Malicious PDF — malware analysis report

Static analysis result for SHA-256 044aafa357ff8d9d…

MALICIOUS

PDF

42.7 KB Created: 2019-04-11 12:44:02 +03:00 Authoring application: Word (via Acrobat PDFMaker 15 for Word)
MD5: 9c037f301c9042086985ab65717d85f6 SHA-1: 58e62e92a397fc10c68136efc8bf6fe3575d7e36 SHA-256: 044aafa357ff8d9dcc98e180a01fec155221f22d67cbd2b82a6bc4e3d06a7738
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document containing a large number of embedded links to external PDF files hosted on gorillawalker.com. This behavior is indicative of a link farm or SEO manipulation tactic, which can be used to distribute malicious content or engage in phishing. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-manager-s-pocket-guide-to-project-management-manager-s.pdf
    • http://www.gorillawalker.com/berry-islands-bahamas-map-reef-creatures-guide-franko-maps-laminated.pdf
    • http://www.gorillawalker.com/data-mining-and-applications-in-genomics-lecture-notes-in-electrical.pdf
    • http://www.gorillawalker.com/business-associations-agency-partnerships-llcs-and-corporations-2010-statutes-and.pdf
    • http://www.gorillawalker.com/dewhurst-s-practical-pediatric-and-adolescent-gynecology.pdf
    • http://www.gorillawalker.com/fayetteville-a-city-of-cultures-with-a-southern-accent-enterprise.pdf
    • http://www.gorillawalker.com/routledge-library-editions-modern-east-and-south-east-asia-communism.pdf
    • http://www.gorillawalker.com/the-fifth-book-of-peace.pdf
    • http://www.gorillawalker.com/the-gay-revolution-the-story-of-the-struggle.pdf
    • http://www.gorillawalker.com/beijing-tour-guide-cartoons.pdf
    • http://www.gorillawalker.com/don-t-let-the-pigeon-finish-this-activity-book.pdf
    • http://www.gorillawalker.com/five-children-and-it.pdf
    • http://www.gorillawalker.com/murder-in-the-queen-s-wardrobe-a-mistress-jaffrey-mystery.pdf
    • http://www.gorillawalker.com/learning-and-applying-solidworks-2010-2011.pdf
    • http://www.gorillawalker.com/the-digital-direct-marketing-goose-2nd-edition-14-tips-and.pdf
    • http://www.gorillawalker.com/birthday-suit.pdf
    • http://www.gorillawalker.com/betting-on-love-betting-on-love-1.pdf
    • http://www.gorillawalker.com/contract-interior-finishes-a-handbook-of-materials-products-and-applications.pdf
    • http://www.gorillawalker.com/god-s-keys-to-a-happy-life.pdf
    • http://www.gorillawalker.com/the-journal-of-irreproducible-results-selected-papers-a-selection-of.pdf
    • http://www.gorillawalker.com/the-role-of-interest-in-learning-and-development.pdf
    • http://www.gorillawalker.com/heal-the-resentment-in-your-marriage-how-to-get-your.pdf
    • http://www.gorillawalker.com/towards-a-mathematical-theory-of-complex-biological-systems-series-in.pdf
    • http://www.gorillawalker.com/tundra-37-a-new-dawn-2.pdf
    • http://www.gorillawalker.com/scottish-werebear-a-dangerous-business-a-bbw-bear-shifter-paranormal.pdf
    • http://www.gorillawalker.com/4-lieder-op-96-wir-wandelten-wir-zwei-no-2.pdf
    • http://www.gorillawalker.com/trigonometry-success-in-20-minutes-a-day.pdf
    • http://www.gorillawalker.com/the-snow-goose.pdf
    • http://www.gorillawalker.com/buddhist-revival-in-china-east-asian-series-no-33.pdf
    • http://www.gorillawalker.com/a-room-at-a-time-how-women-entered-party-politics.pdf
    • http://www.gorillawalker.com/emus-can-t-walk-backwards-another-round-of-dubious-pub.pdf
    • http://www.gorillawalker.com/stay-fresh-without-caffeine-in-3-steps-get-energy-kindle.pdf
    • http://www.gorillawalker.com/the-guide-to-owning-angelfish-diseases-varieties-care-species-breeding.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-and-christ-paperback-2007-author-rachelle-van-ryssen.pdf
    • http://www.gorillawalker.com/sundown-towns-a-hidden-dimension-of-american-racism.pdf
    • http://www.gorillawalker.com/coming-home.pdf
    • http://www.gorillawalker.com/working-for-a-better-world-god-neighbor-self.pdf
    • http://www.gorillawalker.com/an-annotated-bibliography-of-industrial-relations-and-the-small-firm.pdf
    • http://www.gorillawalker.com/industry-and-ethos-scotland-1832-1914-the-new-history-of.pdf
    • http://www.gorillawalker.com/shooting-field-with-holland-revised-revised-and-enlarged-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.