Malicious PDF — malware analysis report

Static analysis result for SHA-256 e0e3897be340bd0d…

MALICIOUS

PDF

43.0 KB Created: 2018-11-30 20:33:49 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 019f97c28b0942b10f002844e8f59f28 SHA-1: 9682aed2f6c550fca337a07a9b42955293c4d7f6 SHA-256: e0e3897be340bd0d8f07d3fc20a807e100856c20437df559ec2a4c3a13a408d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, identified as a PDF_SEO_LINK_FARM heuristic. The document body contains numerous URLs pointing to PDF files hosted on www.gorillawalker.com. This suggests a campaign focused on SEO manipulation or distributing further content via these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/buffalo-bills-101-my-first-team-board-book.pdf
    • http://www.gorillawalker.com/this-way-southern-africa-south-africa-namibia-botswana-zimbabwe-richtung.pdf
    • http://www.gorillawalker.com/fixing-leaks-assessing-the-department-of-defense-s-approach-to.pdf
    • http://www.gorillawalker.com/my-first-guitar-tales-of-true-love-and-lost-chords.pdf
    • http://www.gorillawalker.com/le-nouveau-sans-frontieres-workbook-level-4-french-edition.pdf
    • http://www.gorillawalker.com/best-juicing-books-for-health-smoothies-are-like-you-healthy.pdf
    • http://www.gorillawalker.com/how-to-probate-an-estate-in-texas-with-forms-and.pdf
    • http://www.gorillawalker.com/the-hurricane.pdf
    • http://www.gorillawalker.com/the-evangelists-being-meditations-upon-the-four-gospels-kindle-edition.pdf
    • http://www.gorillawalker.com/medical-school-essays-that-made-a-difference-5th-edition-graduate.pdf
    • http://www.gorillawalker.com/the-illustrated-london-news-1932-1934-collected-works-of-gk.pdf
    • http://www.gorillawalker.com/the-oxford-compact-english-dictionary-thesaurus.pdf
    • http://www.gorillawalker.com/young-hamilton.pdf
    • http://www.gorillawalker.com/3-day-guide-box-set-a-72-hour-definitive-guide.pdf
    • http://www.gorillawalker.com/stem-cell-engineering-a-wtec-global-assessment-science-policy-reports.pdf
    • http://www.gorillawalker.com/large-print-braintraining-puzzles.pdf
    • http://www.gorillawalker.com/the-western-humanities-volume-1.pdf
    • http://www.gorillawalker.com/nightmare-in-holmes-county-a-true-story.pdf
    • http://www.gorillawalker.com/hitler-and-stalin-parallel-lives.pdf
    • http://www.gorillawalker.com/efronia-an-armenian-love-story-women-s-life-writings-from.pdf
    • http://www.gorillawalker.com/west-side-story-vocal-score.pdf
    • http://www.gorillawalker.com/bed-and-breakfast-stops-1998-england-scotland-wales-ireland.pdf
    • http://www.gorillawalker.com/reading-david.pdf
    • http://www.gorillawalker.com/come-to-me-quietly-the-closer-to-you-series.pdf
    • http://www.gorillawalker.com/imprisoned-prince.pdf
    • http://www.gorillawalker.com/bad-brother-a-stepbrother-romance-part-3.pdf
    • http://www.gorillawalker.com/woman-s-institute-library-of-cookery-vol-2-milk-butter.pdf
    • http://www.gorillawalker.com/treasures-of-coptic-art-2007-calendar.pdf
    • http://www.gorillawalker.com/federal-telecommunications-law.pdf
    • http://www.gorillawalker.com/reckless-urban-books.pdf
    • http://www.gorillawalker.com/artful-arpeggios-bk-cd-reh-prolessons.pdf
    • http://www.gorillawalker.com/true-north.pdf
    • http://www.gorillawalker.com/silent-night-sinful-night.pdf
    • http://www.gorillawalker.com/fusee-level-1-loose-leaf.pdf
    • http://www.gorillawalker.com/frommer-s-spain-and-morocco-plus-the-canary-islands-on.pdf
    • http://www.gorillawalker.com/tattoos-body-piercings-and-teens-library-of-tattoos-and-body.pdf
    • http://www.gorillawalker.com/extra-cellular-matrix-in-the-craniofacial-complex-cells-tissues-organs.pdf
    • http://www.gorillawalker.com/bug-s-life-singalong.pdf
    • http://www.gorillawalker.com/gramatica-activa-2-portuguese-edition.pdf
    • http://www.gorillawalker.com/the-squatter-and-the-don-recovering-the-u-s-hispanic.pdf
    • http://www.gorillawalker.com/the-evangelist
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.