Malicious PDF — malware analysis report

Static analysis result for SHA-256 0124805df3a5bc66…

MALICIOUS

PDF

44.6 KB Created: 2018-11-14 08:41:00 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: 89c70b6a6bf815130b59b5ee999b37b7 SHA-1: 743c9148a9165cda5d5e290310d9e9e7600c7865 SHA-256: 0124805df3a5bc66ca8ca6f16f7373758bf1fc0cc9fa067694aeeaaeb6fdf51c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/asi-se-dice-level-1-glencoe-spanish-spanish-edition.pdf
    • http://www.gorillawalker.com/the-legend-of-sithalkaan.pdf
    • http://www.gorillawalker.com/afterlife-3-easy-steps-to-connecting-and-communicating-with-your.pdf
    • http://www.gorillawalker.com/lennon-john-spanish-edition.pdf
    • http://www.gorillawalker.com/the-passion-of-tiger-woods-an-anthropologist-reports-on-golf.pdf
    • http://www.gorillawalker.com/bundle-today-s-technician-automotive-engine-performance-5th-natef-standards.pdf
    • http://www.gorillawalker.com/der-nischen-masterplan-die-schritt-f.pdf
    • http://www.gorillawalker.com/the-forerunner-john-the-baptist-kindle-edition.pdf
    • http://www.gorillawalker.com/sight-and-sensibility-evaluating-pictures.pdf
    • http://www.gorillawalker.com/motorcycle-racing-checkered-flag.pdf
    • http://www.gorillawalker.com/family-of-volunteers-an-illustrated-history-of-the-48th-highlanders.pdf
    • http://www.gorillawalker.com/consent.pdf
    • http://www.gorillawalker.com/the-freud-jung-letters-the-correspondence-between-sigmund-freud-and.pdf
    • http://www.gorillawalker.com/garfield-souped-up-his-57th-book.pdf
    • http://www.gorillawalker.com/hands-on-life-science-activities-for-grades-k-6.pdf
    • http://www.gorillawalker.com/a-leechbook-or-collection-of-medical-recipes-of-the-fifteenth.pdf
    • http://www.gorillawalker.com/in-the-amazon-jungle-adventures-in-remote-parts-of-the.pdf
    • http://www.gorillawalker.com/franco-prussian-war-after-sedan-volume-2-helmuth-von-moltke.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-mathematical-logic-dover-books-on.pdf
    • http://www.gorillawalker.com/the-harper-atlas-of-world-history.pdf
    • http://www.gorillawalker.com/adel-abdessemed-situation-and-practice.pdf
    • http://www.gorillawalker.com/gerhart-hauptmann-die-weber-german-edition.pdf
    • http://www.gorillawalker.com/anatomia-y-cinesiologia-de-la-danza-anatomy-and-kinesiology-of.pdf
    • http://www.gorillawalker.com/seismic-evaluation-and-rehabilitation-of-structures-geotechnical-geological-and-earthquake.pdf
    • http://www.gorillawalker.com/finite-elements-in-fracture-mechanics-theory-numerics-applications-solid-mechanics.pdf
    • http://www.gorillawalker.com/the-glasgow-boys-wall-calendar-2016-art-calendar.pdf
    • http://www.gorillawalker.com/theoretical-studies-towards-a-sociology-of-language.pdf
    • http://www.gorillawalker.com/hawaiian-legends-of-volcanoes-mythology.pdf
    • http://www.gorillawalker.com/off-with-their-heads-fairy-tales-and-the-culture-of.pdf
    • http://www.gorillawalker.com/sociological-theory-a-book-of-readings.pdf
    • http://www.gorillawalker.com/the-lost-and-forgotten-languages-of-shanghai-a-novel.pdf
    • http://www.gorillawalker.com/school-home-notes-promoting-children-s-classroom-success.pdf
    • http://www.gorillawalker.com/cowboy-christmas-rescue-mills-boon-romantic-suspense.pdf
    • http://www.gorillawalker.com/essays-on-computer-law.pdf
    • http://www.gorillawalker.com/telephone-switching-apparatus-in-bangladesh-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-30-day-heartbreak-cure-getting-over-him-and-back.pdf
    • http://www.gorillawalker.com/silver-bells-flute-trios.pdf
    • http://www.gorillawalker.com/birth-sounds-tales-from-labor-delivery.pdf
    • http://www.gorillawalker.com/basic-bankruptcy-law-for-paralegals-abridged-2nd-edition-aspen-college.pdf
    • http://www.gorillawalker.com/istanbul-avrupa-kultur-baskenti-rusca.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.