Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b0ed3ea7b3e00e5…

MALICIOUS

PDF

39.0 KB Created: 2018-12-15 08:31:57 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: d8343cad9e43d939b4bc6099a8e51678 SHA-1: 159d57c45683a016fe145f778170194e8f03e0a1 SHA-256: 3b0ed3ea7b3e00e51f095f7f987970fe8e31acf9b7fa5181d160a382fd4a76b5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a heuristic firing for a PDF SEO link farm, indicating a high likelihood of malicious intent. The document body is heavily obfuscated, but the embedded URLs point to a large collection of PDF files on the domain 'gorillawalker.com'. This suggests the primary purpose is to distribute malicious content or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8702

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/making-connections-developing-inclusive-leisure-in-policy-and-practice.pdf
    • http://www.gorillawalker.com/mcdonald-s-la-empresa-que-cambio-la-forma-de-hacer.pdf
    • http://www.gorillawalker.com/the-liar-s-diary.pdf
    • http://www.gorillawalker.com/the-light-between-oceans-kindle-edition.pdf
    • http://www.gorillawalker.com/strategy-for-the-wealthy-family-seven-principles-to-assure-riches.pdf
    • http://www.gorillawalker.com/the-work-of-revision.pdf
    • http://www.gorillawalker.com/thoughts-of-a-simple-man-a-poetry-collection-by.pdf
    • http://www.gorillawalker.com/operations-of-life-and-health-insurance-companies.pdf
    • http://www.gorillawalker.com/how-to-sell-books-by-the-truckload-on-amazon-com.pdf
    • http://www.gorillawalker.com/acorn-to-oak-tree-lifecycles.pdf
    • http://www.gorillawalker.com/war-poets.pdf
    • http://www.gorillawalker.com/avancemos-new-york-student-edition-level-3-2008-spanish-edition.pdf
    • http://www.gorillawalker.com/hot-sexy-and-safer.pdf
    • http://www.gorillawalker.com/scroll-keepers-of-genesis.pdf
    • http://www.gorillawalker.com/fluid-mechanics-second-edition.pdf
    • http://www.gorillawalker.com/letters-and-papers-from-prison.pdf
    • http://www.gorillawalker.com/heinrich-heine-a-modern-biography-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/the-sauce-bible-guide-to-the-saucier-s-craft.pdf
    • http://www.gorillawalker.com/rising-sun-victorious-an-alternate-history-of-the-pacific-war.pdf
    • http://www.gorillawalker.com/a-victorian-christmas-super-regency-signet.pdf
    • http://www.gorillawalker.com/churchill-and-the-secret-service.pdf
    • http://www.gorillawalker.com/love-me-kindle-edition.pdf
    • http://www.gorillawalker.com/the-essence-of-chromatography.pdf
    • http://www.gorillawalker.com/initiated-episode-two-the-demon-gate-series-book-2.pdf
    • http://www.gorillawalker.com/recherches-sur-les-ossemens-fossiles-des-quadrup-des-cambridge-library.pdf
    • http://www.gorillawalker.com/1909-investment-digest-and-1929-annual-stock-forecast.pdf
    • http://www.gorillawalker.com/david-susskind-a-televised-life.pdf
    • http://www.gorillawalker.com/blood-love-and-steel-a-musketeer-s-tale.pdf
    • http://www.gorillawalker.com/characters-and-events-popular-essays-in-social-and-political-philosophy.pdf
    • http://www.gorillawalker.com/legion-of-the-damned-space-marine-battles.pdf
    • http://www.gorillawalker.com/ukulele-chords.pdf
    • http://www.gorillawalker.com/report.pdf
    • http://www.gorillawalker.com/you-crown-the-year-with-your-goodness-sermons-throughout-the.pdf
    • http://www.gorillawalker.com/epilepsy-health-watch-enslow.pdf
    • http://www.gorillawalker.com/bodily-harm-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/children-s-word-games-and-crossword-puzzles-ages-7-9.pdf
    • http://www.gorillawalker.com/praise-a-weapon-of-warfare-and-deliverance.pdf
    • http://www.gorillawalker.com/stampings-on-shotshells.pdf
    • http://www.gorillawalker.com/civil-litigation-handbook-2010-11-legal-practice-course-guide.pdf
    • http://www.gorillawalker.com/secret-revolution-memoirs-of-a-spy-boss.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.