Malicious PDF — malware analysis report

Static analysis result for SHA-256 720204e8ac65446d…

MALICIOUS

PDF

42.0 KB Created: 2018-11-15 18:32:04 +03:00 Authoring application: Word (via Mac OS X 10.8.5 Quartz PDFContext)
MD5: d30b1ec0871d77d46984f2c69c9fad46 SHA-1: fe2b473e765f4c9f3e9fb85408c22f96b16b6d9a SHA-256: 720204e8ac65446dc1348ef1768d19542cd864841a3abb02051192b29cc5e87f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a large collection of documents hosted on www.gorillawalker.com, likely to manipulate search engine rankings or distribute content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bankruptcy-code-rules-and-forms-2004-including-federal-rules-of.pdf
    • http://www.gorillawalker.com/from-stroganov-to-strudel.pdf
    • http://www.gorillawalker.com/management-information-systems.pdf
    • http://www.gorillawalker.com/fire-truck-sing-and-read-storybook.pdf
    • http://www.gorillawalker.com/oh-my-goddess-volume-17-traveler-original-format.pdf
    • http://www.gorillawalker.com/controlling-the-detectives-the-magic-remote-book-3.pdf
    • http://www.gorillawalker.com/an-introduction-to-general-systems-thinking-silver-anniversary-edition.pdf
    • http://www.gorillawalker.com/behind-the-sawali-santo-tomas-in-cartoons-1942-1945.pdf
    • http://www.gorillawalker.com/the-runes-of-elfland.pdf
    • http://www.gorillawalker.com/world-english-book-1-student-book.pdf
    • http://www.gorillawalker.com/giraffe-home-cooking-global-family-food.pdf
    • http://www.gorillawalker.com/indonesia-joint-venture-construction-start-up-on-planned-175-000.pdf
    • http://www.gorillawalker.com/mega-man-star-force-official-complete-works.pdf
    • http://www.gorillawalker.com/los-ford-en-la-pantalla-existen-muchos-autos-famosos-pero.pdf
    • http://www.gorillawalker.com/the-work-smart-academic-planner-write-it-down-get-it.pdf
    • http://www.gorillawalker.com/how-to-read-a-novelist.pdf
    • http://www.gorillawalker.com/american-english-idiomatic-expressions-in-52-weeks-an-easy-way.pdf
    • http://www.gorillawalker.com/lake-powell-glen-canyon-national-recreation-area-arizona-highways-special.pdf
    • http://www.gorillawalker.com/supporting-sap-r-3.pdf
    • http://www.gorillawalker.com/the-constitution-s-text-in-foreign-affairs.pdf
    • http://www.gorillawalker.com/taking-the-boss-to-bed-harlequin-desire.pdf
    • http://www.gorillawalker.com/american-iron-hand-presses.pdf
    • http://www.gorillawalker.com/quantifying-the-value-of-project-management.pdf
    • http://www.gorillawalker.com/revel-for-digital-statistics-for-the-behavioral-sciences-access-card.pdf
    • http://www.gorillawalker.com/mix-design-methods-for-asphalt-concrete-and-other-hot-mix.pdf
    • http://www.gorillawalker.com/heir-the.pdf
    • http://www.gorillawalker.com/childhood-s-end.pdf
    • http://www.gorillawalker.com/lost-daughters-writing-adoption-from-a-place-of-empowerment-and.pdf
    • http://www.gorillawalker.com/the-great-american-chocolate-chip-cookie-book-scrumptious-recipes-fabled.pdf
    • http://www.gorillawalker.com/un-esp-ritu-invencible-spanish-edition.pdf
    • http://www.gorillawalker.com/mini-sudoku-6x6-easy-to-hard-volume-43-276-puzzles.pdf
    • http://www.gorillawalker.com/youcat-kindle-edition.pdf
    • http://www.gorillawalker.com/persuader-jack-reacher-series.pdf
    • http://www.gorillawalker.com/transformations-from-mannerism-to-baroque-in-the-age-of-european.pdf
    • http://www.gorillawalker.com/vegetarian-burger-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/beatriz-gonzalez.pdf
    • http://www.gorillawalker.com/reflections-on-the-magic-of-writing-kindle-edition.pdf
    • http://www.gorillawalker.com/2011-alvin-the-chipmunks-calendar.pdf
    • http://www.gorillawalker.com/everybody-was-so-young-gerald-and-sara-murphy-a-lost.pdf
    • http://www.gorillawalker.com/up-from-depression.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.