Malicious PDF — malware analysis report

Static analysis result for SHA-256 08d21d8de7c2551b…

MALICIOUS

PDF

47.4 KB Created: 2018-11-30 20:56:25 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: d5e7cd7d270287ca80b2cfe373ef833b SHA-1: 375661ea63da728c8bc30f3e9a809957b860f993 SHA-256: 08d21d8de7c2551bf5223da9749d02236491ba97aaba2c22c9c2bf634640c1e9
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing indicating a link farm of external PDF documents, with the first URL being http://www.gorillawalker.com/gut-reaction-eating-plan.pdf. This suggests the document's primary purpose is to direct users to a large collection of other PDFs, likely for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gut-reaction-eating-plan.pdf
    • http://www.gorillawalker.com/abraham-s-the-forms-and-functions-of-tort-law-an.pdf
    • http://www.gorillawalker.com/developing-chinese-elementary-comprehensive-course-2-2nd-ed-w-mp3.pdf
    • http://www.gorillawalker.com/mira-un-libro-sobre-la-vista-nuestro-asombroso-cuerpo-los.pdf
    • http://www.gorillawalker.com/los-rituales-de-nacho-nacho-s-rituals-spanish-edition.pdf
    • http://www.gorillawalker.com/i-ve-lost-my-hippopotamus.pdf
    • http://www.gorillawalker.com/sister-sarah-s-georgia-lucky-address-finders-kindle-edition.pdf
    • http://www.gorillawalker.com/how-to-write-a-killer-act-essay.pdf
    • http://www.gorillawalker.com/keats-hermeticism-and-the-secret-societies-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/poison-pills-the-untold-story-of-the-vioxx-drug-scandal.pdf
    • http://www.gorillawalker.com/the-new-era-of-healthcare-practical-strategies-for-providers-and.pdf
    • http://www.gorillawalker.com/economics-and-demography-routledge-revivals.pdf
    • http://www.gorillawalker.com/martin-luther-und-das-buch-eine-historische-studie-zur-bedeutung.pdf
    • http://www.gorillawalker.com/prairie-river-2-a-grateful-harvest-volume-2.pdf
    • http://www.gorillawalker.com/di-fiore-s-atlas-of-histology-with-functional-correlations-cd.pdf
    • http://www.gorillawalker.com/my-heart-to-bear-a-bear-shifter-new-adult-romance.pdf
    • http://www.gorillawalker.com/the-confessions-of-nat-turner-and-related-documents-bedford-cultural.pdf
    • http://www.gorillawalker.com/little-folded-hands.pdf
    • http://www.gorillawalker.com/guide-to-komarom-esztergom-county.pdf
    • http://www.gorillawalker.com/oxford-english-reference-dictionary.pdf
    • http://www.gorillawalker.com/aids-the-making-of-a-chronic-disease.pdf
    • http://www.gorillawalker.com/presbyterian-questions-presbyterian-answers-exploring-christian-faith.pdf
    • http://www.gorillawalker.com/mathematics-in-games-sports-and-gambling-the-games-people-play.pdf
    • http://www.gorillawalker.com/for-yourself-the-fulfillment-of-female-sexuality.pdf
    • http://www.gorillawalker.com/autoimmune-disorders-increased-in-endometriosis-survey-of-3-680-women.pdf
    • http://www.gorillawalker.com/a-million-miles-in-a-thousand-years-what-i-learned.pdf
    • http://www.gorillawalker.com/guide-to-california-planning.pdf
    • http://www.gorillawalker.com/south-to-the-naktong-north-to-the-yalu-june-november.pdf
    • http://www.gorillawalker.com/a-northern-summer-or-travels-round-the-baltic-through-denmark.pdf
    • http://www.gorillawalker.com/the-human-church-in-the-presence-of-christ-the-congregation.pdf
    • http://www.gorillawalker.com/gifted-and-talented-nnat-practice-test-prep-for-kindergarten-and.pdf
    • http://www.gorillawalker.com/the-hostess-hospitality-femininity-and-the-expropriation-of-identity.pdf
    • http://www.gorillawalker.com/pencil-drawing-a-complete-drawing-kit-for-beginners-walter-foster.pdf
    • http://www.gorillawalker.com/la-verdadera-poes-a-castellana-floresta-de-la-antigua-l.pdf
    • http://www.gorillawalker.com/projektabwicklung-in-der-bauwirtschaft-prozessorientiert-wege-zur-win-win-situation.pdf
    • http://www.gorillawalker.com/gator-girl-the-answers-book-4.pdf
    • http://www.gorillawalker.com/lightning-over-yemen-a-history-of-the-ottoman-campaign-in.pdf
    • http://www.gorillawalker.com/virtually-embedded-the-librarian-in-an-online-environment.pdf
    • http://www.gorillawalker.com/asthma-and-hay-fever-positive-health-guide.pdf
    • http://www.gorillawalker.com/business-english-10th-edition-by-guffey-mary-ellen-seefer-carolyn.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.