Malicious PDF — malware analysis report

Static analysis result for SHA-256 73e0e4e7c2c9a128…

MALICIOUS

PDF

34.4 KB Created: 2019-09-08 11:51:00 +03:00 Authoring application: Writer (via OpenOffice.org 2.4)
MD5: 28bff0036b867670731907d822a5b590 SHA-1: 3ff4db6754f35eed2977d39799369e5b93396b0d SHA-256: 73e0e4e7c2c9a128f0da0edeb0289d378f2f581f31d7cd731b24a05e4bddd7b8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or potentially distributing further malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/weight-watchers-magazine-two-s-company-131-recipes-perfectly-proportioned.pdf
    • http://www.gorillawalker.com/occupational-analysis-and-group-process-kindle-edition.pdf
    • http://www.gorillawalker.com/1000-basic-phrases-japanese-slovak-chitchat-worldwide-japanese-edition-kindle.pdf
    • http://www.gorillawalker.com/fundamentals-of-optical-waveguides-optics-and-photonics.pdf
    • http://www.gorillawalker.com/three-dances-unaccomp-solos-percussion-sheet-music.pdf
    • http://www.gorillawalker.com/tickle-leslie-patricelli-board-books-kindle-edition.pdf
    • http://www.gorillawalker.com/food-production-operations.pdf
    • http://www.gorillawalker.com/el-debate-acerca-de-la-legalizaci-n-del-aborto.pdf
    • http://www.gorillawalker.com/integrated-security-systems-design-second-edition-a-complete-reference-for.pdf
    • http://www.gorillawalker.com/clarinet-concerto-no-1-in-f-minor-op-73-classical.pdf
    • http://www.gorillawalker.com/wind-loads-and-anchor-bolt-design-for-petrochemical-facilities.pdf
    • http://www.gorillawalker.com/la-dieta-de-la-testosterona-natural-para-la-salud-sexual.pdf
    • http://www.gorillawalker.com/judges-interpretation-a-bible-commentary-for-teaching-and-preaching-hardcover.pdf
    • http://www.gorillawalker.com/lizard-zen.pdf
    • http://www.gorillawalker.com/revenge-between-my-lover-s-legs.pdf
    • http://www.gorillawalker.com/m-a-a-practical-guide-to-doing-the-deal-wiley.pdf
    • http://www.gorillawalker.com/infrared-and-raman-selection-rules-for-molecular-and-lattice-vibrations.pdf
    • http://www.gorillawalker.com/the-prose-edda-penguin-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/jesus-on-trial-a-lawyer-affirms-the-truth-of-the.pdf
    • http://www.gorillawalker.com/alliance-and-condemnation-alianza-y-condena.pdf
    • http://www.gorillawalker.com/five-card-stud-eclipse-heat.pdf
    • http://www.gorillawalker.com/number-one-way-to-fight-the-devil-kindle-edition.pdf
    • http://www.gorillawalker.com/the-self-fulfillment-workbook-50-exercises-secret-truths-for-a.pdf
    • http://www.gorillawalker.com/preventing-malpractice-the-co-active-solution.pdf
    • http://www.gorillawalker.com/lives-and-times-of-the-patriots-an-account-of-the.pdf
    • http://www.gorillawalker.com/atlas-of-adult-autopsy-pathology.pdf
    • http://www.gorillawalker.com/40-essential-in-services-for-home-health-lesson-plans-and.pdf
    • http://www.gorillawalker.com/the-meaning-of-the-bible-what-the-jewish-scriptures-and.pdf
    • http://www.gorillawalker.com/revolutionary-strategies-of-the-founding-fathers-leadership-lessons-from-america.pdf
    • http://www.gorillawalker.com/j-r-rogers-sr-ministries-inc-bw-christian-discipleship-christian.pdf
    • http://www.gorillawalker.com/veterinary-immunology-an-introduction-5th-edition-by-tizard-ian-r.pdf
    • http://www.gorillawalker.com/the-book-of-fine-prints-an-anthology-of-printed-pictures.pdf
    • http://www.gorillawalker.com/prefab-architecture-a-guide-to-modular-design-and-construction.pdf
    • http://www.gorillawalker.com/south-of-suez-the-robert-l-hess-collection-on-ethiopia.pdf
    • http://www.gorillawalker.com/ancient-greece-collins-primary-history.pdf
    • http://www.gorillawalker.com/workbook-spanish-for-mastery-1-que-tal.pdf
    • http://www.gorillawalker.com/black-thunder-an-ella-clah-novel.pdf
    • http://www.gorillawalker.com/crime-et-ch-timent-i.pdf
    • http://www.gorillawalker.com/fast-fresh-hot-a-men-at-work-novella.pdf
    • http://www.gorillawalker.com/water-music-complete.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.