Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3e7bc04899281d0…

MALICIOUS

PDF

42.4 KB Created: 2019-01-06 08:12:59 +03:00 Authoring application: - (via htmldoc 1.8.27 Copyright 1997-2006 Easy Software Products, All Rights Reserved.)
MD5: a757be3c305e2f6ab25e4f079dcf58eb SHA-1: f5fab14a1c5d23e2e56482e294681f97350e024e SHA-256: e3e7bc04899281d01d9b6c495694012e674a307e2ae2fc12df09fc766ca6fdd7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large link farm pointing to external PDF documents. The ML classifier also flagged the document as malicious. The embedded URLs, all hosted on 'gorillawalker.com', suggest a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/john-barrymore-a-bio-bibliography-bio-bibliographies-in-the-performing.pdf
    • http://www.gorillawalker.com/vimy-ridge-a-canadian-reassessment.pdf
    • http://www.gorillawalker.com/facelift-at-your-fingertips-an-aromatherapy-massage-program-for-healthy.pdf
    • http://www.gorillawalker.com/the-ankle-in-football-sports-and-traumatology.pdf
    • http://www.gorillawalker.com/where-time-stood-still-a-portrait-of-oman.pdf
    • http://www.gorillawalker.com/managerial-acct2-with-cengagenow-with-ebook-printed-access-card.pdf
    • http://www.gorillawalker.com/look-up-way-up-the-friendly-giant-the-biography-of.pdf
    • http://www.gorillawalker.com/the-principles-of-unarmed-combat.pdf
    • http://www.gorillawalker.com/a-1st-book-on-ecgs-2014.pdf
    • http://www.gorillawalker.com/wrapping-it-up-making-sensational-all-occasion-wraps.pdf
    • http://www.gorillawalker.com/marine-combat-water-survival-mcrp-3-02c-kindle-edition.pdf
    • http://www.gorillawalker.com/o-ye-jigs-juleps.pdf
    • http://www.gorillawalker.com/purification-buddhist-movement-1954-1970-the-struggle-to-restore-celibacy.pdf
    • http://www.gorillawalker.com/fodor-s-san-francisco-with-pull-out-map-fodor-san.pdf
    • http://www.gorillawalker.com/creation.pdf
    • http://www.gorillawalker.com/if-you-love-that-lady-don-t-marry-her-the.pdf
    • http://www.gorillawalker.com/bugden-cyril-v-bugden-mary-u-s-supreme-court-transcript.pdf
    • http://www.gorillawalker.com/origami-boxes-for-gifts-treasures-trifles.pdf
    • http://www.gorillawalker.com/surgery-of-the-liver-bile-ducts-and-pancreas-in-children.pdf
    • http://www.gorillawalker.com/promise-canyon-a-virgin-river-novel.pdf
    • http://www.gorillawalker.com/does-she-smile-at-home.pdf
    • http://www.gorillawalker.com/the-baffled-parent-s-guide-to-coaching-youth-basketball-baffled.pdf
    • http://www.gorillawalker.com/wool-gathering.pdf
    • http://www.gorillawalker.com/omega-arrested-the-alpha-cop-s-baby-3-gay-romance.pdf
    • http://www.gorillawalker.com/california-powerball-combinations-volume34.pdf
    • http://www.gorillawalker.com/lawful-order-a-case-study-of-correctional-crisis-and-reform.pdf
    • http://www.gorillawalker.com/field-manual-fm-7-22-7-tc-22-6-the.pdf
    • http://www.gorillawalker.com/horse-journal-the-blokehead-journals.pdf
    • http://www.gorillawalker.com/resumes-and-personal-statements-for-health-professionals.pdf
    • http://www.gorillawalker.com/elihu-root-collection-of-united-states-documents-relating-to-the.pdf
    • http://www.gorillawalker.com/otonagatanoshimunazonazomondaisyuu3-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/animals-a-children-s-encyclopedia-hardcover.pdf
    • http://www.gorillawalker.com/don-t-you-believe-it-exposing-the-myths-behind-commonly.pdf
    • http://www.gorillawalker.com/who-said-queuing-up-at-the-post-office-was-boring.pdf
    • http://www.gorillawalker.com/prophecy-for-kids.pdf
    • http://www.gorillawalker.com/siqueiros-y-blanca-luz-brum-una-pasion-tormentosa-grandes-amores.pdf
    • http://www.gorillawalker.com/the-china-pakistan-axis-asia-s-new-geopolitics-kindle-edition.pdf
    • http://www.gorillawalker.com/optical-probes-in-biology-series-in-cellular-and-clinical-imaging.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-korea-rough-guide-to.pdf
    • http://www.gorillawalker.com/the-greenwood-encyclopedia-of-love-courtship-and-sexuality-through-history.pdf
    • http://www.gorillawalker.com/where-time-stood-still-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.