Malicious PDF — malware analysis report

Static analysis result for SHA-256 3e9cf953b39c2ff5…

MALICIOUS

PDF

46.6 KB Created: 2018-11-15 18:32:44 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: e22b118353177220168d319c3606b8f7 SHA-1: 4818cbfde1da0e8d6fe324a11db9b87681515e77 SHA-256: 3e9cf953b39c2ff58d22bfd598a099ab1c174dd12fed1b6ae4ea612fd4505691
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on gorillawalker.com. This heuristic, PDF_SEO_LINK_FARM, indicates a potential attempt to manipulate search engine results or distribute content through a link farm. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content or to engage in SEO abuse.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/apple-the-inside-story-of-intrigue-egomania-and-business-blunders.pdf
    • http://www.gorillawalker.com/herbal-kitchen-the-50-easy-to-find-herbs-and-over.pdf
    • http://www.gorillawalker.com/helpful-hal-s-treasury-of-christian-virtues-building-christian-character.pdf
    • http://www.gorillawalker.com/tattoo-kunst-foto-kalender-author-seifinger-toby.pdf
    • http://www.gorillawalker.com/a-young-woman-s-walk-with-god-growing-more-like.pdf
    • http://www.gorillawalker.com/clad-in-uniform-women-soldiers-of-the-civil-war.pdf
    • http://www.gorillawalker.com/risk-management-for-agriculture.pdf
    • http://www.gorillawalker.com/complete-solutions-manual-for-single-variable-calculus-early-transcendentals-7th.pdf
    • http://www.gorillawalker.com/walter-benjamin-theoretical-questions.pdf
    • http://www.gorillawalker.com/wittgenstein-s-philosophical-investigations-cambridge-critical-guides.pdf
    • http://www.gorillawalker.com/tapies-january-27-april-23-1995.pdf
    • http://www.gorillawalker.com/thing-knowledge-a-philosophy-of-scientific-instruments-book-review-an.pdf
    • http://www.gorillawalker.com/mathematics-emerging-a-sourcebook-1540-1900.pdf
    • http://www.gorillawalker.com/como-acercarse-a-la-poesia-how-to-approach-poetry-spanish.pdf
    • http://www.gorillawalker.com/52-things-you-should-know-about-palaeontology.pdf
    • http://www.gorillawalker.com/study-guide-for-delmar-s-administrative-medical-assisting-5th.pdf
    • http://www.gorillawalker.com/tokyo-ink-dystopian-gay-erotica-revolutionary-male-geisha-kindle-edition.pdf
    • http://www.gorillawalker.com/motherhood-with-a-smile.pdf
    • http://www.gorillawalker.com/the-three-minute-meditator-reduce-stress-control-fear-diminish-anger.pdf
    • http://www.gorillawalker.com/trivial-victims-legend-of-the-night-doctors-kindle-edition.pdf
    • http://www.gorillawalker.com/infrastructure-and-the-political-economy-of-nation-building-in-spain.pdf
    • http://www.gorillawalker.com/1984-toyota-starlet-repair-shop-manual-original.pdf
    • http://www.gorillawalker.com/gto-2012.pdf
    • http://www.gorillawalker.com/the-daring-assignment-curvy-assignments-volume-1.pdf
    • http://www.gorillawalker.com/the-cardinal-and-the-crow.pdf
    • http://www.gorillawalker.com/elites-and-politics-in-central-and-eastern-europe-1848-1918.pdf
    • http://www.gorillawalker.com/unity-4-x-game-development-by-example-beginner-s-guide.pdf
    • http://www.gorillawalker.com/outstanding-weather-phenomena-in-the-ark-la-tex-an-incomplete.pdf
    • http://www.gorillawalker.com/business-ethics-at-work.pdf
    • http://www.gorillawalker.com/the-turkish-wife-an-interracial-femdom-story-oriental-femdom-cuckold.pdf
    • http://www.gorillawalker.com/connors-on-advanced-trading-strategies.pdf
    • http://www.gorillawalker.com/developing-wmi-solutions-a-guide-to-windows-management-instrumentation.pdf
    • http://www.gorillawalker.com/tainye-zapiski-1836-1837-godov-russian-edition.pdf
    • http://www.gorillawalker.com/rett-syndrome-clinical-and-biological-aspects-studies-on-130-swedish.pdf
    • http://www.gorillawalker.com/newcomer-program-program-prentice-hall-regents-esl.pdf
    • http://www.gorillawalker.com/weight-watchers-one-pot-cookbook-weight-watchers-cooking.pdf
    • http://www.gorillawalker.com/perpetual-motion.pdf
    • http://www.gorillawalker.com/florida-s-fabulous-waterbirds-their-stories.pdf
    • http://www.gorillawalker.com/feminist-pedagogy-in-higher-education-critical-theory-and-practice.pdf
    • http://www.gorillawalker.com/cispr-16-2-1-ed-1-1-b-2005-specification.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.