Malicious PDF — malware analysis report

Static analysis result for SHA-256 b3e7052ab80d5efd…

MALICIOUS

PDF

42.5 KB Created: 2018-11-26 08:22:33 +03:00 Authoring application: - (via Acrobat Distiller 5.0 (Windows))
MD5: 18bacbb077c14afa6a4af8bdcb8d7d3d SHA-1: 547048cfd7b28212871c6d4f7a1fd42f5366e13e SHA-256: b3e7052ab80d5efdfef74548b8182d937a808e187f0f19d0370e0bb617257a45
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a heuristic firing indicating a link farm with 32 external PDF links. The ML classifier also flagged the document as malicious with a high probability. The embedded URLs point to various PDF documents on the domain www.gorillawalker.com, suggesting a lure to download more content, potentially malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ishavasya-upanishad-maari-samaj-pramaane-gujarati-edition.pdf
    • http://www.gorillawalker.com/stepshifter-14-alpha-billionaire-lover-a-nyc-mma-seal-bbw.pdf
    • http://www.gorillawalker.com/international-association-of-theoretical-and-applied-limnology-volume-28-part.pdf
    • http://www.gorillawalker.com/meteorology-quick-study-academic.pdf
    • http://www.gorillawalker.com/underwater-tailing-placement-at-island-copper-mine-a-success-story.pdf
    • http://www.gorillawalker.com/living-beyond-yourself-leader-s-guide.pdf
    • http://www.gorillawalker.com/digital-photogrammetry-a-practical-course.pdf
    • http://www.gorillawalker.com/law-in-a-flash-cards-civil-procedure-ii.pdf
    • http://www.gorillawalker.com/insect-behavior-a-sourcebook-of-laboratory-and-field-exercises.pdf
    • http://www.gorillawalker.com/rand-mcnally-fort-worth-city-maps-usa.pdf
    • http://www.gorillawalker.com/book-of-numbers-a-novel.pdf
    • http://www.gorillawalker.com/the-civil-war-america-goes-to-war.pdf
    • http://www.gorillawalker.com/design-and-performance-validation-of-phantoms-used-in-conjunction-with.pdf
    • http://www.gorillawalker.com/metered-dose-inhaler-technology.pdf
    • http://www.gorillawalker.com/america-s-strategy-in-world-politics-the-united-states-and.pdf
    • http://www.gorillawalker.com/escape-routes.pdf
    • http://www.gorillawalker.com/by-leften-stavrianos-a-global-history-from-prehistory-to-the.pdf
    • http://www.gorillawalker.com/deschide-mi-ochii-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-fortran-kindle-edition.pdf
    • http://www.gorillawalker.com/circle-dancing-celebrating-the-sacred-in-dance.pdf
    • http://www.gorillawalker.com/fortunate-pilgrim.pdf
    • http://www.gorillawalker.com/thomas-jefferson-architect-of-democracy.pdf
    • http://www.gorillawalker.com/a-gentleman-s-wager-scandalous-seductions-book-1.pdf
    • http://www.gorillawalker.com/supervillainous-confessions-of-a-costumed-evil-doer.pdf
    • http://www.gorillawalker.com/bahamas-company-laws-and-regulations-handbook-world-law-business-library.pdf
    • http://www.gorillawalker.com/arc-welding-the-new-age-in-iron-and-steel.pdf
    • http://www.gorillawalker.com/hypnotic-scripts-that-work-the-breakthrough-book-version-7-0.pdf
    • http://www.gorillawalker.com/practical-mathematics-for-beginners.pdf
    • http://www.gorillawalker.com/slumber-party-taboo-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/theo-boone-und-der-entflohene-m-rder-band-5-german.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-immigration-law-keyed-to-aleinikoff-martin-motomura.pdf
    • http://www.gorillawalker.com/aethersymphonie-ein-annabelle-rosenherz-roman-aetherwelt-volume-3-german-edition.pdf
    • http://www.gorillawalker.com/internet-of-things-a-hands-on-approach.pdf
    • http://www.gorillawalker.com/barbarism-and-religion-volume-4-barbarians-savages-and-empires.pdf
    • http://www.gorillawalker.com/everyday-raw-detox.pdf
    • http://www.gorillawalker.com/the-eagle-of-the-ninth-the-roman-britain-trilogy.pdf
    • http://www.gorillawalker.com/crossing-the-tracks-for-love-what-to-do-when-you.pdf
    • http://www.gorillawalker.com/air-confidential-a-flight-attendant-s-tales-of-sex-rage.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-paganism-kindle-edition.pdf
    • http://www.gorillawalker.com/bloggen-f.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.