Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c3808daadc6493b…

MALICIOUS

PDF

45.7 KB Created: 2019-04-30 15:58:12 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: b0be3bcf2cd9ac85bc7f9095773413a9 SHA-1: d37688fdcfc13be38c8840fcf4d17c737fe0fab7 SHA-256: 4c3808daadc6493bfa41b706e7a4a0c0249de0a0acfb98ad6ca80c02968abe58
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The document body is heavily obfuscated but contains references to these URLs, suggesting a lure to external content. The primary attack pattern appears to be a link farm designed to manipulate search engine results or direct users to potentially malicious content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gale-encyclopedia-of-alternative-medicine-ayurvedic-medicine-html-digital.pdf
    • http://www.gorillawalker.com/bloody-roads-south-the-wilderness-to-cold-harbor-may-june.pdf
    • http://www.gorillawalker.com/assessment-of-planetary-protection-requirements-for-mars-sample-return-missions.pdf
    • http://www.gorillawalker.com/ballads-play-alongs-solos-for-flute-instrumental-folio.pdf
    • http://www.gorillawalker.com/your-path-to-the-kingdom-kindle-edition.pdf
    • http://www.gorillawalker.com/the-enigma-of-diversity-the-language-of-race-and-the.pdf
    • http://www.gorillawalker.com/walther-and-houston-s-orthodonitic-notes.pdf
    • http://www.gorillawalker.com/us-navy-seal-combat-manual.pdf
    • http://www.gorillawalker.com/wee-william-s-woman-the-clan-macdougall-series-kindle-edition.pdf
    • http://www.gorillawalker.com/jesse-shera-librarianship-and-information-science.pdf
    • http://www.gorillawalker.com/which-is-heavier-questions-answers-series.pdf
    • http://www.gorillawalker.com/a-certain-arrogance-the-sacrificing-of-lee-harvey-oswald-and.pdf
    • http://www.gorillawalker.com/fielding-s-guide-to-surfing-indonesia.pdf
    • http://www.gorillawalker.com/i-write-to-tell-you-of-a-baby-boy-born.pdf
    • http://www.gorillawalker.com/knuckle-sandwich-sometimes-rock-n-roll-hits-back.pdf
    • http://www.gorillawalker.com/sissy-boyfriend-4-sissy-slut-in-the-street.pdf
    • http://www.gorillawalker.com/florida-juvenile-law-and-practice-11th-edition-with-cd-rom.pdf
    • http://www.gorillawalker.com/ughegrutyun-mijnadaryan-haykakan-ughegrutyunner-armenian-edition.pdf
    • http://www.gorillawalker.com/his-lies-and-her-fears-someone-has-to-pay-and.pdf
    • http://www.gorillawalker.com/from-berlin-to-berkeley-german-jewish-identities.pdf
    • http://www.gorillawalker.com/a-study-of-endometriosis-endosalpingiosis-endocervicosis-and-peritoneo-ovarian-sclerosis.pdf
    • http://www.gorillawalker.com/advanced-yang-style-tai-chi-chuan-volume-2.pdf
    • http://www.gorillawalker.com/snowboarding-torque-books-action-sports.pdf
    • http://www.gorillawalker.com/hats-glove-footwear-clothing.pdf
    • http://www.gorillawalker.com/rock-and-roll-heaven-entrance-exam.pdf
    • http://www.gorillawalker.com/synthetic-lubricants-and-high-performance-functional-fluids-second-edition-revised.pdf
    • http://www.gorillawalker.com/the-adlerweg-the-eagle-s-way-across-the-austrian-tyrol.pdf
    • http://www.gorillawalker.com/the-art-and-science-of-cooking-a-collection-of-healthy.pdf
    • http://www.gorillawalker.com/thai-for-beginners-cds.pdf
    • http://www.gorillawalker.com/vegetarian-cooking-vege-crab-sticks-and-bean-sprouts-salad-vegetarian.pdf
    • http://www.gorillawalker.com/the-quest-for-maleness.pdf
    • http://www.gorillawalker.com/wage-theft-in-america-why-millions-of-working-americans-are.pdf
    • http://www.gorillawalker.com/chicano-and-chicana-literature-otra-voz-del-pueblo-the-mexican.pdf
    • http://www.gorillawalker.com/ecuador-photo-gallery-bundle-nature-photos-from-ecuador-s-rainforest.pdf
    • http://www.gorillawalker.com/in-the-vortex-of-the-cyclone-selected-poems-by-excilia.pdf
    • http://www.gorillawalker.com/optical-measurement-of-surface-topography.pdf
    • http://www.gorillawalker.com/the-sleeping-beauty-ballet-op-66-entr-acte-act-ii.pdf
    • http://www.gorillawalker.com/employment-law-in-scotland-second-edition.pdf
    • http://www.gorillawalker.com/how-to-survive-and-maybe-even-love-health-professions-school.pdf
    • http://www.gorillawalker.com/joy-of-cooking-1953-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.