Malicious PDF — malware analysis report

Static analysis result for SHA-256 085e321adbab4025…

MALICIOUS

PDF

43.9 KB Created: 2018-12-11 20:05:28 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: dfd9fbf2fb3a631447eb963352a3a2f2 SHA-1: 71f002f6c1371f8a9f78ea248729b00345a700bc SHA-256: 085e321adbab402597d0483c7ae245ec82dc4fc889cc91484c9b41ceea9727d2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded links likely serve to direct users to potentially malicious content or for SEO manipulation purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/awakenings-a-translation-of-marcel-s-autobiography-en-chemin-vers.pdf
    • http://www.gorillawalker.com/the-counselor-intern-s-handbook-practicum-internship.pdf
    • http://www.gorillawalker.com/the-health-benefits-of-omega-3-fatty-acids-in-inflammatory.pdf
    • http://www.gorillawalker.com/the-pain-of-christ-and-the-sorrow-of-god.pdf
    • http://www.gorillawalker.com/book-of-common-prayer-enlarged-edition-701b-burgundy-by-prayer.pdf
    • http://www.gorillawalker.com/christmas-cooking-from-the-heart-volume-5.pdf
    • http://www.gorillawalker.com/bulletproof-diet-smoothies-25-quick-and-easy-bulletproof-diet-smoothie.pdf
    • http://www.gorillawalker.com/greek-endgame-from-austerity-to-growth-or-grexit.pdf
    • http://www.gorillawalker.com/good-governance-and-ancient-sanskrit-literature.pdf
    • http://www.gorillawalker.com/theology-politics-and-letters-at-the-crossroads-of-european-civilization.pdf
    • http://www.gorillawalker.com/sing-a-spring-song-with-mendelssohn-s-spring-song-felix.pdf
    • http://www.gorillawalker.com/brain-theory-biological-basis-and-computational-principles-kindle-edition.pdf
    • http://www.gorillawalker.com/the-other-10-commandments.pdf
    • http://www.gorillawalker.com/maps-and-mythology-what-israeli-records-reveal-about-the-land.pdf
    • http://www.gorillawalker.com/book-of-common-prayer-1588-hardcover.pdf
    • http://www.gorillawalker.com/leo-szilard-his-version-of-the-facts-selected-recollections-and.pdf
    • http://www.gorillawalker.com/the-chekhov-theatre-a-century-of-the-plays-in-performance.pdf
    • http://www.gorillawalker.com/introduction-to-managed-care.pdf
    • http://www.gorillawalker.com/greed-as-idolatry-the-origin-and-meaning-of-a-pauline.pdf
    • http://www.gorillawalker.com/allergic-and-respiratory-disease-in-sports-medicine.pdf
    • http://www.gorillawalker.com/no-nonsense-planning.pdf
    • http://www.gorillawalker.com/the-garden-of-eden-kathirene-kids-bible.pdf
    • http://www.gorillawalker.com/miami-dade-fl-atlas.pdf
    • http://www.gorillawalker.com/dyes-from-plants.pdf
    • http://www.gorillawalker.com/capitan-riley-spanish-edition-paperback.pdf
    • http://www.gorillawalker.com/sarah-boone-a-lowcountry-girl.pdf
    • http://www.gorillawalker.com/program-administration-scale-measuring-early-childhood-leadership-and-management-second.pdf
    • http://www.gorillawalker.com/the-art-of-conducting-technique-a-new-perspective-pal-video.pdf
    • http://www.gorillawalker.com/low-carb-french-cooking.pdf
    • http://www.gorillawalker.com/nfpa-101-life-safety-code-2015.pdf
    • http://www.gorillawalker.com/mindfulness-for-beginners-reclaiming-the-present-moment-and-your-life.pdf
    • http://www.gorillawalker.com/north-carolina-torts.pdf
    • http://www.gorillawalker.com/solving-problems-the-agile-way-agile-project-management-series.pdf
    • http://www.gorillawalker.com/computer-desktop-encyclopedia-9th-ed.pdf
    • http://www.gorillawalker.com/the-natural-healer-s-acupressure-handbook-g-jo-fingertip-technique.pdf
    • http://www.gorillawalker.com/hans-schwarz.pdf
    • http://www.gorillawalker.com/the-balanced-scorecard-translating-strategy-into-action-hardcover.pdf
    • http://www.gorillawalker.com/pagan-spain.pdf
    • http://www.gorillawalker.com/me-jay.pdf
    • http://www.gorillawalker.com/community-health-analysis-and-development-of-health-care-interventions-applying.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.