pdf
    • http://www.gorillawalker.com/the-old-testament-love-murder-and-blasphemy.pdf
    • http://www.gorillawalker.com/progressive-rock-drumming-soloing-methods-progressive-studies-in-odd-time.pdf
    • http://www.gorillawalker.com/science-medicine-magazine-may-june-1999-vol-6-no-3.pdf
    • http://www.gorillawalker.com/hong-kong-series-1998-agreement-between-the-uk-and-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.