Malicious PDF — malware analysis report

Static analysis result for SHA-256 7882903664417226…

MALICIOUS

PDF

46.9 KB Created: 2018-11-15 18:31:55 +03:00 Authoring application: Word (via Mac OS X 10.8.5 Quartz PDFContext)
MD5: b5859dcde742e0994e777d31a946306c SHA-1: 5ed504ad431b302ae8c7726322ac7dbce89ce57e SHA-256: 78829036644172269ef0b9d04d22c530a8847b0c83a8750bd75ea4f6534f8d33
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on gorillawalker.com, suggesting a link farm or SEO manipulation tactic. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seismic-control-systems-design-and-performance-assessment-wit-transactions-on.pdf
    • http://www.gorillawalker.com/the-passionate-mind-revisited-expanding-personal-and-social-awareness.pdf
    • http://www.gorillawalker.com/atmospheric-aerosols-properties-and-climate-impacts-springer-atmospheric-sciences.pdf
    • http://www.gorillawalker.com/guide-de-conversation-fran-ais-russe-et-dictionnaire-concis-de.pdf
    • http://www.gorillawalker.com/grundlagen-der-kommunikation-die-moderation-german-edition.pdf
    • http://www.gorillawalker.com/hplc-methods-for-recently-approved-pharmaceuticals.pdf
    • http://www.gorillawalker.com/mimi-and-toutou-go-forth-the-bizarre-battle-of-lake.pdf
    • http://www.gorillawalker.com/copenhagen-2016-the-most-beautiful-capital-of-europe-uk-version.pdf
    • http://www.gorillawalker.com/johnny-cash-anthology.pdf
    • http://www.gorillawalker.com/grand-livre-de-cuisine-publisher-ducasse-books.pdf
    • http://www.gorillawalker.com/montreal-webster-s-specialty-crossword-puzzles-volume-2-the-enthusiast.pdf
    • http://www.gorillawalker.com/elektrotechnik-f-r-ingenieure-2-wechselstromtechnik-ortskurven-transformator-mehrphasensysteme-ein.pdf
    • http://www.gorillawalker.com/dark-taste-of-rapture-alien-huntress.pdf
    • http://www.gorillawalker.com/fall-daze-kindle-edition.pdf
    • http://www.gorillawalker.com/predique-por-un-a-o-4-preach-for-a-year.pdf
    • http://www.gorillawalker.com/committed-to-you-interracial-erotic-romance-coventon-campus-book-2.pdf
    • http://www.gorillawalker.com/intermittent-fasting-recipes-for-a-flat-belly-slow-cooker-recipes.pdf
    • http://www.gorillawalker.com/forces-for-good-the-six-practices-of-high-impact-nonprofits.pdf
    • http://www.gorillawalker.com/the-sketchbook-challenge-techniques-prompts-and-inspiration-for-achieving-your.pdf
    • http://www.gorillawalker.com/the-discourse-of-online-consumer-reviews-bloomsbury-discourse.pdf
    • http://www.gorillawalker.com/title-45-public-welfare-200-499-2011-title-45-public.pdf
    • http://www.gorillawalker.com/ice-hockey-playing-and-coaching.pdf
    • http://www.gorillawalker.com/sensor-networks-with-ieee-802-15-4-systems-distributed-processing.pdf
    • http://www.gorillawalker.com/pearson-literature-2015-common-core-student-edition-6-year-digital.pdf
    • http://www.gorillawalker.com/healing-stones-for-the-vital-organs-83-crystals-with-traditional.pdf
    • http://www.gorillawalker.com/the-malleus-maleficarum-of-heinrich-kramer-and-james-sprenger.pdf
    • http://www.gorillawalker.com/the-adventures-of-robin-hood-puffin-classics.pdf
    • http://www.gorillawalker.com/the-rise-corruption-and-coming-fall-of-the-house-of.pdf
    • http://www.gorillawalker.com/raising-venture-capital-finance-in-europe-a-practical-guide-for.pdf
    • http://www.gorillawalker.com/textbook-of-spinal-disorders.pdf
    • http://www.gorillawalker.com/trust-funnel-leverage-today-s-online-currency-to-grab-attention.pdf
    • http://www.gorillawalker.com/business-law-and-the-regulation-of-business-8th-edition.pdf
    • http://www.gorillawalker.com/tex-avery-king-of-cartoons.pdf
    • http://www.gorillawalker.com/texas-dwi-defense-the-law-and-practice-with-dvd.pdf
    • http://www.gorillawalker.com/anne-frank-and-her-diary-history-makers-sea-to-sea.pdf
    • http://www.gorillawalker.com/more-than-sales-seeking-god-s-heart-for-your-direct.pdf
    • http://www.gorillawalker.com/creating-value-with-knowledge-insights-from-the-ibm-institute-for.pdf
    • http://www.gorillawalker.com/on-colonialism.pdf
    • http://www.gorillawalker.com/crystal-nights-and-other-stories.pdf
    • http://www.gorillawalker.com/simple-terms-and-conditions-and-privacy-policy-for-all-businesses.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.