Malicious PDF — malware analysis report

Static analysis result for SHA-256 10c5b1d506484af8…

MALICIOUS

PDF

45.1 KB Created: 2018-12-15 20:04:21 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: d85b95c1ea2ac8570b957b3e55e09186 SHA-1: 3983b6353698db61884cd7f40d4e6cc8d0db1447 SHA-256: 10c5b1d506484af8e0dc91ff1cd3eba605a393b1d064c5d510fb3ba10288593c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a vast collection of links, likely for SEO spam or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-paradox-of-china-s-post-mao-reforms-harvard-contemporary.pdf
    • http://www.gorillawalker.com/caa-region-2-north-scotland-east.pdf
    • http://www.gorillawalker.com/tagine-greats-80-delicious-tagine-recipes-the-top-80-moroccan.pdf
    • http://www.gorillawalker.com/moon-san-juan-islands-including-victoria-and-the-southern-gulf.pdf
    • http://www.gorillawalker.com/tuareg-jewelry-traditional-patterns-and-symbols.pdf
    • http://www.gorillawalker.com/travels-in-the-interior-districts-of-africa-performed-under-the.pdf
    • http://www.gorillawalker.com/clep-western-civilization-ii-1648-to-the-present-exam-flashcard.pdf
    • http://www.gorillawalker.com/the-best-american-short-stories-2003.pdf
    • http://www.gorillawalker.com/drug-toxicity-in-embryonic-dev-ii-adv-understanding-mechanisms-of.pdf
    • http://www.gorillawalker.com/instructional-design-frameworks-and-intercultural-models-premier-reference-source.pdf
    • http://www.gorillawalker.com/encyclopedia-of-afterlife-beliefs-and-phenomena.pdf
    • http://www.gorillawalker.com/design-of-3d-integrated-circuits-and-systems-devices-circuits-and.pdf
    • http://www.gorillawalker.com/race-the-origins-of-an-idea-1760-1850-key-issues.pdf
    • http://www.gorillawalker.com/strategic-and-tactical-considerations-on-the-fireground-study-guide-first.pdf
    • http://www.gorillawalker.com/handling-the-big-jets-an-explanation-of-the-significant-difference.pdf
    • http://www.gorillawalker.com/formula-one-yearbook-2007-2008.pdf
    • http://www.gorillawalker.com/fundamentals-of-voice-and-diction.pdf
    • http://www.gorillawalker.com/interventional-radiographic-techniques-computed-tomography-and-ultrasonography-1981.pdf
    • http://www.gorillawalker.com/reading-connections-3-from-academic-success-to-real-world-fluency.pdf
    • http://www.gorillawalker.com/rachel-s-affair-wife-cuckolds-submissive-bisexual-husband-bdsm-cuckold.pdf
    • http://www.gorillawalker.com/pablo-escobar-mi-padre-las-historias-que-no-deberiamos-saber.pdf
    • http://www.gorillawalker.com/fighters-over-the-falklands-defending-the-islanders-way-of-life.pdf
    • http://www.gorillawalker.com/the-sound-i-saw-improvisation-on-a-jazz-theme.pdf
    • http://www.gorillawalker.com/the-mountainous-west-explorations-in-historical-geography.pdf
    • http://www.gorillawalker.com/nederlandsche-bezittingen-in-azia-amerika-en-afrika-in-derzelver-toestand.pdf
    • http://www.gorillawalker.com/a-mother-who-prayed-arch-books.pdf
    • http://www.gorillawalker.com/mexican-paleo-recipes-healthy-delicious-gluten-free-mexican-recipes-to.pdf
    • http://www.gorillawalker.com/dvd-player-fundamentals.pdf
    • http://www.gorillawalker.com/little-book-of-cocktails-cordials-and-elixirs-duchess-of-northumberland.pdf
    • http://www.gorillawalker.com/how-to-draw-a-straight-line-a-lecture-on-linkages.pdf
    • http://www.gorillawalker.com/management-a-developing-country-perspective.pdf
    • http://www.gorillawalker.com/rourke-s-world-of-science-encyclopedia-10-volumes.pdf
    • http://www.gorillawalker.com/the-squiggly-stuff.pdf
    • http://www.gorillawalker.com/minding-the-stars-the-early-jack-vance-volume-four-kindle.pdf
    • http://www.gorillawalker.com/aventuras-y-novatadas-de-una-madre-primeriza-consejos-practicos-para.pdf
    • http://www.gorillawalker.com/halfway-hexed-a-southern-witch-novel.pdf
    • http://www.gorillawalker.com/preacher-s-outline-sermon-bible-niv-1-2-corinthians.pdf
    • http://www.gorillawalker.com/specter-debt-collector-11-kindle-edition.pdf
    • http://www.gorillawalker.com/neuropsychological-report-writing-evidence-based-practice-in-neuropsychology.pdf
    • http://www.gorillawalker.com/a-dictionary-of-medieval-terms-and-phrases.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.