Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a6ce5d03aca6a10…

MALICIOUS

PDF

43.1 KB Created: 2018-12-07 18:27:37 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: 3155d71f060dc3ff736f7349ad63838d SHA-1: 2d20ba87a0d684ada47e422cac3748a8c67d3846 SHA-256: 3a6ce5d03aca6a102fa7830e6a7bcb434ec8733bb30fdc6776bd500a6fb6715d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to the dominant host www.gorillawalker.com. The ML classifier also indicated a high probability of maliciousness. The document body appears to be obfuscated or corrupted, preventing analysis of its direct content, but the embedded URLs strongly suggest a malicious intent, likely related to SEO manipulation or distributing further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/head-and-neck-surgery-v-1.pdf
    • http://www.gorillawalker.com/spectrum-watercolored-words.pdf
    • http://www.gorillawalker.com/the-beat-of-a-different-drummer-essays-on-educational-renewal.pdf
    • http://www.gorillawalker.com/harnessing-the-healing-power-of-fruit-the-new-paradigm-for.pdf
    • http://www.gorillawalker.com/wildlife-painting-step-by-step-by-patrick-seslar-sep-30.pdf
    • http://www.gorillawalker.com/eagle-dreams.pdf
    • http://www.gorillawalker.com/overcoming-mood-swings-a-self-help-guide-using-cognitive-behavioral.pdf
    • http://www.gorillawalker.com/the-way-of-the-animal-powers-the-historical-atlas-of.pdf
    • http://www.gorillawalker.com/mighty-machines-includes-9-chunky-books-look-read-learn.pdf
    • http://www.gorillawalker.com/countdown-to-your-best-body-success-journal.pdf
    • http://www.gorillawalker.com/failure-mode-and-effect-analysis-fmea-from-theory-to-execution.pdf
    • http://www.gorillawalker.com/bathing-naked-set-2-wet-pussy.pdf
    • http://www.gorillawalker.com/stewardship-keeping-faith-with-god-s-gifts-study-guide-discover.pdf
    • http://www.gorillawalker.com/linux-linux-command-line-cover-all-essential-linux-commands-a.pdf
    • http://www.gorillawalker.com/up-your-service-great-ideas-tools-tips-and-proven-techniques.pdf
    • http://www.gorillawalker.com/the-bee-man-of-orn.pdf
    • http://www.gorillawalker.com/research-design-creating-robust-approaches-for-the-social-sciences.pdf
    • http://www.gorillawalker.com/kraft-best-ever-holiday-recipe-collection.pdf
    • http://www.gorillawalker.com/a-section-1983-civil-rights-anthology-anthology-series.pdf
    • http://www.gorillawalker.com/decoding-cryptic-crosswords-a-step-by-step-guide-paperback.pdf
    • http://www.gorillawalker.com/meet-our-new-student-from-colombia-a-robbie-reader.pdf
    • http://www.gorillawalker.com/maria-hollywood-timelines-kindle-edition.pdf
    • http://www.gorillawalker.com/legal-issues-in-japanese-real-estate-investment.pdf
    • http://www.gorillawalker.com/mechanization-takes-command-a-contribution-to-anonymous-history.pdf
    • http://www.gorillawalker.com/judo-strategy-turning-your-competitors-strength-to-your-advantage.pdf
    • http://www.gorillawalker.com/doubly-fed-induction-machine-modeling-and-control-for-wind-energy.pdf
    • http://www.gorillawalker.com/mcat-critical-analysis-and-reasoning-skills-review-new-for-mcat.pdf
    • http://www.gorillawalker.com/applied-concepts-of-vision-therapy-w-cd.pdf
    • http://www.gorillawalker.com/the-creation-vocal-score-with-acc-g-schirmer-s-editions.pdf
    • http://www.gorillawalker.com/hector-protector-and-as-i-went-over-the-water-two.pdf
    • http://www.gorillawalker.com/vengeance-of-the-iron-dwarf-companions-codex.pdf
    • http://www.gorillawalker.com/a-treatise-on-the-analytic-geometry-of-three-dimensions-5th.pdf
    • http://www.gorillawalker.com/the-video-poker-answer-book.pdf
    • http://www.gorillawalker.com/wadge-degrees-and-projective-ordinals-the-cabal-seminar-volume-ii.pdf
    • http://www.gorillawalker.com/the-gymnastics-mystery-library-edition-the-boxcar-children-mysteries.pdf
    • http://www.gorillawalker.com/gert-garibaldi-s-rants-and-raves-one-butt-cheek-at.pdf
    • http://www.gorillawalker.com/turbo-c-reference-guide.pdf
    • http://www.gorillawalker.com/guns-of-the-brasada-a-ballard-and-mccall-western-book.pdf
    • http://www.gorillawalker.com/when-history-is-a-nightmare-lives-and-memories-of-ethnic.pdf
    • http://www.gorillawalker.com/level-2-health-social-care-diploma-shc-21-assessment-workbook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.