Malicious PDF — malware analysis report

Static analysis result for SHA-256 3e8d624bf66f2485…

MALICIOUS

PDF

45.0 KB Created: 2018-12-15 08:53:30 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: c72c4809b03e9168259c095769c7e752 SHA-1: 756a1a1e9245529125c720a570604842bb6e28f0 SHA-256: 3e8d624bf66f2485f1fed1990cc2948fb72b51094fdadf76548e268756dddab2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large farm of external links, indicating a likely SEO manipulation or redirection scheme. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies the presence of 32 external PDF links, predominantly hosted on 'www.gorillawalker.com'. While no scripts were extracted, the sheer volume and nature of the embedded URLs suggest a malicious intent to drive traffic or potentially distribute further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/apil-guide-to-fatal-accidents-second-edition.pdf
    • http://www.gorillawalker.com/basic-writing-skills-grade-3-basic-skills.pdf
    • http://www.gorillawalker.com/soil-conservation-service-curve-number-scs-cn-methodology-water-science.pdf
    • http://www.gorillawalker.com/the-language-of-things-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/candide-or-optimism.pdf
    • http://www.gorillawalker.com/heart-of-blue.pdf
    • http://www.gorillawalker.com/the-lickety-split-princess.pdf
    • http://www.gorillawalker.com/the-unavailable-father-seven-ways-women-can-understand-heal-and.pdf
    • http://www.gorillawalker.com/the-harvard-medical-school-guide-to-men-s-health-lessons.pdf
    • http://www.gorillawalker.com/red-tailed-boas-a-complete-guide-to-boa-constrictor-complete.pdf
    • http://www.gorillawalker.com/hitler-study-of-a-revolutionary-routledge-sources-in-history.pdf
    • http://www.gorillawalker.com/velo-city-architecture-for-bikes.pdf
    • http://www.gorillawalker.com/afghanistan-an-empire-of-blood-and-ash-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-hinduism-introduction-to-religion.pdf
    • http://www.gorillawalker.com/god-s-people-in-god-s-land-family-land-and.pdf
    • http://www.gorillawalker.com/hybrid-assemblies-and-multichip-modules-manufacturing-engineering-and-materials-processing.pdf
    • http://www.gorillawalker.com/america-past-and-present-ap-edition.pdf
    • http://www.gorillawalker.com/the-science-of-winning-planning-periodizing-and-optimizing-swim-training.pdf
    • http://www.gorillawalker.com/reason-and-inspiration-in-islam-theology-philosophy-and-mysticism-in.pdf
    • http://www.gorillawalker.com/water-and-wastewater-technology-5th-edition.pdf
    • http://www.gorillawalker.com/recognition-conflict-and-the-problem-of-global-ethical-community.pdf
    • http://www.gorillawalker.com/drilling-for-a-filling-smoking-hot-lesbian-erotica.pdf
    • http://www.gorillawalker.com/ovid-ars-amatoria-book-3-commentary-by-christopher-m-brunelle.pdf
    • http://www.gorillawalker.com/the-winner-take-all-society-why-the-few-at-the.pdf
    • http://www.gorillawalker.com/from-jungle-to-java-the-trivial-impresssions-of-a-short.pdf
    • http://www.gorillawalker.com/comparison-of-aujeszky-s-virus-and-herpes-simplex-virus-by.pdf
    • http://www.gorillawalker.com/the-allagash.pdf
    • http://www.gorillawalker.com/silence-interdisciplinary-perspectives-de-gruyter-expositions-in-mathematics.pdf
    • http://www.gorillawalker.com/the-scouts-the-old-west.pdf
    • http://www.gorillawalker.com/electron-transport-phenomena-in-semiconductors.pdf
    • http://www.gorillawalker.com/physics-in-context-for-cambridge-international-as-a-level-2nd.pdf
    • http://www.gorillawalker.com/no-place-to-go-local-histories-of-the-battered-women.pdf
    • http://www.gorillawalker.com/star-wars-the-old-republic-fatal-alliance-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/applying-business-capabilities-in-a-corporate-buyer-m-a-process.pdf
    • http://www.gorillawalker.com/latin-hits-instrumental-cd-play-along-for-alto-sax-instrumental.pdf
    • http://www.gorillawalker.com/the-kansas-city-medical-index-lancet-volume-26.pdf
    • http://www.gorillawalker.com/t-s-eliot-france-and-the-mind-of-europe.pdf
    • http://www.gorillawalker.com/essential-keyboard-duets-1p-4h-volume-1-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/full-rip-9-0-the-next-big-earthquake-in-the.pdf
    • http://www.gorillawalker.com/super-safari-level-3-class-audio-cds-2.pdf
    • http://www.gorillawalker.com/the-harvard-medical-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.