Malicious PDF — malware analysis report

Static analysis result for SHA-256 52039be7a677ab2b…

MALICIOUS

PDF

41.4 KB Created: 2018-12-28 08:08:53 +03:00 Authoring application: BookVirtual Digital Works (via BookVirtual Corp. Patents Pending.)
MD5: 9a14ebee1d9018b28c873afcf05f4c3e SHA-1: 5d6ef3eea771978dc2599b7b8fe3f864a5950830 SHA-256: 52039be7a677ab2bc010debc01f4e921662f386c6ed90e40de4e110369137262
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern involves directing users to a vast collection of documents hosted on the gorillawalker.com domain, likely as a form of SEO poisoning or to distribute malicious content indirectly.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/before-the-rainbow-what-we-know-about-acid-rain-decisionmakers.pdf
    • http://www.gorillawalker.com/dumbocracy-adventures-with-the-loony-left-the-rabid-right-and.pdf
    • http://www.gorillawalker.com/shooter-the-autobiography-of-the-top-ranked-marine-sniper.pdf
    • http://www.gorillawalker.com/preaching-the-psalms.pdf
    • http://www.gorillawalker.com/community-and-difference-change-in-late-classic-maya-villages-of.pdf
    • http://www.gorillawalker.com/the-kidnapped-king-a-to-z-mysteries.pdf
    • http://www.gorillawalker.com/from-god-to-us-revised-and-expanded-how-we-got.pdf
    • http://www.gorillawalker.com/growing-out-season-3-growing-in-your-gifts-growing-out.pdf
    • http://www.gorillawalker.com/cyber-law-in-spain-second-edition.pdf
    • http://www.gorillawalker.com/drawing-on-history-tempe-s-heritage-through-its-building-and.pdf
    • http://www.gorillawalker.com/florence-nightingale-an-environmental-adaptation-theory-notes-on-nursing-theories.pdf
    • http://www.gorillawalker.com/image-formation-in-low-voltage-scanning-electron-microscopy-spie-tutorial.pdf
    • http://www.gorillawalker.com/non-equilibrium-thermodynamics-in-multiphase-flows-soft-and-biological-matter.pdf
    • http://www.gorillawalker.com/aerobic-instructor-s-handbook.pdf
    • http://www.gorillawalker.com/football-greats.pdf
    • http://www.gorillawalker.com/daniel-buren-eye-of-the-storm.pdf
    • http://www.gorillawalker.com/the-third-law.pdf
    • http://www.gorillawalker.com/networking-for-lead-generation-networking-for-introverts-networking-for-people.pdf
    • http://www.gorillawalker.com/abraham-lincoln-complete-works-comprising-his-speeches-letters-state-papers.pdf
    • http://www.gorillawalker.com/looking-for-seabirds-journal-from-an-alaskan-voyage-outstanding-science.pdf
    • http://www.gorillawalker.com/exploration-fawcett-1st-first-edition-text-only.pdf
    • http://www.gorillawalker.com/the-3d-printing-bible-everything-you-need-to-know-about.pdf
    • http://www.gorillawalker.com/junior-stock-stock-class-drag-racing-1964-1971.pdf
    • http://www.gorillawalker.com/a-pain-in-your-workplace-ergonomic-problems-and-solutions-guidance.pdf
    • http://www.gorillawalker.com/the-tv-star.pdf
    • http://www.gorillawalker.com/the-mystery-at-the-ballpark-boxcar-children-mystery-activities-specials.pdf
    • http://www.gorillawalker.com/while-i-was-waiting.pdf
    • http://www.gorillawalker.com/magill-s-survey-of-cinema-english-language-films-magill-s.pdf
    • http://www.gorillawalker.com/adoring-jesus-with-the-holy-father.pdf
    • http://www.gorillawalker.com/national-disability-council-annual-report-house-of-commons-papers.pdf
    • http://www.gorillawalker.com/saxon-algebra-2-student-ebook-kit-2009.pdf
    • http://www.gorillawalker.com/buddhist-scriptures.pdf
    • http://www.gorillawalker.com/the-holy-ghost-has-a-funny-bone.pdf
    • http://www.gorillawalker.com/diffuse-malignant-mesothelioma-kindle-edition.pdf
    • http://www.gorillawalker.com/raising-healthy-cattle.pdf
    • http://www.gorillawalker.com/favorite-greek-myths-yesterday-s-classics.pdf
    • http://www.gorillawalker.com/cooking-light-way-to-cook-the-complete-visual-guide-to.pdf
    • http://www.gorillawalker.com/a-christmas-album.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-engineering-physics.pdf
    • http://www.gorillawalker.com/cute-piglets-living-in-the-country-happy-piglets-calvendo-animals.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.