Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee20101b88c5b352…

MALICIOUS

PDF

34.9 KB Created: 2019-12-13 19:21:23 +03:00 Authoring application: -
MD5: 29d8d50d50d03c21d250657757c01aa1 SHA-1: 315d1435dd385d5fc2d96e01641c606872f649d3 SHA-256: ee20101b88c5b352233981166e92d882129aadba8c12b81dafea1618619e4143
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the PDF as malicious. The primary purpose appears to be directing users to a vast collection of external PDF files hosted on gorillawalker.com, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/t-ai-chi-pa-kua-advanced-techniques-for-all-martial.pdf
    • http://www.gorillawalker.com/bacard-y-la-larga-lucha-por-cuba-spanish-edition.pdf
    • http://www.gorillawalker.com/autumn-killing-a-thriller-the-malin-fors-thrillers.pdf
    • http://www.gorillawalker.com/being-a-green-mother-incarnations-of-immortality-book-5.pdf
    • http://www.gorillawalker.com/the-age-of-anxiety-a-history-of-america-s-turbulent.pdf
    • http://www.gorillawalker.com/north-carolina-trivia-weird-wacky-and-wild.pdf
    • http://www.gorillawalker.com/alcoholics-anonymous.pdf
    • http://www.gorillawalker.com/the-final-conflict-a-tale-of-the-two-witnesses-tears.pdf
    • http://www.gorillawalker.com/drawn-with-the-sword-reflections-on-the-american-civil-war.pdf
    • http://www.gorillawalker.com/nature-photography-close-up-macro-techniques-in-the-field.pdf
    • http://www.gorillawalker.com/the-28th-north-carolina-infantry-a-civil-war-history-and.pdf
    • http://www.gorillawalker.com/the-gendered-lyric-subjectivity-and-difference-in-19th-century-french.pdf
    • http://www.gorillawalker.com/alexander-orlov-the-fbi-s-kgb-general.pdf
    • http://www.gorillawalker.com/der-gestiefelte-kater-ein-kinderm-rchen-in-drei-akten-mit.pdf
    • http://www.gorillawalker.com/the-ama-handbook-of-business-writing-the-ultimate-guide-to.pdf
    • http://www.gorillawalker.com/fly-europe-the-complete-guide-to-budget-airline-destinations.pdf
    • http://www.gorillawalker.com/the-abc-s-of-spirituality-in-business-enlightenment.pdf
    • http://www.gorillawalker.com/clinical-methods-of-neuro-ophthalmologic-examination.pdf
    • http://www.gorillawalker.com/an-introduction-to-plato-s-republic.pdf
    • http://www.gorillawalker.com/women-s-travel-writings-in-revolutionary-france-chawton-house-library.pdf
    • http://www.gorillawalker.com/dragon-s-law-damon.pdf
    • http://www.gorillawalker.com/the-food-allergy-plan-a-working-doctor-s-self-help.pdf
    • http://www.gorillawalker.com/business-statistics-abridged-with-student-resource-access.pdf
    • http://www.gorillawalker.com/the-cistercian-order-in-medieval-europe-1090-1500-the-medieval.pdf
    • http://www.gorillawalker.com/timby-10e-text-lww-docucare-one-year-access-plus-ford.pdf
    • http://www.gorillawalker.com/how-to-take-it-apart-como-desbaratarlo-zeri-fables-spanish.pdf
    • http://www.gorillawalker.com/regionalism-and-rebellion-in-yemen-a-troubled-national-union-cambridge.pdf
    • http://www.gorillawalker.com/california-its-gold-and-its-inhabitants-volume-2-of-2.pdf
    • http://www.gorillawalker.com/american-empire-and-the-politics-of-meaning-elite-political-cultures.pdf
    • http://www.gorillawalker.com/modern-coin-manipulations-learn-to-do-magic-tricks-with-coins.pdf
    • http://www.gorillawalker.com/the-best-of-greek-cuisine.pdf
    • http://www.gorillawalker.com/the-katy-perry-album.pdf
    • http://www.gorillawalker.com/moscow-rules-gabriel-allon-series.pdf
    • http://www.gorillawalker.com/memphis-cookbook-plastic-comb.pdf
    • http://www.gorillawalker.com/king-sunny-ade-the-legend-cultural-communication-via-a-genre.pdf
    • http://www.gorillawalker.com/historical-atlas-of-canada-volume-iii-addressing-the-twentieth-century.pdf
    • http://www.gorillawalker.com/the-colonial-elite-of-early-caracas-formation-and-crisis-1567.pdf
    • http://www.gorillawalker.com/the-immigration-and-naturalization-service-s-contacts-with-two-september.pdf
    • http://www.gorillawalker.com/i-say-yes-i-say-no-hola-english.pdf
    • http://www.gorillawalker.com/satan-nun-sex-monster-and-myth-sex-book-1.pdf
    • http://www.gorillawalker.com/fly-europe-the-complete-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.