Malicious PDF — malware analysis report

Static analysis result for SHA-256 36d5f3f5a47c839d…

MALICIOUS

PDF

31.7 KB Created: 2020-01-17 19:19:30 +03:00 Authoring application: - (via htmldoc 1.8.27 Copyright 1997-2006 Easy Software Products, All Rights Reserved.)
MD5: b8dc1a6f1323ff54c0b7f31725124df3 SHA-1: 908dd8e84fbfc266cfacd0292dc9ceebb5cd8490 SHA-256: 36d5f3f5a47c839d69135f08d7227379691030f457e0718fb9057abc898353ba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute potentially malicious content hosted on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/china-s-old-dwellings.pdf
    • http://www.gorillawalker.com/progressions-for-athlete-and-coach-development.pdf
    • http://www.gorillawalker.com/five-years-of-my-life-an-innocent-man-in-guantanamo.pdf
    • http://www.gorillawalker.com/dance-music-manual-tools-toys-and-techniques-paperback-2008-2.pdf
    • http://www.gorillawalker.com/confessions-of-a-tattoo-apprentice-exercises-to-elevate-your-drawing.pdf
    • http://www.gorillawalker.com/catedrales-romanicas-romanesque-cathedrals-spanish-edition.pdf
    • http://www.gorillawalker.com/database-processing-fundamentals-design-and-implementation-eighth-8th-edition.pdf
    • http://www.gorillawalker.com/deferred-future-corporate-and-world-debt-and-bankruptcy.pdf
    • http://www.gorillawalker.com/minnesota-theatre-from-old-fort-snelling-to-the-guthrie-heritage.pdf
    • http://www.gorillawalker.com/regulation-of-the-power-sector-power-systems.pdf
    • http://www.gorillawalker.com/huge-animals-learning-the-long-u-sound-power-phonics-phonics.pdf
    • http://www.gorillawalker.com/giant-trouble-travel-activity-pad-hours-of-fun-at-home.pdf
    • http://www.gorillawalker.com/must-love-breeches-a-time-travel-romance-must-love-series.pdf
    • http://www.gorillawalker.com/training-for-climbing-2nd-the-definitive-guide-to-improving-your.pdf
    • http://www.gorillawalker.com/it-s-not-just-a-game-my-journey-from-the.pdf
    • http://www.gorillawalker.com/persephone-me.pdf
    • http://www.gorillawalker.com/journalism-today-student-edition.pdf
    • http://www.gorillawalker.com/connecticut-practice-series-connecticut-juvenile-law-2010-edition-1a.pdf
    • http://www.gorillawalker.com/first-grade-math-for-homeschool-or-extra-practice-kindle-edition.pdf
    • http://www.gorillawalker.com/black-beauty-the-autobiography-of-a-horse.pdf
    • http://www.gorillawalker.com/south-sudan-long-journey-to-freedom.pdf
    • http://www.gorillawalker.com/diario-de-greg-spanish-edition.pdf
    • http://www.gorillawalker.com/concordancia-completa-nvi-spanish-edition.pdf
    • http://www.gorillawalker.com/the-spinoza-conversations-between-lessing-and-jacobi.pdf
    • http://www.gorillawalker.com/little-black-book-of-god-s-guarantees-little-black-book.pdf
    • http://www.gorillawalker.com/march-of-the-wee-folk-piano-solo.pdf
    • http://www.gorillawalker.com/new-york-notorious-a-borough-by-borough-tour-of-the.pdf
    • http://www.gorillawalker.com/handbook-to-american-democracy-4-volume-set.pdf
    • http://www.gorillawalker.com/international-information-technology-law.pdf
    • http://www.gorillawalker.com/disney-movie-magic-flute.pdf
    • http://www.gorillawalker.com/the-saint-germaine-chronicles.pdf
    • http://www.gorillawalker.com/the-french-ecotourism-market-special-report-series.pdf
    • http://www.gorillawalker.com/after-phrenology-neural-reuse-and-the-interactive-brain.pdf
    • http://www.gorillawalker.com/hospital-social-work-the-interface-of-medicine-and-caring-1st.pdf
    • http://www.gorillawalker.com/the-living-trust-kit.pdf
    • http://www.gorillawalker.com/decision-and-control-in-uncertain-resource-systems-volume-172-mathematics.pdf
    • http://www.gorillawalker.com/america-from-the-road-a-motorist-s-guide-to-our.pdf
    • http://www.gorillawalker.com/the-series-paying-the-price.pdf
    • http://www.gorillawalker.com/a-step-by-step-guide-to-clinical-trials.pdf
    • http://www.gorillawalker.com/a-redescription-of-the-australian-flatback-sea-turtle-natator-depressus.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.