Malicious PDF — malware analysis report

Static analysis result for SHA-256 014220aa8277f376…

MALICIOUS

PDF

43.4 KB Created: 2018-12-15 20:07:41 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: 6a96d21458dce95496a7710c489a1676 SHA-1: 78408538d2f29052999d6a55c0057cf259df4cc6 SHA-256: 014220aa8277f3768bc413048e10aaf567023e078d4a6ad642c1d71978e3d8c8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be distributing a link farm, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/animal-neighbours-hare.pdf
    • http://www.gorillawalker.com/cambridge-wizard-student-guide-a-lesson-before-dying-cambridge-wizard.pdf
    • http://www.gorillawalker.com/bartender-magazine-s-ultimate-bartender-s-guide-more-than-1.pdf
    • http://www.gorillawalker.com/basic-cpt-hcpcs-coding-2006.pdf
    • http://www.gorillawalker.com/academic-encounters-level-4-teacher-s-manual-listening-and-speaking.pdf
    • http://www.gorillawalker.com/multiple-beam-directors-for-naval-free-electron-laser-weapons-kindle.pdf
    • http://www.gorillawalker.com/integral-transforms-and-their-applications-third-edition.pdf
    • http://www.gorillawalker.com/meta-products-building-the-internet-of-things.pdf
    • http://www.gorillawalker.com/colum-s-viking-captivity-ii-riding-the-dragon-gay-viking.pdf
    • http://www.gorillawalker.com/the-adventures-of-dr-mcninja-volume-2-timefist.pdf
    • http://www.gorillawalker.com/understanding-financial-statements-11th-edition.pdf
    • http://www.gorillawalker.com/where-there-is-no-government-enforcing-property-rights-in-common.pdf
    • http://www.gorillawalker.com/a-cup-of-coffee-from-plantation-to-pot-a-coffee.pdf
    • http://www.gorillawalker.com/how-to-build-your-own-country-citizenkid.pdf
    • http://www.gorillawalker.com/mania-on-the-loose-a-bipolar-life-can-be-a.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-vol.pdf
    • http://www.gorillawalker.com/rand-mcnally-naples-marco-island-rand-mcnally-easyfinder.pdf
    • http://www.gorillawalker.com/pak-history-of-rock-and-roll-music-online.pdf
    • http://www.gorillawalker.com/crimes-of-the-century-cannibal-killers-from-the-case-files.pdf
    • http://www.gorillawalker.com/the-year-s-best-science-fiction-seventeenth-annual-collection.pdf
    • http://www.gorillawalker.com/hinduism-what-really-happenned-in-india.pdf
    • http://www.gorillawalker.com/sex-and-the-dorf-german-edition.pdf
    • http://www.gorillawalker.com/gratitude-and-trust-six-affirmations-that-will-change-your-life.pdf
    • http://www.gorillawalker.com/hive-earth-fall-book-2.pdf
    • http://www.gorillawalker.com/fodor-s-montana-and-wyoming-2nd-edition-fodor-s-montana.pdf
    • http://www.gorillawalker.com/neotectonics-of-north-america-decade-map-volume-to-accompany-the.pdf
    • http://www.gorillawalker.com/classi-caratteristiche-e-questioni-connesse-lectures-given-at-a-summer.pdf
    • http://www.gorillawalker.com/alt-history-101-alt-chronicles.pdf
    • http://www.gorillawalker.com/george-frideric-handel-volume-1-1609-1725-collected-documents-collected.pdf
    • http://www.gorillawalker.com/mario-de-janeiro-testino.pdf
    • http://www.gorillawalker.com/enchanted-self-a-positive-therapy-new-directions-in-therapeutic-intervention.pdf
    • http://www.gorillawalker.com/engineering-thermodynamics-s-i-units-work-and-heat-transfer.pdf
    • http://www.gorillawalker.com/development-and-validation-of-analytical-methods-volume-3-progress-in.pdf
    • http://www.gorillawalker.com/iron-fey-series-volume-1-the-iron-king-winter-s.pdf
    • http://www.gorillawalker.com/fronteiras-do-brazil-e-da-guyana-ingleza-o-direito-do.pdf
    • http://www.gorillawalker.com/ecstasy-incredibly-disgusting-drugs.pdf
    • http://www.gorillawalker.com/maltese-2013-wall-calendar-just-willow-creek.pdf
    • http://www.gorillawalker.com/rodeo-downunder.pdf
    • http://www.gorillawalker.com/survival-kindle-edition.pdf
    • http://www.gorillawalker.com/books-for-kids-aquatica-the-princess-fairy-children-s-books.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.