Malicious PDF — malware analysis report

Static analysis result for SHA-256 7fa530f454037a12…

MALICIOUS

PDF

43.0 KB Created: 2018-11-30 20:34:13 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: 101c8eadb64db97df6bb4997bf9870b5 SHA-1: cc84daac9a02a0d6e01ef6f935cd4430165fa3af SHA-256: 7fa530f454037a12313d4625e4739574d921467f81635ba17595f3e814b14637
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, through a link farm. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aspects-of-old-assyrian-trade-and-its-terminology-ancient-near.pdf
    • http://www.gorillawalker.com/forecasting-and-time-series-an-applied-approach-the-duxbury-advanced.pdf
    • http://www.gorillawalker.com/oceans-our-world.pdf
    • http://www.gorillawalker.com/our-present-duty-concluding-address-to-the-anglo-catholic-conference.pdf
    • http://www.gorillawalker.com/nelson-international-mathematics-workbook-2b.pdf
    • http://www.gorillawalker.com/when-september-ends.pdf
    • http://www.gorillawalker.com/the-wizard-of-oz-selections.pdf
    • http://www.gorillawalker.com/the-viscount-who-loved-me-bridgertons.pdf
    • http://www.gorillawalker.com/blackjack-forum-full-year-1989-volume-ix-issues-1-march.pdf
    • http://www.gorillawalker.com/stanford-law-review-volume-64-issue-3-march-2012-kindle.pdf
    • http://www.gorillawalker.com/consideraciones-conceptuales-sobre-los-sistemas-de-informaci-n-geogr-fica.pdf
    • http://www.gorillawalker.com/freedom-s-witness-the-civil-war-correspondence-of-henry-mcneal.pdf
    • http://www.gorillawalker.com/holt-allez-viens-student-edition-level-1-2003.pdf
    • http://www.gorillawalker.com/breaking-a-horse-to-harness-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/las-semanas-del-jardin-destinolibro-spanish-edition-paperback.pdf
    • http://www.gorillawalker.com/autumn-rambles-in-north-africa.pdf
    • http://www.gorillawalker.com/in-the-temple-of-wolves-a-winter-s-immersion-in.pdf
    • http://www.gorillawalker.com/exercise-for-special-populations.pdf
    • http://www.gorillawalker.com/chinese-silks-the-culture-civilization-of-china.pdf
    • http://www.gorillawalker.com/nursing-assistant-ltc-resource.pdf
    • http://www.gorillawalker.com/66-festive-and-famous-chorales-for-band-baritone-t-c.pdf
    • http://www.gorillawalker.com/medicinal-coleus-a-remunerative-crop-of-indian-origin.pdf
    • http://www.gorillawalker.com/horticulture-the-green-world.pdf
    • http://www.gorillawalker.com/the-official-racing-book.pdf
    • http://www.gorillawalker.com/mrs-hill-s-southern-practical-cookery-and-receipt-book-a.pdf
    • http://www.gorillawalker.com/pro-net-2-0-windows-forms-and-custom-controls-in.pdf
    • http://www.gorillawalker.com/overkill-a-jaywalker-case.pdf
    • http://www.gorillawalker.com/a-filosofia-do-punk-mais-do-que-barulho-portuguese-edition.pdf
    • http://www.gorillawalker.com/biological-disaster-management-major-events-and-existing-framework.pdf
    • http://www.gorillawalker.com/the-manticore-penguin-classics.pdf
    • http://www.gorillawalker.com/panama-business-intelligence-report.pdf
    • http://www.gorillawalker.com/where-the-blood-mixes.pdf
    • http://www.gorillawalker.com/global-sustainable-development-and-renewable-energy-systems.pdf
    • http://www.gorillawalker.com/medical-transcription-projects.pdf
    • http://www.gorillawalker.com/manhattan-lsat-reading-comprehension-strategy-guide-3rd-edition-manhattan-lsat.pdf
    • http://www.gorillawalker.com/spa-medicine-your-gateway-to-the-ageless-zone.pdf
    • http://www.gorillawalker.com/pure-juicing-for-glowing-skin-immune-boosting-and-recovery-calories.pdf
    • http://www.gorillawalker.com/die-kat-kom-kuier-afrikaans-edition.pdf
    • http://www.gorillawalker.com/afghan-bound.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-custom-edition-for-florida-international-university.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.