Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ec58d5182903773…

MALICIOUS

PDF

42.3 KB Created: 2018-12-15 08:33:17 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext) First seen: 2019-01-20
MD5: b2cfe005e0549c13382369aebf8a2db7 SHA-1: 1233b19db61502f2ec05414672868450aa0691a9 SHA-256: 0ec58d5182903773491662a65ce59ac1c0d3c4ea13eb4d0c6ad33f2909ead7b1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The embedded URLs suggest an attempt to manipulate search engine results or distribute additional malicious content through a link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dawn-an-autobiography-of-early-youth.pdf In PDF document text
    • http://www.gorillawalker.com/taylor-s-weekend-gardening-guide-to-plants-for-problem-places.pdfIn PDF document text
    • http://www.gorillawalker.com/the-camargue-portrait-of-a-wilderness.pdfIn PDF document text
    • http://www.gorillawalker.com/writing-free.pdfIn PDF document text
    • http://www.gorillawalker.com/the-lady-fugitive.pdfIn PDF document text
    • http://www.gorillawalker.com/management-accounting-research-in-practice-lessons-learned-from-an-interventionist.pdfIn PDF document text
    • http://www.gorillawalker.com/golden-verses-of-pythagoras.pdfIn PDF document text
    • http://www.gorillawalker.com/midpoints-unleashing-the-power-of-the-planets.pdfIn PDF document text
    • http://www.gorillawalker.com/christ-s-poor-men-the-carthusians-in-britain.pdfIn PDF document text
    • http://www.gorillawalker.com/delmira-agustini-sexual-seduction-and-vampiric-conquest-major-figures-in.pdfIn PDF document text
    • http://www.gorillawalker.com/white-racism-a-psychohistory.pdfIn PDF document text
    • http://www.gorillawalker.com/bravo-brava-a-night-at-the-opera-behind-the-scenes.pdfIn PDF document text
    • http://www.gorillawalker.com/management-golf-what-s-your-handicap.pdfIn PDF document text
    • http://www.gorillawalker.com/scales-for-the-saxophones.pdfIn PDF document text
    • http://www.gorillawalker.com/of-the-serbia-palestinian-travel-japanese-language-book.pdfIn PDF document text
    • http://www.gorillawalker.com/linear-algebra-with-applications-by-leon-steve-2009-8th-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/british-india-and-british-scotland-1780-1830-career-building-empire.pdfIn PDF document text
    • http://www.gorillawalker.com/que-es-la-politica-what-is-politics-pensamiento-contemporaneo-spanish.pdfIn PDF document text
    • http://www.gorillawalker.com/rites-of-darkness.pdfIn PDF document text
    • http://www.gorillawalker.com/dark-rosaleen.pdfIn PDF document text
    • http://www.gorillawalker.com/purple-floral-bloom-large-8-5-x-11-2015-monthly.pdfIn PDF document text
    • http://www.gorillawalker.com/kg-200-the-luftwaffe-s-most-secret-unit.pdfIn PDF document text
    • http://www.gorillawalker.com/israel-travelogue-150-site-descriptions.pdfIn PDF document text
    • http://www.gorillawalker.com/universities-and-elite-formation-in-central-eastern-and-south-eastern.pdfIn PDF document text
    • http://www.gorillawalker.com/mathematical-recreations.pdfIn PDF document text
    • http://www.gorillawalker.com/life-together-the-classic-exploration-of-faith-in-community-unabridged.pdfIn PDF document text
    • http://www.gorillawalker.com/her-first-sandwich.pdfIn PDF document text
    • http://www.gorillawalker.com/cash-crop-to-cash-cow-the-history-of-tobacco-and.pdfIn PDF document text
    • http://www.gorillawalker.com/simple-tools-and-techniques-for-enterprise-risk-management-the-wiley.pdfIn PDF document text
    • http://www.gorillawalker.com/in-lubianka-s-shadow-the-memoirs-of-an-american-priest.pdfIn PDF document text
    • http://www.gorillawalker.com/fundamentals-of-human-resource-management-3rd-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/patience-fortitude-a-roving-chronicle-of-book-people-book-places.pdfIn PDF document text
    • http://www.gorillawalker.com/fundamental-analysis-and-position-trading-evolution-of-a-trader.pdfIn PDF document text
    • http://www.gorillawalker.com/health-fitness-management-second-edition-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/the-second-jeep-harris-a-time-travel-adventure-book-1.pdfIn PDF document text
    • http://www.gorillawalker.com/be-stupid-for-successful-living.pdfIn PDF document text
    • http://www.gorillawalker.com/a-box-full-of-lilly.pdfIn PDF document text
    • http://www.gorillawalker.com/yucatan-e-chiapas-lonely-planet-travel-guides-italian-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/the-baskerville-tales-short-stories-the-adventure-of-the-wollaston.pdfIn PDF document text
    • http://www.gorillawalker.com/making-camp-the-complete-guide-for-hikers-mountain-bikers-paddlers.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text