Malicious PDF — malware analysis report

Static analysis result for SHA-256 37c0d0404c8c9c57…

MALICIOUS

PDF

39.5 KB Created: 2018-11-14 08:17:29 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: 4da833c312b1cb9985947001465780ef SHA-1: 1a58c310e9badad34d35b99c34c11032bbc5da8e SHA-256: 37c0d0404c8c9c5797224d8d797186294708ff17a5e255251df92cb775b73907
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to various PDF documents on gorillawalker.com. The ML classifier also assigned a high probability of maliciousness. This suggests the document's primary purpose is to act as a lure, potentially distributing further malware or leading users to phishing sites through the embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/reasons-for-belief-easy-to-understand-answers-to-10-essential.pdf
    • http://www.gorillawalker.com/the-black-and-white-handbook-the-ultimate-guide-to-monochrome.pdf
    • http://www.gorillawalker.com/white-sissies-for-black-masters.pdf
    • http://www.gorillawalker.com/la-magia-de-las-velas-ritos-y-ceremonias-spanish-edition.pdf
    • http://www.gorillawalker.com/los-brujos-del-poder-spanish-edition.pdf
    • http://www.gorillawalker.com/prosecution-and-adjudication-university-casebook-series.pdf
    • http://www.gorillawalker.com/the-band-in-her-belly-a-vore-story.pdf
    • http://www.gorillawalker.com/madmen-and-specialists-methuen-drama-modern-plays.pdf
    • http://www.gorillawalker.com/the-year-of-the-seal.pdf
    • http://www.gorillawalker.com/swiftly-heading-west.pdf
    • http://www.gorillawalker.com/breeder-kindle-edition.pdf
    • http://www.gorillawalker.com/christmas-favorites-for-recorder-book-recorder.pdf
    • http://www.gorillawalker.com/six-days-of-war.pdf
    • http://www.gorillawalker.com/battling-the-inland-sea-american-political-culture-public-policy-and.pdf
    • http://www.gorillawalker.com/envision-math-grade-6-common-core.pdf
    • http://www.gorillawalker.com/teoria-de-la-conducta-behavior-theory-avances-y-extensiones-developments.pdf
    • http://www.gorillawalker.com/dr-colbert-s-family-guide-to-health-4-pack-3.pdf
    • http://www.gorillawalker.com/something-from-nothing.pdf
    • http://www.gorillawalker.com/say-cheese-a-friendship-photo-file-american-girl-backpack-books.pdf
    • http://www.gorillawalker.com/an-applicant-s-guide-to-physician-assistant-school-and-practice.pdf
    • http://www.gorillawalker.com/guiana-maritime-boundaries.pdf
    • http://www.gorillawalker.com/unstoppable-confidence-how-to-use-the-power-of-nlp-to.pdf
    • http://www.gorillawalker.com/the-whisky-kitchen-100-ways-with-whisky-and-food.pdf
    • http://www.gorillawalker.com/method-for-trombone-cherry-classics-music.pdf
    • http://www.gorillawalker.com/algebraic-equations.pdf
    • http://www.gorillawalker.com/el-aborto-guerra-de-absolutos-politica-y-derecho-spanish-edition.pdf
    • http://www.gorillawalker.com/jelly-belly-original-nursery-rhymes.pdf
    • http://www.gorillawalker.com/the-best-ideas-from-the-democratic-party-over-the-past.pdf
    • http://www.gorillawalker.com/andromeda-french-horn-solo-eb-horn-with-piano-accompaniment.pdf
    • http://www.gorillawalker.com/maryland-real-estate-practice-law.pdf
    • http://www.gorillawalker.com/the-moral-complexities-of-eating-meat.pdf
    • http://www.gorillawalker.com/dk-essential-managers-green-business.pdf
    • http://www.gorillawalker.com/river-thunder.pdf
    • http://www.gorillawalker.com/study-guide-for-foundations-and-adult-health-nursing-5e.pdf
    • http://www.gorillawalker.com/lathering-up-her-kitty.pdf
    • http://www.gorillawalker.com/a-history-of-ala-policy-on-intellectual-freedom-a-supplement.pdf
    • http://www.gorillawalker.com/gestes-et-opinions-poesie-gallimard.pdf
    • http://www.gorillawalker.com/the-paleo-spiralizer-cookbook-gluten-free-easy-to-make-irresistible.pdf
    • http://www.gorillawalker.com/pakistan-smart-book.pdf
    • http://www.gorillawalker.com/high-blood-pressure-natural-solution-to-lower-your-blood-pressure.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.