Malicious PDF — malware analysis report

Static analysis result for SHA-256 500caaf6f4c53438…

MALICIOUS

PDF

43.5 KB Created: 2019-03-17 10:24:13 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: f6a59e1d34ca36ca6921712934f09d80 SHA-1: 301709bb63fb8c84ffeaa6851bfa7ef20dd46294 SHA-256: 500caaf6f4c53438d88297d2b6bc92c706a26860294f25ee6c994ccaf8d177ed
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a PDF SEO link farm, a technique often used to manipulate search engine rankings or to distribute malicious content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-journal-of-finance-cumulative-index-volumes-1-38-1946.pdf
    • http://www.gorillawalker.com/dark-tourism-and-crime-advances-in-tourism.pdf
    • http://www.gorillawalker.com/a-first-book-of-brahms-26-arrangements-for-the-beginning.pdf
    • http://www.gorillawalker.com/digital-broadcasting-an-introduction-to-new-media-bloomsbury-new-media.pdf
    • http://www.gorillawalker.com/common-sense-and-other-political-writing-american-heritage-series.pdf
    • http://www.gorillawalker.com/damages-kindle-edition.pdf
    • http://www.gorillawalker.com/everyone-s-money-book.pdf
    • http://www.gorillawalker.com/oral-and-maxillofacial-surgery-at-a-glance.pdf
    • http://www.gorillawalker.com/donate-your-weight-the-stress-free-program-to-stop-dieting.pdf
    • http://www.gorillawalker.com/my-wife-my-slave-ii.pdf
    • http://www.gorillawalker.com/designing-circuit-boards-with-eagle-make-high-quality-pcbs-at.pdf
    • http://www.gorillawalker.com/juli-bauer-s-paleo-cookbook-over-100-gluten-free-recipes.pdf
    • http://www.gorillawalker.com/100-african-americans-who-shaped-american-history-100-series-kindle.pdf
    • http://www.gorillawalker.com/connecticut-this-land-is-your-land.pdf
    • http://www.gorillawalker.com/the-rose-beyond.pdf
    • http://www.gorillawalker.com/i-want-to-play-childrens-problem-solving-series.pdf
    • http://www.gorillawalker.com/microsoft-word-97-at-a-glance-at-a-glance-microsoft.pdf
    • http://www.gorillawalker.com/biomechanics-of-human-gait-ibm-compatible-2-3-5-disks.pdf
    • http://www.gorillawalker.com/the-oxford-movement-europe-and-the-wider-world-1830-1930.pdf
    • http://www.gorillawalker.com/the-runes-workbook-a-step-by-step-guide-to-learning.pdf
    • http://www.gorillawalker.com/betwixt-and-between-patterns-of-masculine-and-feminine-initiation.pdf
    • http://www.gorillawalker.com/the-spice-box-vegetarian-indian-cookbook.pdf
    • http://www.gorillawalker.com/handbook-of-psychiatric-drugs-2008-edition.pdf
    • http://www.gorillawalker.com/computer-network-software-and-hardware-engineering-with-applications.pdf
    • http://www.gorillawalker.com/microtrends-the-small-forces-behind-tomorrow-s-big-changes.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-for-moving-to-bali.pdf
    • http://www.gorillawalker.com/how-to-be-a-lady-revised-and-updated-a-contemporary.pdf
    • http://www.gorillawalker.com/love-from-the-shadows-love-and-rockets.pdf
    • http://www.gorillawalker.com/the-making-of-the-railway-children.pdf
    • http://www.gorillawalker.com/restoring-tuning-using-classic-woodworking-tools-updated-and-updated-edition.pdf
    • http://www.gorillawalker.com/christian-s-great-interest-puritan-paperbacks.pdf
    • http://www.gorillawalker.com/from-watt-to-clausius-the-rise-of-thermodynamics-in-the.pdf
    • http://www.gorillawalker.com/praying-at-easter.pdf
    • http://www.gorillawalker.com/the-raven-a-biography-of-sam-houston.pdf
    • http://www.gorillawalker.com/round-games-with-cards-a-practical-treatise-on-all-the.pdf
    • http://www.gorillawalker.com/the-bartender-s-guide-to-mixing-600-cocktails-drinks-everything.pdf
    • http://www.gorillawalker.com/we-had-stars-once.pdf
    • http://www.gorillawalker.com/illustrated-encyclopaedia-who-s-who-of-princely-states-in-indian.pdf
    • http://www.gorillawalker.com/no-surrender-my-thirty-year-war-translated-by-charles-s.pdf
    • http://www.gorillawalker.com/mitos-griegos-greek-myths-cucana-spanish-edition.pdf
    • http://www.gorillawalker.com/common-sens
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.