Malicious PDF — malware analysis report

Static analysis result for SHA-256 4bc2eed881e8d535…

MALICIOUS

PDF

45.5 KB Created: 2018-11-30 20:09:12 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: 4089e7b824d828ba277620292e15c4f5 SHA-1: e9a67d8d4cc2475daf639c65b0cb6dfd055667df SHA-256: 4bc2eed881e8d535ca16087d5fecab81baff0e47a7f873d9503be3aedabae964
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links pointing to external PDF documents, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dominican-action-1965-intervention-or-cooperation-special-report-series-july.pdf
    • http://www.gorillawalker.com/capybaras-fisher-price-animals-of-the-rainforest.pdf
    • http://www.gorillawalker.com/windham-werewolves-teil-1-der-mond-des-j-gers-windham.pdf
    • http://www.gorillawalker.com/electrical-motor-controls-and-circuits-howard-w-sams-photofact-publication.pdf
    • http://www.gorillawalker.com/the-animated-dukes-a-brbtv-report-brbtv-reports-book-2.pdf
    • http://www.gorillawalker.com/lure-of-the-sinister-the-unnatural-history-of-satanism.pdf
    • http://www.gorillawalker.com/c-primer-plus-6th-edition-developer-s-library-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hat.pdf
    • http://www.gorillawalker.com/toy-story-3-the-essential-guide.pdf
    • http://www.gorillawalker.com/recuentos-para-demian-spanish-edition.pdf
    • http://www.gorillawalker.com/storms-in-space.pdf
    • http://www.gorillawalker.com/bob-marley-legend.pdf
    • http://www.gorillawalker.com/making-your-own-wine-beer-and-soft-drinks-a-garden.pdf
    • http://www.gorillawalker.com/hazards-of-optical-radiation-a-guide-to-sources-uses-and.pdf
    • http://www.gorillawalker.com/how-to-land-a-top-paying-archivists-job-your-complete.pdf
    • http://www.gorillawalker.com/sense-and-sensibility-collins-classics.pdf
    • http://www.gorillawalker.com/life-one-tough-assignment-who-you-really-are-a-day.pdf
    • http://www.gorillawalker.com/spymaster-startling-cold-war-revelations-of-a-soviet-kgb-chief.pdf
    • http://www.gorillawalker.com/amp-rebellion.pdf
    • http://www.gorillawalker.com/signals-and-systems-continuous-and-discrete.pdf
    • http://www.gorillawalker.com/land-stewardship-and-legitimacy-endangered-species-policy-in-canada-and.pdf
    • http://www.gorillawalker.com/stealing-nazi-secrets-in-world-war-ii-an-interactive-espionage.pdf
    • http://www.gorillawalker.com/gentil-montana-works-for-guitar-vol-1-suite-colombiana-no.pdf
    • http://www.gorillawalker.com/the-biology-and-troubleshooting-of-facultative-lagoons-wastewater-microbiology.pdf
    • http://www.gorillawalker.com/anatomy-flash-cards-anatomy-on-the-go-thieme-anatomy.pdf
    • http://www.gorillawalker.com/ravaged-by-ghosts-collection-mmmf-paranormal-erotica-haunted-book-1.pdf
    • http://www.gorillawalker.com/android-for-programmers-an-app-driven-approach-2nd-edition-deitel.pdf
    • http://www.gorillawalker.com/espresso-with-the-headhunters-a-journey-through-the-jungles-of.pdf
    • http://www.gorillawalker.com/the-new-2015-complete-guide-to-minecraft-herobrine-game-cheats.pdf
    • http://www.gorillawalker.com/c-mo-hacer-postres-saludables-sin-horno-spanish-edition.pdf
    • http://www.gorillawalker.com/jazz-age-ladies-fashions-coloring-book-for-grownups.pdf
    • http://www.gorillawalker.com/sophie-s-surrender-viper-s-dungeon-4-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/hate-thy-neighbor-move-in-violence-and-the-persistence-of.pdf
    • http://www.gorillawalker.com/allies-assassins.pdf
    • http://www.gorillawalker.com/it-matters-totally-healing-food-addiction-with-a-course-in.pdf
    • http://www.gorillawalker.com/the-2011-2016-outlook-for-bioinformatics-software-for-predictive-modeling.pdf
    • http://www.gorillawalker.com/intelligent-fear-how-to-make-fear-work-for-you.pdf
    • http://www.gorillawalker.com/how-to-make-a-million-dollars-an-hour-unabridged-audible.pdf
    • http://www.gorillawalker.com/atlas-caminero-de-chile.pdf
    • http://www.gorillawalker.com/ustinov-in-russia.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.