Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad3b488d1353d08f…

MALICIOUS

PDF

45.8 KB Created: 2018-11-30 20:08:33 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 0bd5f46ab2662a87c8c14b1b537d3b61 SHA-1: af19a6b8938441234825570eda4230c99ea759ad SHA-256: ad3b488d1353d08fbea6e6b4a6c4dc7f70015bb5659a0173a459b86ade1f4822
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a vast collection of PDFs hosted on www.gorillawalker.com, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mathematics-and-measurement-reading-the-past-vol-2.pdf
    • http://www.gorillawalker.com/digital-contagions-a-media-archaeology-of-computer-viruses-digital-formations.pdf
    • http://www.gorillawalker.com/japanese-export-porcelain-catalogue-of-the-collection-of-the-ashmolean.pdf
    • http://www.gorillawalker.com/quantum-theory-for-mathematicians-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/mail-order-bride-the-texas-cowboy-s-heart-clean-historical.pdf
    • http://www.gorillawalker.com/federal-dispute-resolution-using-adr-with-the-united-states-government.pdf
    • http://www.gorillawalker.com/l-e-a-p-27.pdf
    • http://www.gorillawalker.com/ajedrez-en-la-escuela-8-a-10-anos-spanish-edition.pdf
    • http://www.gorillawalker.com/got-jacked-a-taboo-adventure-jack-tower-series-book-1.pdf
    • http://www.gorillawalker.com/hawaii-s-favorite-bento-box-recipes-lots-of-fun-lunches.pdf
    • http://www.gorillawalker.com/the-heart-of-the-matter-perspectives-on-emotion-in-marital.pdf
    • http://www.gorillawalker.com/like-twin-stars-bisexual-erotic-stories-erotic-fantasy-science-fiction.pdf
    • http://www.gorillawalker.com/visions-of-a-compassionate-world-guided-imagery-for-spiritual-growth.pdf
    • http://www.gorillawalker.com/cuentos-completos-de-andersen-ilustrado-spanish-edition.pdf
    • http://www.gorillawalker.com/ovarian-cysts-symptoms-causes-and-treatment-obstetrics-and-gynecology-advances.pdf
    • http://www.gorillawalker.com/for-the-love-2-re-edited-kindle-edition.pdf
    • http://www.gorillawalker.com/muskoka-dining-guide-and-favourite-recipes.pdf
    • http://www.gorillawalker.com/the-mystic-vision-papers-from-the-eranos-yearbooks-vol-6.pdf
    • http://www.gorillawalker.com/chess-openings-for-black-explained-a-complete-repertoire.pdf
    • http://www.gorillawalker.com/linear-and-geometric-algebra-paperback.pdf
    • http://www.gorillawalker.com/emergency-carbon-monoxide-poisoning-improving-the-care-of-cancer-survivors.pdf
    • http://www.gorillawalker.com/practical-theology-and-the-one-body-of-christ-toward-a.pdf
    • http://www.gorillawalker.com/the-puffin-history-of-india-volume-2.pdf
    • http://www.gorillawalker.com/el-dhammapada-el-camino-de-la-verdad-spanish-edition.pdf
    • http://www.gorillawalker.com/buddy-and-earl.pdf
    • http://www.gorillawalker.com/marvels-of-pond-life-or-a-year-s-microscopic-recreations.pdf
    • http://www.gorillawalker.com/second-round-tea-time-at-the-masters.pdf
    • http://www.gorillawalker.com/delmar-s-clinical-laboratory-manual-series-hematology.pdf
    • http://www.gorillawalker.com/wayward-daughter-the-official-biography-of-eliza-carthy.pdf
    • http://www.gorillawalker.com/lifepac-set-of-4-math-student-books-grade-10-units.pdf
    • http://www.gorillawalker.com/passport-to-world-band-radio.pdf
    • http://www.gorillawalker.com/an-exegetical-summary-of-1-and-2-thessalonians-second-edition.pdf
    • http://www.gorillawalker.com/the-equity-risk-premium-the-long-run-future-of-the.pdf
    • http://www.gorillawalker.com/the-lebanese-kitchen.pdf
    • http://www.gorillawalker.com/finding-my-bear-a-paranormal-bbw-werebear-erotic-romance-bundle.pdf
    • http://www.gorillawalker.com/la-prueba-de-las-promesas-teatro-spanish-edition.pdf
    • http://www.gorillawalker.com/practical-digital-video-with-programming-examples-in-c-wiley-professional.pdf
    • http://www.gorillawalker.com/virgo.pdf
    • http://www.gorillawalker.com/zen-and-the-art-of-producing.pdf
    • http://www.gorillawalker.com/dance-at-grandpa-s-turtleback-school-library-binding-edition-my.pdf
    • http://www.gorillawalker.com/federa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.