Malicious PDF — malware analysis report

Static analysis result for SHA-256 1da3993c8fc6b24e…

MALICIOUS

PDF

43.8 KB Created: 2018-12-15 08:10:57 +03:00 Authoring application: mPDF 6.0
MD5: 42f052f93eb9dc1133ccfff7d5f91bc1 SHA-1: 3cd5b01c2a12d4919b0720eba210ee7f3201c0da SHA-256: 1da3993c8fc6b24e33a7ad28fbc6937090ac5e8de9e5436cde561ca0c8614df1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of embedded external links, specifically pointing to PDF files on the domain 'gorillawalker.com'. This suggests a link farm or SEO manipulation tactic. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was unreadable, but the sheer volume of links to external PDFs indicates a non-standard and potentially malicious purpose.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/operational-support-and-analysis-a-guide-for-itil-v3-exam.pdf
    • http://www.gorillawalker.com/how-to-start-an-online-business-web-wisdom.pdf
    • http://www.gorillawalker.com/principles-of-microeconomics-7th-edition.pdf
    • http://www.gorillawalker.com/hunter-s-heart-under-fire-volume-4.pdf
    • http://www.gorillawalker.com/toxic-torts-tort-actions-for-cancer-and-lung-disease-due.pdf
    • http://www.gorillawalker.com/group-theory-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/dictionary-of-mathematical-games-puzzles-and-amusements.pdf
    • http://www.gorillawalker.com/current-research-topics-in-galois-geometry.pdf
    • http://www.gorillawalker.com/short-story-criticism-volume-12-excerpts-from-criticism-of-the.pdf
    • http://www.gorillawalker.com/thumbonomics-the-essential-business-roadmap-to-social-media-mobile-marketing.pdf
    • http://www.gorillawalker.com/bad-moon-new-adult-rock-star-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/cases-argued-and-decided-in-the-supreme-court-of-mississippi.pdf
    • http://www.gorillawalker.com/tiny-the-snow-dog-puffin-easy-to-read-level-1.pdf
    • http://www.gorillawalker.com/dostoevsky-the-years-of-ordeal-1850-1859-paperback.pdf
    • http://www.gorillawalker.com/peasants-in-power-the-political-economy-of-development-and-genocide.pdf
    • http://www.gorillawalker.com/u-s-marines-in-vietnam-the-landing-and-the-buildup.pdf
    • http://www.gorillawalker.com/indigenous-peoples-maasai.pdf
    • http://www.gorillawalker.com/the-touch-of-transcendence-a-postcolonial-theology-of-god.pdf
    • http://www.gorillawalker.com/warriors-at-suez-eisenhower-takes-america-into-the-middle-east.pdf
    • http://www.gorillawalker.com/voet-commentarius-ad-pandectas.pdf
    • http://www.gorillawalker.com/tha-bottom-line.pdf
    • http://www.gorillawalker.com/dinosaurs-vs-robot-dinosaurs-coloring-book-super-fun-coloring-books.pdf
    • http://www.gorillawalker.com/rock-band-2-bass-recorded-versions.pdf
    • http://www.gorillawalker.com/the-paleo-diet-amazing-paleo-recipes-60-absolutely-healthy-and.pdf
    • http://www.gorillawalker.com/ancient-egypt-greenhaven-encyclopedias.pdf
    • http://www.gorillawalker.com/charmers-con-artists-and-their-flip-side-paperback.pdf
    • http://www.gorillawalker.com/fracturas-y-luxaciones-spanish-edition.pdf
    • http://www.gorillawalker.com/midcentury-ads-2013-taschen-tear-off-calendars.pdf
    • http://www.gorillawalker.com/songs-in-the-year-of-the-cat-tails-from-the.pdf
    • http://www.gorillawalker.com/a-primer-for-the-exercise-and-nutrition-sciences-thermodynamics-bioenergetics.pdf
    • http://www.gorillawalker.com/emergency-this-book-will-save-your-life.pdf
    • http://www.gorillawalker.com/reading-lyrics-more-than-1-000-of-the-century-s.pdf
    • http://www.gorillawalker.com/modern-tort-law.pdf
    • http://www.gorillawalker.com/warcraft-ii-battle-net-edition-prima-s-official-strategy-guide.pdf
    • http://www.gorillawalker.com/clark-s-essential-physics-in-imaging-for-radiographers-clark-s.pdf
    • http://www.gorillawalker.com/gynecological-care-study-guide-and-problem-sets-for-the-midwifery.pdf
    • http://www.gorillawalker.com/prayer-warriors-guardians-kindle-edition.pdf
    • http://www.gorillawalker.com/first-family-abigail-and-john-adams.pdf
    • http://www.gorillawalker.com/bridging-the-gap-a-simple-guide-to-college.pdf
    • http://www.gorillawalker.com/social-networking-spaces-1st-first-edition-text-only.pdf
    • http://www.gorillawalker.com/current-resea
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.