Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d2168ee7edb6ba2…

MALICIOUS

PDF

44.6 KB Created: 2019-03-17 07:49:39 +03:00 Authoring application: -
MD5: 636744d2ea07eefcbaf1fad4856d27da SHA-1: c962c174d159e0fdaff4f3783388300bba03e11a SHA-256: 0d2168ee7edb6ba2c0715c4924ecca237a9e999db7f15d29970ed55a6249fddb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain gorillawalker.com. This behavior is indicative of a link farm or a method to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-abcs-of-teacher-parent-communication-abc-series.pdf
    • http://www.gorillawalker.com/medico-legal-investigation-of-gunshot-wounds.pdf
    • http://www.gorillawalker.com/the-power-of-a-praying-teen.pdf
    • http://www.gorillawalker.com/nanostructured-semiconductors-from-basic-research-to-applications.pdf
    • http://www.gorillawalker.com/spenser-and-the-rocks-nsta-kids-i-wonder-why-series.pdf
    • http://www.gorillawalker.com/bni-building-news-general-construction-costbook-1992.pdf
    • http://www.gorillawalker.com/center-line-kindle-edition.pdf
    • http://www.gorillawalker.com/edwin-hubble-mariner-of-the-nebulae.pdf
    • http://www.gorillawalker.com/and-the-whippoorwill-sang.pdf
    • http://www.gorillawalker.com/hurricane-katrina-lessons-for-army-planning-and-operations.pdf
    • http://www.gorillawalker.com/spain-and-portugal-insight-travel-atlas.pdf
    • http://www.gorillawalker.com/the-tibetan-book-of-the-dead-the-great-liberation-through.pdf
    • http://www.gorillawalker.com/capturing-kylie-slick-rock-9-siren-publishing-menage-everlasting-slick.pdf
    • http://www.gorillawalker.com/a-companion-to-foucault.pdf
    • http://www.gorillawalker.com/occlusal-registration-for-edentulous-patients-dental-technique-series-vol-5.pdf
    • http://www.gorillawalker.com/speculative-identities-contemporary-italian-women-s-narrative-italian-perspectives.pdf
    • http://www.gorillawalker.com/think-smart-a-neuroscientist-s-prescription-for-improving-your-brain.pdf
    • http://www.gorillawalker.com/x-rays-in-atomic-and-nuclear-physics.pdf
    • http://www.gorillawalker.com/actitud-mental-positiva-positive-mental-attitude-la-clave-del-exito.pdf
    • http://www.gorillawalker.com/gem-the-caterpillar.pdf
    • http://www.gorillawalker.com/good-clinical-practice-a-question-answer-reference-guide-may-2011.pdf
    • http://www.gorillawalker.com/how-to-deal-with-stress-stress-management-techniques-that-teach.pdf
    • http://www.gorillawalker.com/raven-s-village-the-myths-arts-and-traditions-of-native.pdf
    • http://www.gorillawalker.com/the-prehistory-of-southern-rhodesia.pdf
    • http://www.gorillawalker.com/america-s-greatest-game-the-real-story-of-football-and.pdf
    • http://www.gorillawalker.com/yamaha-road-star-1999-2007-manual-does-not-cover-xv1700p.pdf
    • http://www.gorillawalker.com/supervision-in-the-helping-professions-supervision-in-context.pdf
    • http://www.gorillawalker.com/microsoft-sharepoint-2013-fur-dummies-german-edition.pdf
    • http://www.gorillawalker.com/kinfolk-volume-15-discovering-new-things-to-cook-make-and.pdf
    • http://www.gorillawalker.com/endoscopic-surgery-in-infants-and-children.pdf
    • http://www.gorillawalker.com/nikon-coolpix-p7100-the-expanded-guide.pdf
    • http://www.gorillawalker.com/la-reconciliacion-guia-del-catequista-cursos-de-primaria-para-usarse.pdf
    • http://www.gorillawalker.com/loving-rachel-a-family-s-journey-from-grief.pdf
    • http://www.gorillawalker.com/l-carnitine.pdf
    • http://www.gorillawalker.com/pinpoint.pdf
    • http://www.gorillawalker.com/sisters-of-the-sea-anne-bonny-mary-read-pirates-of.pdf
    • http://www.gorillawalker.com/men-are-chattel.pdf
    • http://www.gorillawalker.com/fire-engines-from-around-the-world-an-illustrated-directory-of.pdf
    • http://www.gorillawalker.com/betty-crocker-20-best-burger-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/let-s-study-philippians-let-s-study-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.