Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c1e3d99e096f090…

MALICIOUS

PDF

43.6 KB Created: 2018-11-26 08:30:51 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: 33a6dd8b85777a79dfd62e739b31bcbd SHA-1: 127f791023905d660ef1e7008e00e3267cc440e2 SHA-256: 5c1e3d99e096f090b8ca02e18e9d3ed6ce3908b9607c8f68e5faab0c850df51e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/war-diaries-sartre.pdf
    • http://www.gorillawalker.com/rompe-el-hielo-c.pdf
    • http://www.gorillawalker.com/funny-fish-jeepers-peepers-board-book.pdf
    • http://www.gorillawalker.com/penny-and-her-song.pdf
    • http://www.gorillawalker.com/status-update.pdf
    • http://www.gorillawalker.com/the-plague-dogs-a-novel.pdf
    • http://www.gorillawalker.com/when-darkness-falls-2010-calendar.pdf
    • http://www.gorillawalker.com/point-of-origin.pdf
    • http://www.gorillawalker.com/calculus-and-its-applications-plus-mymathlab-with-pearson-etext-access.pdf
    • http://www.gorillawalker.com/big-reedy-church-of-christ-cemetery-in-black-white.pdf
    • http://www.gorillawalker.com/electrocrystallization-fundamentals-of-nucleation-and-growth.pdf
    • http://www.gorillawalker.com/discontinuum-mechanics-using-finite-and-discrete-elements.pdf
    • http://www.gorillawalker.com/can-a-renewal-movement-be-renewed-questions-for-the-future.pdf
    • http://www.gorillawalker.com/harmonies-of-heaven-and-earth-the-spiritual-dimensions-of-music.pdf
    • http://www.gorillawalker.com/history-of-lebanon-through-the-centuries-from-the-beginning-untill.pdf
    • http://www.gorillawalker.com/as-obras-primas-de-oscar-wilde-o-retrato-de-dorian.pdf
    • http://www.gorillawalker.com/will-i-ever-fit-in-how-to-master-the-tools.pdf
    • http://www.gorillawalker.com/the-best-of-freebsd-basics.pdf
    • http://www.gorillawalker.com/notes-from-underground-rock-music-counterculture-in-russia.pdf
    • http://www.gorillawalker.com/integrated-circuit-projects-volume-3.pdf
    • http://www.gorillawalker.com/magic-on-the-early-english-stage.pdf
    • http://www.gorillawalker.com/healthy-food-heaven-4-quick-and-easy-meals-kindle-edition.pdf
    • http://www.gorillawalker.com/bible-cover-small-navy-softhyde-leatherette.pdf
    • http://www.gorillawalker.com/telling-the-truth-the-gospel-as-tragedy-comedy-and-fairy.pdf
    • http://www.gorillawalker.com/five-fingers-the.pdf
    • http://www.gorillawalker.com/a-manual-of-the-operations-of-surgery-for-the-use.pdf
    • http://www.gorillawalker.com/doing-postgraduate-research-published-in-association-with-the-open-university.pdf
    • http://www.gorillawalker.com/best-supplements-for-men-s-health-strength-and-virility-a.pdf
    • http://www.gorillawalker.com/under-the-greenwood-picturing-the-british-tree-from-constable-to.pdf
    • http://www.gorillawalker.com/biochemistry-primer-for-exercise-science-4th-edition-by-tiidus-peter.pdf
    • http://www.gorillawalker.com/on-the-relationship-bet-faith-reason-united-states-catholic-conference.pdf
    • http://www.gorillawalker.com/gastrointestinal-pain-journal-for-those-suffering-from-irritable-bowel-syndrome.pdf
    • http://www.gorillawalker.com/percentage-racquetball.pdf
    • http://www.gorillawalker.com/the-georgia-dui-trial-practice-manual-2006-edition.pdf
    • http://www.gorillawalker.com/the-folksinger-s-guitar-guide-an-instruction-manual.pdf
    • http://www.gorillawalker.com/the-semitic-background-of-the-new-testament-biblical-resource-series.pdf
    • http://www.gorillawalker.com/frat-house-bimbo-feminization-sissification-erotica.pdf
    • http://www.gorillawalker.com/swap-how-trade-works-values-and-capitalism.pdf
    • http://www.gorillawalker.com/architecturally-exposed-structural-steel-specifications-connections-details.pdf
    • http://www.gorillawalker.com/questions-without-answers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.