Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6ee3ea029afabaf…

MALICIOUS

PDF

42.5 KB Created: 2018-11-23 08:00:21 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: c549777e60d9e631f9e3cd947fa4d052 SHA-1: b436dcfa2d0722844b9865096f58b628ce47c453 SHA-256: e6ee3ea029afabaf6f542c99bdc27cfec8a790d91ca542483f2789c0bc72e83b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content, with the domain 'gorillawalker.com' being the main IOC.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/u-play-plus-pops-a-plus-b-c-or-d.pdf
    • http://www.gorillawalker.com/i-shouldn-t-even-be-doing-this-and-other-things.pdf
    • http://www.gorillawalker.com/materials-science-with-ion-beams-topics-in-applied-physics.pdf
    • http://www.gorillawalker.com/holt-science-and-technology-life-earth-and-physical-georgia-study.pdf
    • http://www.gorillawalker.com/tratado-sobre-limites-y-libre-navegacion-y-convenio-sobre-modus.pdf
    • http://www.gorillawalker.com/law-society-and-transition-in-myanmar.pdf
    • http://www.gorillawalker.com/adventures-in-philosophy.pdf
    • http://www.gorillawalker.com/power-up-pilates-52-brilliant-ideas.pdf
    • http://www.gorillawalker.com/metamorphoses-illustrated-inspirational-love-poems-of-ancient-beauty-cupid-amor.pdf
    • http://www.gorillawalker.com/anfibios-dk-eyewitness-books-spanish-edition.pdf
    • http://www.gorillawalker.com/a-walk-in-the-rain.pdf
    • http://www.gorillawalker.com/cocoon-interfaces-of-the-new-social-networks-in-future-portuguese.pdf
    • http://www.gorillawalker.com/spanish-and-italian-songbooks-english-and-german-edition.pdf
    • http://www.gorillawalker.com/alone-together-making-an-asperger-marriage-work-by-katrin-bentley.pdf
    • http://www.gorillawalker.com/jerusalem-the-biography.pdf
    • http://www.gorillawalker.com/mksap-15-medical-knowledge-self-assessment-program-infectious-diseases.pdf
    • http://www.gorillawalker.com/benedict-arnold-misunderstood-hero.pdf
    • http://www.gorillawalker.com/dinosaurs-a-golden-photo-guide-from-st-martin-s-press.pdf
    • http://www.gorillawalker.com/guide-to-owning-a-maine-coon-cat-grooming-feeding-handling.pdf
    • http://www.gorillawalker.com/oaxaca-al-gusto-an-infinite-gastronomy-william-bettye-nowlin-series.pdf
    • http://www.gorillawalker.com/the-many-coloured-land-the-saga-of-the-exiles.pdf
    • http://www.gorillawalker.com/neymar-the-wizard.pdf
    • http://www.gorillawalker.com/medical-entomology-for-students.pdf
    • http://www.gorillawalker.com/romantic-poetry-and-the-fragmentary-imperative-schlegel-byron-joyce-blanchot.pdf
    • http://www.gorillawalker.com/testimonios-del-48-v-2-biblioteca-coleccion-de-periodismo-reportajes.pdf
    • http://www.gorillawalker.com/ghost-stories-oxford-bookworms.pdf
    • http://www.gorillawalker.com/understanding-the-sacraments-confirmation-understanding-the-sacraments-series.pdf
    • http://www.gorillawalker.com/the-cannabis-debate-issues.pdf
    • http://www.gorillawalker.com/barra-querida-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/1-2-3-magic-effective-discipline-for-children-2-150.pdf
    • http://www.gorillawalker.com/the-true-tale-of-johnny-appleseed.pdf
    • http://www.gorillawalker.com/the-badminton-cabinet.pdf
    • http://www.gorillawalker.com/come-into-my-parlour-cautionary-verses-and-instructive-tales-for.pdf
    • http://www.gorillawalker.com/blood-purple-blood-series.pdf
    • http://www.gorillawalker.com/principles-of-computational-fluid-dynamics-springer-series-in-computational-mathematics.pdf
    • http://www.gorillawalker.com/patchwork-kindle-edition.pdf
    • http://www.gorillawalker.com/ten-days-without-daring-adventures-in-discomfort-that-will-change.pdf
    • http://www.gorillawalker.com/blodgett-memorial-medical-center-school-of-nursing-history-a-century.pdf
    • http://www.gorillawalker.com/mechanical-properties-of-materials-solid-mechanics-and-its-applications.pdf
    • http://www.gorillawalker.com/bicycling-the-pacific-coast-a-complete-route-guide-canada-to.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.