Malicious PDF — malware analysis report

Static analysis result for SHA-256 254cce7100f0aaf0…

MALICIOUS

PDF

33.9 KB Created: 2019-09-18 16:21:58 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: 0a6ebb1329247b1a593182d746f923db SHA-1: a345233da40f58d7853fcb3834d487fc478e9128 SHA-256: 254cce7100f0aaf03be9a43324887787c3c2dfa5e7d37a0387465fb49a6311f4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links to other PDF files hosted on 'gorillawalker.com'. This suggests a link farm or SEO manipulation tactic. The embedded URLs are the primary indicators of malicious activity, directing users to a domain that hosts numerous PDF documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/spooky-doodles-ghostly-designs-to-complete-and-create.pdf
    • http://www.gorillawalker.com/messerschmitt-bf-110-me-210-me-410-an-illustrated-history.pdf
    • http://www.gorillawalker.com/mcat-test-prep-inorganic-chemistry-review-flashcards-mcat-study-guide.pdf
    • http://www.gorillawalker.com/destined-for-the-throne-how-spiritual-warfare-prepares-the-bride.pdf
    • http://www.gorillawalker.com/at-issue-series-performance-enhancing-drugs-hardcover-edition.pdf
    • http://www.gorillawalker.com/ultrasound-in-surgical-practice-basic-principles-and-clinical-applications.pdf
    • http://www.gorillawalker.com/marky-ramone-punk-rock-blitzkrieg.pdf
    • http://www.gorillawalker.com/hal-leonard-young-frankenstein-vocal-selections.pdf
    • http://www.gorillawalker.com/a-haiku-book-of-days-for-students-of-animals-birds.pdf
    • http://www.gorillawalker.com/t-cell-lymphomas-contemporary-hematology.pdf
    • http://www.gorillawalker.com/accentuate-the-negative-integers-and-rational-numbers-teacher-s-guide.pdf
    • http://www.gorillawalker.com/old-testament-theology-israel-s-faith-vol-2.pdf
    • http://www.gorillawalker.com/the-wakefield-legacy-the-untold-story-sweet-valley-saga.pdf
    • http://www.gorillawalker.com/the-positive-case-for-negative-campaigning.pdf
    • http://www.gorillawalker.com/nps-tinyscope-program-management-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-buildings-identifying-bilateral-and-rotational-symmetry-powermath.pdf
    • http://www.gorillawalker.com/mindfulness-for-beginners-how-to-live-in-the-moment-stress.pdf
    • http://www.gorillawalker.com/a-wild-deer-amid-soaring-pheonixes-the-opposition-poetics-of.pdf
    • http://www.gorillawalker.com/dare-to-dream-atr-vete-a-so-ar-another-sommer.pdf
    • http://www.gorillawalker.com/surgery-evidence-based-practice.pdf
    • http://www.gorillawalker.com/hanya-holm-a-pioneer-in-american-dance-choreography-and-dance.pdf
    • http://www.gorillawalker.com/pocket-guide-to-injectable-drugs-companion-to-hid-15th-edition.pdf
    • http://www.gorillawalker.com/s-stankovic-s-n-campbell-s-a-harries-s-urban.pdf
    • http://www.gorillawalker.com/functional-foods-and-nutrition.pdf
    • http://www.gorillawalker.com/sex-changes-a-memoir-of-marriage-gender-and-moving-on.pdf
    • http://www.gorillawalker.com/simple-and-easy-portuguese-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/migraine.pdf
    • http://www.gorillawalker.com/voluntary-sector-in-british-social-services-social-policy-in-modern.pdf
    • http://www.gorillawalker.com/can-you-feel-what-i-m-saying-an-erotic-anthology.pdf
    • http://www.gorillawalker.com/key-west-passion-for-cuba-s-liberty-historic-american-collection.pdf
    • http://www.gorillawalker.com/marketing-marketing.pdf
    • http://www.gorillawalker.com/engaging-the-curriculum-in-higher-education-society-for-research-into.pdf
    • http://www.gorillawalker.com/human-anatomy-taj-big-books.pdf
    • http://www.gorillawalker.com/kasparov-versus-deep-blue-computer-chess-comes-of-age.pdf
    • http://www.gorillawalker.com/the-conceptual-mind-new-directions-in-the-study-of-concepts.pdf
    • http://www.gorillawalker.com/property-management-made-easy-for-first-time-rental-property-owners.pdf
    • http://www.gorillawalker.com/intermediate-reading-practices-building-reading-vocabulary-skills-revised-edition.pdf
    • http://www.gorillawalker.com/family-history.pdf
    • http://www.gorillawalker.com/2012-obc-house-ontario-building-code-kindle-edition.pdf
    • http://www.gorillawalker.com/the-trusted-night.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.