Malicious PDF — malware analysis report

Static analysis result for SHA-256 405e2153d348d2e6…

MALICIOUS

PDF

46.7 KB Created: 2019-03-19 19:21:03 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 2577581c273ef2117b004123118d7acd SHA-1: 85bb0d43ec7fcf8a71db229dba97f235a72d7de3 SHA-256: 405e2153d348d2e66566b72b6aecd55cdf451d211a9d094598eb494fe2107d0f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute potentially malicious content hosted on the 'gorillawalker.com' domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/smart-kids-play-and-learn-colors-and-shapes-smart-kids.pdf
    • http://www.gorillawalker.com/the-new-green-juicing-diet-with-60-alkalizing-energizing-detoxifying.pdf
    • http://www.gorillawalker.com/the-cat-and-the-mouse-sheet.pdf
    • http://www.gorillawalker.com/the-ethics-of-educational-leadership.pdf
    • http://www.gorillawalker.com/review-of-vascular-surgery-vascular-surgery-bimr-surgery.pdf
    • http://www.gorillawalker.com/ratnakirti-s-proof-of-momentariness-by-positive-correlation-ksanabhangasiddhi-anvayatmika.pdf
    • http://www.gorillawalker.com/creating-cool-cocktails-kindle-edition.pdf
    • http://www.gorillawalker.com/if-statues-could-talk-a-london-adventure-step-outside-guides.pdf
    • http://www.gorillawalker.com/the-scorecard-always-lies-a-year-behind-the-scenes-on.pdf
    • http://www.gorillawalker.com/get-your-child-to-the-top-help-your-child-succeed.pdf
    • http://www.gorillawalker.com/set-theory-with-a-universal-set-exploring-an-untyped-universe.pdf
    • http://www.gorillawalker.com/what-can-we-do-about-deforestation-protecting-our-planet.pdf
    • http://www.gorillawalker.com/street-smarts-high-probability-short-term-trading-strategies.pdf
    • http://www.gorillawalker.com/prostate-cancer-diagnosis-psa-biopsy-and-beyond-current-clinical-urology.pdf
    • http://www.gorillawalker.com/conductivity-and-magnetism-the-legacy-of-felix-bloch.pdf
    • http://www.gorillawalker.com/hall-of-fame-of-southern-recipes-best-of-the-best.pdf
    • http://www.gorillawalker.com/statistics-and-the-evaluation-of-evidence-for-forensic-scientists.pdf
    • http://www.gorillawalker.com/life-student-cd-lecture-notebook-writing-papers-in-the-biological.pdf
    • http://www.gorillawalker.com/writer-s-world-essays-value-pack-includes-prentice-hall-editing.pdf
    • http://www.gorillawalker.com/live-beat-3-teacher-s-resources-upbeat.pdf
    • http://www.gorillawalker.com/rinconete-y-cortadillo-libro-cd-leer-en-espanol-level-2.pdf
    • http://www.gorillawalker.com/internet-the-complete-reference-millennium-edition-the-complete-reference-millennium.pdf
    • http://www.gorillawalker.com/schneider-and-wildman-s-women-and-the-law-stories-stories.pdf
    • http://www.gorillawalker.com/modern-chemistry-forensics-and-applied-science-experiments-student-guide.pdf
    • http://www.gorillawalker.com/much-ado-about-nothing-no-fear-shakespeare.pdf
    • http://www.gorillawalker.com/saint-thomas-more-of-london.pdf
    • http://www.gorillawalker.com/early-reading-comprehension-in-varied-subject-matter-book-a.pdf
    • http://www.gorillawalker.com/homemade-lip-balms-the-ultimate-guide.pdf
    • http://www.gorillawalker.com/rose-bride-lust-in-the-tudor-court.pdf
    • http://www.gorillawalker.com/humic-matter-in-soil-and-the-environment-principles-and-controversies.pdf
    • http://www.gorillawalker.com/india-construction-plans-for-proposed-1-million-metric-ton-per.pdf
    • http://www.gorillawalker.com/smallwood-the-unlikely-revolutionary-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/roamin-love-my-viking-bride.pdf
    • http://www.gorillawalker.com/pillaged-by-the-viking-viking-plunder-book-1.pdf
    • http://www.gorillawalker.com/sammy-the-autobiography-of-sammy-davis-jr.pdf
    • http://www.gorillawalker.com/marvel-visionaries-john-romita-jr-hc.pdf
    • http://www.gorillawalker.com/barron-s-law-dictionary-6th-sixth-edition-bygifis.pdf
    • http://www.gorillawalker.com/ms-marmite-lover-s-secret-tea-party-exquisite-recipes-for.pdf
    • http://www.gorillawalker.com/anatomy-laminated-medical-series.pdf
    • http://www.gorillawalker.com/bohemian-the-stone-masters-vampire-seriesbook-four.pdf
    • http://www.gorillawalker.com/ratnakirti-s-proof-of-momentariness-by-positive-correlation-ksanab
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.