Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a774dd3bee069c4…

MALICIOUS

PDF

34.7 KB Created: 2019-12-09 23:06:32 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: a2657a04cc7c65dbfe2ea44c1d6b4328 SHA-1: b9ed84b9eb4535a175ac67fad302a0e0ce600b86 SHA-256: 1a774dd3bee069c4ab1771933c8e476e1e7fd2557fb52a099673113063c145ec
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com, indicating a link farm designed to lure users into downloading potentially malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bleach-vol-61.pdf
    • http://www.gorillawalker.com/seapower-and-naval-warfare-1650-1830-warfare-and-history.pdf
    • http://www.gorillawalker.com/the-kinematics-of-mixing-stretching-chaos-and-transport-cambridge-texts.pdf
    • http://www.gorillawalker.com/logistics-fulfillment-for-e-business-a-practical-guide-to-mastering.pdf
    • http://www.gorillawalker.com/one-world-in-school-a-bibliography-american-teachers-association-studies.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-military-aircraft-an-illustrated-history.pdf
    • http://www.gorillawalker.com/northern-knight-the-anarchy-england-1120-1180-book-3.pdf
    • http://www.gorillawalker.com/i-terribili-due-italian-edition.pdf
    • http://www.gorillawalker.com/beautiful-companion-collection-of-photographs-japanese-edition.pdf
    • http://www.gorillawalker.com/wicked-willow-ii-shattered-twilight-buffy-the-vampire-slayer.pdf
    • http://www.gorillawalker.com/the-british-boxlock-gun-rifle.pdf
    • http://www.gorillawalker.com/organizational-change-themes-and-issues.pdf
    • http://www.gorillawalker.com/philosophy-of-language-a-contemporary-introduction-2nd-edition.pdf
    • http://www.gorillawalker.com/yoga-the-iyengar-way.pdf
    • http://www.gorillawalker.com/the-magic-garden-of-george-b-and-other-logic-puzzles.pdf
    • http://www.gorillawalker.com/harry-potter-and-philosophy-if-aristotle-ran-hogwarts.pdf
    • http://www.gorillawalker.com/die-rosenberg-papiere-die-suche-nach-den-verschollenen-tageb-chern.pdf
    • http://www.gorillawalker.com/clothing-ritual-and-society-in-tenganan-pegeringsingan-bali-indonesia-with.pdf
    • http://www.gorillawalker.com/erotic-photography-anime-4-erotic-sex-stories-voyeur-erotic-books.pdf
    • http://www.gorillawalker.com/pharmaceutical-formulation-development-of-peptides-and-proteins-taylor-francis-series.pdf
    • http://www.gorillawalker.com/tech-anxiety-artificial-intelligence-and-ontological-awakening-in-four-science.pdf
    • http://www.gorillawalker.com/play-piano-with-coldplay-piano-vocal-guitar-artist-songbook.pdf
    • http://www.gorillawalker.com/corba-3.pdf
    • http://www.gorillawalker.com/no-one-will-let-her-live-women-s-struggle-for.pdf
    • http://www.gorillawalker.com/over-in-australia-amazing-animals-down-under.pdf
    • http://www.gorillawalker.com/disney-once-upon-a-time-2016-calendar.pdf
    • http://www.gorillawalker.com/handbook-of-medicinal-mints-aromathematics-phytochemicals-and-biological-acti.pdf
    • http://www.gorillawalker.com/schmuck-als-urbaner-prozess-artistic-interventions-in-urban-space-documentation.pdf
    • http://www.gorillawalker.com/essay-tutor-for-the-bar-exam-details-pass-the-bar.pdf
    • http://www.gorillawalker.com/you-are-mine-mine-1-kindle-edition.pdf
    • http://www.gorillawalker.com/my-diary-my-horse-and-me-kindle-edition.pdf
    • http://www.gorillawalker.com/a-companion-to-luis-de-molina-brill-s-companions-to.pdf
    • http://www.gorillawalker.com/social-sensing-building-reliable-systems-on-unreliable-data.pdf
    • http://www.gorillawalker.com/living-with-angina-a-cardiologist-s-guide-to-dealing-with.pdf
    • http://www.gorillawalker.com/250-kentucky-dmv-practice-test-questions-kindle-edition.pdf
    • http://www.gorillawalker.com/clinical-pharmacology-during-pregnancy.pdf
    • http://www.gorillawalker.com/non-state-justice-institutions-and-the-law-decision-making-at.pdf
    • http://www.gorillawalker.com/origen-an-exhortation-to-martyrdom-prayer-and-selected-works.pdf
    • http://www.gorillawalker.com/the-essence-of-the-heart-sutra-the-dalai-lama-s.pdf
    • http://www.gorillawalker.com/calixarenes-monographs-in-supramolecular-chemistry.pdf
    • http://www.gorillawalker.com/the-magic-garden-of-george-b-and-other-lo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.