Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b4f9a858fd75aa4…

MALICIOUS

PDF

44.9 KB Created: 2019-02-13 02:15:46 +03:00 Authoring application: Word (via Mac OS X 10.8.5 Quartz PDFContext)
MD5: a8c69cb69d237b28fe0ed4cce7659b98 SHA-1: e76310a60dfe1766d0c5b25f387d53564148cbf2 SHA-256: 6b4f9a858fd75aa48a57b03071031dfca37d56b7ff7d5c982b6cc11987fbdee4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to a high volume of content on a single domain, potentially for malicious purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hot-rods-and-cool-rides-coloring-book.pdf
    • http://www.gorillawalker.com/das-klagende-lied-vocal-score.pdf
    • http://www.gorillawalker.com/three-sisters-emily-castles-mysteries.pdf
    • http://www.gorillawalker.com/mushrooms-of-america-edible-and-poisonous.pdf
    • http://www.gorillawalker.com/proceedings-of-the-fifth-international-symposium-on-organic-solid-state.pdf
    • http://www.gorillawalker.com/chemical-exposures-low-levels-and-high-stakes-2nd-edition.pdf
    • http://www.gorillawalker.com/fantasy-inc.pdf
    • http://www.gorillawalker.com/specimen-sight-reading-tests-for-violin-grades-6-8.pdf
    • http://www.gorillawalker.com/west-tatra-mountains-slovakia-poland-1-50-000-hiking-map.pdf
    • http://www.gorillawalker.com/common-pitfalls-in-the-evaluation-and-management-of-headache-case.pdf
    • http://www.gorillawalker.com/elfstruck-a-taryn-malloy-fantasy-book-2.pdf
    • http://www.gorillawalker.com/beginning-scribus.pdf
    • http://www.gorillawalker.com/neoplasms-of-the-lung-based-on-the-proceedings-of-the.pdf
    • http://www.gorillawalker.com/communication-skills-profile.pdf
    • http://www.gorillawalker.com/en-busca-de-los-mayas-los-primeros-arque-logos-spanish.pdf
    • http://www.gorillawalker.com/temptation-takes-over-sexy-interracial-bwwm-erotica-from-steam-books.pdf
    • http://www.gorillawalker.com/the-debate-over-human-cloning-a-pro-con-issue.pdf
    • http://www.gorillawalker.com/keep-your-brain-sharp-a-teach-yourself-guide-teach-yourself.pdf
    • http://www.gorillawalker.com/practical-emergency-and-critical-care-veterinary-nursing-by-aldridge-paul.pdf
    • http://www.gorillawalker.com/ase-test-preparation-series-school-bus-s5-suspension-and-steering.pdf
    • http://www.gorillawalker.com/how-to-start-and-make-a-conversation-how-to-talk.pdf
    • http://www.gorillawalker.com/swinging-with-the-chief-s-wife-the-detective-preferred-milf.pdf
    • http://www.gorillawalker.com/the-case-of-the-grandfather-clock-church-choir-mysteries-22.pdf
    • http://www.gorillawalker.com/the-36-hour-day-a-family-guide-to-caring-for.pdf
    • http://www.gorillawalker.com/musical-reflections-of-ireland-vocal-songbooks-v-1.pdf
    • http://www.gorillawalker.com/living-in-hong-kong.pdf
    • http://www.gorillawalker.com/travels-by-night-a-memoir-of-the-sixties.pdf
    • http://www.gorillawalker.com/manipulating-attention-testing-memory-the-beneficial-effect-of-exogenous-and.pdf
    • http://www.gorillawalker.com/intermediate-algebra-2010-class-test-edition.pdf
    • http://www.gorillawalker.com/spuds.pdf
    • http://www.gorillawalker.com/history-in-motion-time-in-the-age-of-the-moving.pdf
    • http://www.gorillawalker.com/radar-detection-hardcover.pdf
    • http://www.gorillawalker.com/meaning-of-human-suffering.pdf
    • http://www.gorillawalker.com/india-guide-gujarat.pdf
    • http://www.gorillawalker.com/the-visual-communications-book-using-words-drawings-and-whiteboards-to.pdf
    • http://www.gorillawalker.com/development-and-the-law-a-guide-for-construction-and-property.pdf
    • http://www.gorillawalker.com/random-house-webster-s-school-and-office-thesaurus-revised-and.pdf
    • http://www.gorillawalker.com/basic-immunology-updated-edition-2006-2007-with-student-consult-access.pdf
    • http://www.gorillawalker.com/a-home-for-mr-emerson.pdf
    • http://www.gorillawalker.com/for-derrida.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.