Malicious PDF — malware analysis report

Static analysis result for SHA-256 362b36956600c79e…

MALICIOUS

PDF

43.1 KB Created: 2018-11-26 20:03:18 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: dcae17785318c79e4993bb1a5a363703 SHA-1: 837e01572ec7305c30f2b459779169d332e3a4f0 SHA-256: 362b36956600c79e4d78da23a66a783640711599610773ce44039172be405808
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended for SEO manipulation or to redirect users to potentially malicious content hosted on the numerous gorillawalker.com domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/study-guide-to-accompany-introduction-to-medical-surgical-nursing.pdf
    • http://www.gorillawalker.com/god-hates-you-hate-him-back-making-sense-of-the.pdf
    • http://www.gorillawalker.com/essentials-of-dental-assisting-4e-by-robinson-cda-ms-debbie.pdf
    • http://www.gorillawalker.com/the-princess-and-the-god-laurel-leaf-books.pdf
    • http://www.gorillawalker.com/soviet-naval-tactics.pdf
    • http://www.gorillawalker.com/man-2-0-engineering-the-alpha-a-real-world-guide.pdf
    • http://www.gorillawalker.com/greek-myths-and-legends-all-about-myths.pdf
    • http://www.gorillawalker.com/applied-river-basin-geomorphology-overlay-and-analysis-perspective-of-subtropical.pdf
    • http://www.gorillawalker.com/wes-anderson-moonrise-cinema-sentieri-selvaggi-vol-4-italian-edition.pdf
    • http://www.gorillawalker.com/boatbuilding-a-complete-handbook-of-wooden-boat-c.pdf
    • http://www.gorillawalker.com/barron-s-toeic-with-4-audio-cds-barron-s-toeic.pdf
    • http://www.gorillawalker.com/a-doll-s-memory-a-psychological-mystery-story.pdf
    • http://www.gorillawalker.com/really-truly-ruthie-american-girl-quality.pdf
    • http://www.gorillawalker.com/the-gardener-s-ice-maiden-when-a-dentist-meets-her.pdf
    • http://www.gorillawalker.com/convertibles-sun-wind-and-speed-cars.pdf
    • http://www.gorillawalker.com/i-will-try-i-like-to-read-books.pdf
    • http://www.gorillawalker.com/never-ever-shout-in-a-zoo.pdf
    • http://www.gorillawalker.com/early-carthusian-writings.pdf
    • http://www.gorillawalker.com/business-and-technology-of-the-global-polyethylene-industry-an-in.pdf
    • http://www.gorillawalker.com/a-history-of-the-modern-fact-problems-of-knowledge-in.pdf
    • http://www.gorillawalker.com/the-tuscarora-war-indians-settlers-and-the-fight-for-the.pdf
    • http://www.gorillawalker.com/family-celebrations-prayers-poems-and-toasts-for-every-occasion.pdf
    • http://www.gorillawalker.com/jesus-christ.pdf
    • http://www.gorillawalker.com/rex-time-soldiers-book-1.pdf
    • http://www.gorillawalker.com/morimoto-the-new-art-of-japanese-cooking-by-morimoto-masaharu.pdf
    • http://www.gorillawalker.com/the-sleepover.pdf
    • http://www.gorillawalker.com/fibromyalgia-syndrome-a-practitioners-guide-to-treatment-3e.pdf
    • http://www.gorillawalker.com/comprehensive-techniques-in-csf-leak-repair-and-skull-base-reconstruction.pdf
    • http://www.gorillawalker.com/royal-society-and-the-fourth-dimension-history-of-timekeeping.pdf
    • http://www.gorillawalker.com/the-house-of-sixty-fathers.pdf
    • http://www.gorillawalker.com/transience-from-failure-to-future-in-a-scarred-family.pdf
    • http://www.gorillawalker.com/the-cultural-dimension-of-international-business-6th-edition.pdf
    • http://www.gorillawalker.com/shaman-king-vol-1-a-shaman-in-tokyo.pdf
    • http://www.gorillawalker.com/die-trommeln-von-marrakesch-geheimnisvolle-begegnungen-am-tor-des-schwarzen.pdf
    • http://www.gorillawalker.com/haunted-wilderness-gothic-and-grotesque-in-canadian-fiction.pdf
    • http://www.gorillawalker.com/frankenstein-literary-companion-greenhaven-hardcover.pdf
    • http://www.gorillawalker.com/globetrotter-pack-mauritius-globetrotter-travel-packs.pdf
    • http://www.gorillawalker.com/hoverflies-of-northwest-europe-identification-keys-to-the-syrphidae.pdf
    • http://www.gorillawalker.com/thank-you-teacher-marianne-richmond.pdf
    • http://www.gorillawalker.com/hydraulic-fracture-mechanics.pdf
    • http://www.gorillawalker.com/applied-river-basin-geomorph
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.