Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c3fd1e7d41f9b2b…

MALICIOUS

PDF

44.5 KB Created: 2019-03-17 07:21:59 +03:00 Authoring application: - (via iText 2.1.0 (by lowagie.com))
MD5: 2ebfde82089de83a18c9ac7af9631a82 SHA-1: 0e6645ed0a55d4a94133a5656ffa67f523fedc98 SHA-256: 1c3fd1e7d41f9b2bf65c50313d18dbb50cf597aecfe7c8a66f0386733f1ae639
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This technique is often used to inflate search engine rankings or to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chrysler-p-t-cruiser-2001-thru-2009-haynes-repair-manual.pdf
    • http://www.gorillawalker.com/innovative-processing-and-synthesis-of-ceramics-glasses-and-composites-viii.pdf
    • http://www.gorillawalker.com/do-super-heroes-have-teddy-bears.pdf
    • http://www.gorillawalker.com/artificial-intelligence-watts-library.pdf
    • http://www.gorillawalker.com/introduction-to-the-finite-difference-time-domain-fdtd-method-for.pdf
    • http://www.gorillawalker.com/hot-for-the-uniform-arroyo-firehouse-3-book-1.pdf
    • http://www.gorillawalker.com/great-moves.pdf
    • http://www.gorillawalker.com/the-first-iditarod-mushers-tales-from-the-1973-race.pdf
    • http://www.gorillawalker.com/alligator-baby.pdf
    • http://www.gorillawalker.com/american-political-rhetoric-essential-speeches-and-writings-on-founding-principles.pdf
    • http://www.gorillawalker.com/on-demand-supply-management-world-class-strategies-practices-and-technology.pdf
    • http://www.gorillawalker.com/the-manager-s-communication-toolbox.pdf
    • http://www.gorillawalker.com/binding-chaos-mass-collaboration-on-a-global-scale.pdf
    • http://www.gorillawalker.com/collected-legal-papers.pdf
    • http://www.gorillawalker.com/chopin-his-greatest-piano-solos.pdf
    • http://www.gorillawalker.com/remembering-communism-private-and-public-recollections-of-lived-experiences-in.pdf
    • http://www.gorillawalker.com/designer-s-color-manual-the-complete-guide-to-color-theory.pdf
    • http://www.gorillawalker.com/brave-new-world-the-ethics-of-assisted-reproductive-technology.pdf
    • http://www.gorillawalker.com/the-new-encyclopedia-of-the-horse.pdf
    • http://www.gorillawalker.com/tintin-in-the-land-of-the-soviets-adventures-of-tintin.pdf
    • http://www.gorillawalker.com/witness-to-appomattox-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mcgraw-hill-language-arts-grade-6.pdf
    • http://www.gorillawalker.com/lend-me-a-tenor-and-other-plays-contemporary-playwrights.pdf
    • http://www.gorillawalker.com/los-inocentes-spanish-edition.pdf
    • http://www.gorillawalker.com/let-s-talk-about-when-your-mom-or-dad-is.pdf
    • http://www.gorillawalker.com/66-raw-food-smoothies-with-paleo-raw-foods-detox-foods.pdf
    • http://www.gorillawalker.com/analogico-y-digital-spanish-edition.pdf
    • http://www.gorillawalker.com/cycle-space-architecture-and-urban-design-in-the-age-of.pdf
    • http://www.gorillawalker.com/how-judges-decide-cases-reading-writing-and-analysing-judgments.pdf
    • http://www.gorillawalker.com/the-man-who-invented-the-laser-the-genius-of-theodore.pdf
    • http://www.gorillawalker.com/o-mapa-da-felicidade-em-portugues-do-brasil.pdf
    • http://www.gorillawalker.com/constantine-s-sword-1st-first-edition-text-only.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-ping-pong-nutrition-maximize-your-table.pdf
    • http://www.gorillawalker.com/the-constitution-of-the-united-states-american-government-in-action.pdf
    • http://www.gorillawalker.com/fibre-reinforced-concrete-in-seismic-design-university-of-canterbury-dept.pdf
    • http://www.gorillawalker.com/protecting-workers-from-ergonomic-hazards-hearing-before-the-committee-on.pdf
    • http://www.gorillawalker.com/beginning-blender-open-source-3d-modeling-animation-and-game-design.pdf
    • http://www.gorillawalker.com/off-the-grid-101-amazing-lessons-on-why-you-should.pdf
    • http://www.gorillawalker.com/loving-god-with-all-your-mind-growth-and-study-guide.pdf
    • http://www.gorillawalker.com/agreements-registered-with-the-international-atomic-energy-agency-entries-up.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.