Malicious PDF — malware analysis report

Static analysis result for SHA-256 34cbfeca03a293b7…

MALICIOUS

PDF

42.6 KB Created: 2018-11-14 11:22:02 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 9fef02d40585a2c958249c94df9a99fd SHA-1: 5e5d800833ba3c9f610fe69aaf96b0d4cb6ad8b2 SHA-256: 34cbfeca03a293b7258c7248f4f1b6edcd06fb1c6e0a64ccd9386fc6604a09c5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links to other PDF documents hosted on www.gorillawalker.com. This suggests a link farm or SEO poisoning attack. The embedded URLs are likely used to distribute further malicious content or to redirect users to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/releasing-the-robyn-brightling-becoming-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-patient-s-encyclopaedia-of-urinary-tract-infection-sexual-cystitis.pdf
    • http://www.gorillawalker.com/cargo-work-the-care-handling-and-carriage-of-cargoes-including.pdf
    • http://www.gorillawalker.com/florists-review-101-wedding-bouquets-with-how-to-instructions.pdf
    • http://www.gorillawalker.com/plant-pathology-techniques-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/hanguk-toro-kwangwang-chido-chonguk-kosok-toro-annaedo-korean-edition.pdf
    • http://www.gorillawalker.com/larby-lodge.pdf
    • http://www.gorillawalker.com/2009-golf-lovers-wall-calendar.pdf
    • http://www.gorillawalker.com/think-and-grow-rich-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/calling-maggie-may-digital.pdf
    • http://www.gorillawalker.com/autosabotaje-bolsillo-edaf-spanish-edition.pdf
    • http://www.gorillawalker.com/al-talim-an-tariq-al-intirnit-arabic-edition.pdf
    • http://www.gorillawalker.com/wargear-warhammer-40-000.pdf
    • http://www.gorillawalker.com/eureka-math-a-story-of-functions-geometry-module-5-circles.pdf
    • http://www.gorillawalker.com/hollywood-the-hard-way-a-cowboy-s-journey.pdf
    • http://www.gorillawalker.com/kipfer-s-lists-kindle-edition.pdf
    • http://www.gorillawalker.com/great-speckled-bird-confessions-of-a-village-preacher.pdf
    • http://www.gorillawalker.com/the-priest-s-way-to-god.pdf
    • http://www.gorillawalker.com/the-short-stories-of-edgar-allan-poe-greenhaven-press-literary.pdf
    • http://www.gorillawalker.com/myths-about-suicide.pdf
    • http://www.gorillawalker.com/food-color-and-appearance.pdf
    • http://www.gorillawalker.com/cases-in-financial-management-2nd-edition.pdf
    • http://www.gorillawalker.com/beyond-red-crater-adventure-tme-2.pdf
    • http://www.gorillawalker.com/nmr-nqr-epr-and-mossbauer-spectroscopy-in-inorganic-chemistry-ellis.pdf
    • http://www.gorillawalker.com/the-finger-what-it-s-like-getting-old-in-america.pdf
    • http://www.gorillawalker.com/puppy-training-how-to-train-your-dog-23-easy-to.pdf
    • http://www.gorillawalker.com/the-prudent-professor-planning-and-saving-for-a-worry-free.pdf
    • http://www.gorillawalker.com/is-ambient-assisted-living-the-panacea-for-ageing-population-ambient.pdf
    • http://www.gorillawalker.com/mastering-the-complex-sale-how-to-compete-and-win-when.pdf
    • http://www.gorillawalker.com/the-kansas-city-medical-index-lancet-v-8-no-7.pdf
    • http://www.gorillawalker.com/whole-food-facts.pdf
    • http://www.gorillawalker.com/service-quality-management-in-hospitality-tourism-and-leisure.pdf
    • http://www.gorillawalker.com/bread-and-wine-people-an-all-age-on-going-parish.pdf
    • http://www.gorillawalker.com/conservation-framing-library-of-the-professional-picture-framing-vol-4.pdf
    • http://www.gorillawalker.com/the-theory-of-matrices-2-volumes-matrix-theory-ams-chelsea.pdf
    • http://www.gorillawalker.com/yes-i-know-the-monkey-man.pdf
    • http://www.gorillawalker.com/masterclass-in-japanese-cooking.pdf
    • http://www.gorillawalker.com/rescue-pilot-cheating-the-sea-kindle-edition.pdf
    • http://www.gorillawalker.com/dominated-by-monsters-the-scarecrow-kindle-edition.pdf
    • http://www.gorillawalker.com/hatchet-man-the-life-of-a-irish-hitman.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.