Malicious PDF — malware analysis report

Static analysis result for SHA-256 200a6568e22d736b…

MALICIOUS

PDF

42.8 KB Created: 2018-11-14 08:21:12 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: 97ba74287146add0370acdf9b1ba739f SHA-1: 8ab1b8b4acacede7de6db93b3f23b0e4b5ec3214 SHA-256: 200a6568e22d736b139570b60f13e57f3a3779fae2ef3c825c84552f6d0734b2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/italian-recipes-for-a-flat-belly-and-mexican-recipes-for.pdf
    • http://www.gorillawalker.com/o-pazo-baleiro-the-palace-blank-cuentos-mitos-y-libros.pdf
    • http://www.gorillawalker.com/traded-to-the-orc-king-orc-erotica.pdf
    • http://www.gorillawalker.com/1001-basic-phrases-english-norwegian.pdf
    • http://www.gorillawalker.com/core-management-in-procurement-and-supply.pdf
    • http://www.gorillawalker.com/ride-the-lightning-a-shikar-story.pdf
    • http://www.gorillawalker.com/adv-blues-etudes-12-keys-advanced-in-all-twelve-keys.pdf
    • http://www.gorillawalker.com/aurora-australis.pdf
    • http://www.gorillawalker.com/photoshop-for-interior-designers-a-nonverbal-communication.pdf
    • http://www.gorillawalker.com/pinocchio-learns-to-love-caramel-tree-readers-level-2.pdf
    • http://www.gorillawalker.com/blood-worka-tale-of-medicine-and-murder-in-the-scientific.pdf
    • http://www.gorillawalker.com/business-and-society-a-strategic-approach-to-social-responsibility-available.pdf
    • http://www.gorillawalker.com/mature-milf-s-adult-photo-ebook-with-naked-wives-from.pdf
    • http://www.gorillawalker.com/auto-service-and-repair.pdf
    • http://www.gorillawalker.com/scorched-a-collection-of-short-stories-on-survivors-library-of.pdf
    • http://www.gorillawalker.com/the-golfer-s-cookbook.pdf
    • http://www.gorillawalker.com/art-classic-reprint.pdf
    • http://www.gorillawalker.com/wickedrecipes-30-days-of-smoothies.pdf
    • http://www.gorillawalker.com/how-why-wonder-book-of-rockets-missiles.pdf
    • http://www.gorillawalker.com/billy-the-kid-the-best-writings-on-the-infamous-outlaw.pdf
    • http://www.gorillawalker.com/mama-one-mama-two.pdf
    • http://www.gorillawalker.com/sense-and-nonsense-of-statistical-inference-controversy-misuse-and-subtlety.pdf
    • http://www.gorillawalker.com/italy-aaa-budget-guide.pdf
    • http://www.gorillawalker.com/strategic-sports-event-management-an-international-approach-hospitality-leisure-and.pdf
    • http://www.gorillawalker.com/climate-change-impacts-on-ocean-and-coastal-law-u-s.pdf
    • http://www.gorillawalker.com/differentiable-manifolds-modern-birkh-user-classics.pdf
    • http://www.gorillawalker.com/the-history-of-armies-around-the-world-world-s-armed.pdf
    • http://www.gorillawalker.com/the-boundary-integral-equation-method-in-axisymmetric-stress-analysis-problems.pdf
    • http://www.gorillawalker.com/short-too.pdf
    • http://www.gorillawalker.com/the-peach-seed.pdf
    • http://www.gorillawalker.com/the-lessons-learned-handbook-practical-approaches-to-learning-from-experience.pdf
    • http://www.gorillawalker.com/figure-skating-the-story-of-canadians-in-the-olympic-winter.pdf
    • http://www.gorillawalker.com/harry-the-hypno-potamus-metaphorical-tales-for-the-treatment-of.pdf
    • http://www.gorillawalker.com/on-human-conduct.pdf
    • http://www.gorillawalker.com/stepbrother-dearest-bachelorette-party-a-taboo-erotic-short-story.pdf
    • http://www.gorillawalker.com/stand-tall-every-woman-s-guide-to-preventing-and-treating.pdf
    • http://www.gorillawalker.com/the-gaelic-otherworld-superstitions-of-the-highlands-and-islands-of.pdf
    • http://www.gorillawalker.com/distributive-lattices.pdf
    • http://www.gorillawalker.com/3-cushion-billiard-systems-billiard-secrets-from-a-professional-amateur.pdf
    • http://www.gorillawalker.com/adolescent-medicine-an-issue-of-primary-care-clinics-in-office.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.