Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d20aae90fac0107…

MALICIOUS

PDF

42.8 KB Created: 2018-11-14 20:02:50 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: f3ccf495f795f2f0aebf39676ecf1b4b SHA-1: 8ebdc44efb20d40c032cf15032c2f7336a822ebe SHA-256: 0d20aae90fac01074fa9c1533b70bea84cf31e26bd36750231366d528fc4ef3c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document that contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/women-s-lives-men-s-laws.pdf
    • http://www.gorillawalker.com/losing-a-love-finding-a-life-healing-the-pain-of.pdf
    • http://www.gorillawalker.com/children-in-tort-law-part-ii-children-as-victims-tort.pdf
    • http://www.gorillawalker.com/i-puritani-vocal-score-by-vincenzo-bellini-for-piano-vocal.pdf
    • http://www.gorillawalker.com/radio-advertising-and-commercial-production.pdf
    • http://www.gorillawalker.com/french-key-words-the-basic-2-000-word-vocabulary-in.pdf
    • http://www.gorillawalker.com/the-oera-linda-book-from-a-manuscript-of-the-thirteenth.pdf
    • http://www.gorillawalker.com/slitherlink-mixed-grids-large-print-easy-to-hard-volume-5.pdf
    • http://www.gorillawalker.com/cake-angels-amazing-gluten-wheat-and-dairy-free-cakes.pdf
    • http://www.gorillawalker.com/future-times-future-tenses-oxford-studies-of-time-in-language.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-paraguay.pdf
    • http://www.gorillawalker.com/imagining-culture-new-world-narrative-and-the-writing-of-canada.pdf
    • http://www.gorillawalker.com/the-world-factbook-with-maps-2013-14.pdf
    • http://www.gorillawalker.com/seis-sigma-six-sigma-guia-para-principiantes-guide-for-beginners.pdf
    • http://www.gorillawalker.com/when-stories-clash-addressing-conflict-with-narrative-mediation-focus-book.pdf
    • http://www.gorillawalker.com/study-guide-physical-geology-4th-edition-leet-judson.pdf
    • http://www.gorillawalker.com/the-church-of-dead-girls-a-novel.pdf
    • http://www.gorillawalker.com/medicare-will-cover-lvrs-for-certain-patient-groups-based-on.pdf
    • http://www.gorillawalker.com/food-security-and-food-safety-for-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/a-journey-in-siam-1863.pdf
    • http://www.gorillawalker.com/the-world-s-best-shoots.pdf
    • http://www.gorillawalker.com/rymes-of-robyn-hood-an-introduction-to-the-english-outlaw.pdf
    • http://www.gorillawalker.com/through-a-midnight-s-mist-blaqjaq-and-nickerson-book-3.pdf
    • http://www.gorillawalker.com/shakespeares-language.pdf
    • http://www.gorillawalker.com/communicating-with-medical-patients-sage-series-in-interpersonal-communication.pdf
    • http://www.gorillawalker.com/hidden-georgia-2-ed-including-atlanta-savannah-jekyll-island-and.pdf
    • http://www.gorillawalker.com/the-rebel-wife-a-novel.pdf
    • http://www.gorillawalker.com/journey-of-decision-a-way-of-the-cross-advent-christmas.pdf
    • http://www.gorillawalker.com/the-portable-mba-in-strategy-portable-mba-series.pdf
    • http://www.gorillawalker.com/everything-paleo-all-you-need-to-know-about-paleo-health.pdf
    • http://www.gorillawalker.com/symbols-signs-and-letters-about-handwriting-experimenting-with-alphabets-and.pdf
    • http://www.gorillawalker.com/blender-baby-food-over-175-recipes-for-healthy-homemade-meals.pdf
    • http://www.gorillawalker.com/quantitative-analysis-for-management-12th-edition.pdf
    • http://www.gorillawalker.com/elements-of-language-tennessee-tcap-prep-workbook-grade-6.pdf
    • http://www.gorillawalker.com/abdu-l-baha-in-their-midst.pdf
    • http://www.gorillawalker.com/business-law-legal-environment-online-commerce-business-ethics-and-international.pdf
    • http://www.gorillawalker.com/hot-wheels-variations-the-ultimate-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/sopa-de-pollo-para-alma-de-la-mujer-relatos-que.pdf
    • http://www.gorillawalker.com/what-encourages-gang-behavior-at-issue-series.pdf
    • http://www.gorillawalker.com/liquid-polymorphism-advances-in-chemical-physics-152-by-stanley-h.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.