Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ad02cc0ee83e735…

MALICIOUS

PDF

42.8 KB Created: 2018-12-14 20:47:09 +03:00 Authoring application: - (via OpenOffice.org 2.2)
MD5: fae43b741da734037c653cd677bfd54a SHA-1: f3ca468589f70f81ff2b333fd0314898067b7d6f SHA-256: 7ad02cc0ee83e735d4beb478dd2619d77061f2db2b0ea6dfe7069ac715c6aab4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a lure to a large collection of potentially malicious or unwanted content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/house-of-doors.pdf
    • http://www.gorillawalker.com/malediction-scars-of-the-sundering-book-1.pdf
    • http://www.gorillawalker.com/undaunted-a-norwegian-woman-in-frontier-texas-tarleton-state-university.pdf
    • http://www.gorillawalker.com/a-sissy-maid-for-arabella-a-feminization-sissification-erotic-novella.pdf
    • http://www.gorillawalker.com/the-war-of-the-worlds-short-black.pdf
    • http://www.gorillawalker.com/mobile-satellite-communications-principles-and-trends.pdf
    • http://www.gorillawalker.com/a-guide-up-the-rhine-from-london-by-rotterdam-the.pdf
    • http://www.gorillawalker.com/beginner-s-guide-to-writing-and-self-publishing-romance-ebooks.pdf
    • http://www.gorillawalker.com/superfoods-salads-in-a-jar-35-wheat-free-cooking-heart.pdf
    • http://www.gorillawalker.com/genealogy-of-the-benedicts-in-america-volume-ii.pdf
    • http://www.gorillawalker.com/the-book-of-common-prayer-leather-1952-edition.pdf
    • http://www.gorillawalker.com/multicultural-intelligence-eight-make-or-break-rules-for-marketing-to.pdf
    • http://www.gorillawalker.com/theorizing-about-myth.pdf
    • http://www.gorillawalker.com/pizza-the-size-of-the-sun-cd-a.pdf
    • http://www.gorillawalker.com/go-all-in-one-mil-a-c-offc10-mso10-180d.pdf
    • http://www.gorillawalker.com/river-tourism.pdf
    • http://www.gorillawalker.com/demons-llc-damned-and-cursed-book-7.pdf
    • http://www.gorillawalker.com/the-new-york-times-guide-to-essential-knowledge-a-desk.pdf
    • http://www.gorillawalker.com/the-treasures-and-pleasures-of-santa-fe-taos-and-albuquerque.pdf
    • http://www.gorillawalker.com/growing-patterns-fibonacci-numbers-in-nature.pdf
    • http://www.gorillawalker.com/vietnam-war-era-people-and-perspectives-perspectives-in-american-social.pdf
    • http://www.gorillawalker.com/tease-me-semper-fi-marines-volume-1.pdf
    • http://www.gorillawalker.com/christus-victor.pdf
    • http://www.gorillawalker.com/the-cpm-silver-yearbook-2006-wiley-trading.pdf
    • http://www.gorillawalker.com/how-to-photograph-a-wedding-kindle-edition.pdf
    • http://www.gorillawalker.com/cromwell-s-boy.pdf
    • http://www.gorillawalker.com/internet-privacy-eine-multidisziplin-re-bestandsaufnahme-a-multidisciplinary-analysis-acatech.pdf
    • http://www.gorillawalker.com/fifteen-sermons-preached-before-the-university-of-oxford-between-a.pdf
    • http://www.gorillawalker.com/the-last-of-the-firedrakes.pdf
    • http://www.gorillawalker.com/the-only-road-north-9-000-miles-of-dirt-and.pdf
    • http://www.gorillawalker.com/pro-illustration-a-guide-to-professional-techniques-book-1-editorial.pdf
    • http://www.gorillawalker.com/b2-1-1-001-1990-r2006-swps-for-shielded-metal.pdf
    • http://www.gorillawalker.com/l-incerta-favola-del-personaggio-1881-1923-il-romanzo-italiano.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-90-tactics-july-2001.pdf
    • http://www.gorillawalker.com/homophobia-from-social-stigma-to-hate-crimes-the-gallup-s.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-sexual-positions-sexual-enrichment-series.pdf
    • http://www.gorillawalker.com/the-art-of-opium-antiques.pdf
    • http://www.gorillawalker.com/further-adventures-of-lad.pdf
    • http://www.gorillawalker.com/in-bed-with-wall-street-how-bankers-regulators-and-politicians.pdf
    • http://www.gorillawalker.com/aloha-is.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.