Malicious PDF — malware analysis report

Static analysis result for SHA-256 8775ebd86f2045d3…

MALICIOUS

PDF

46.5 KB Created: 2018-11-26 20:10:15 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 3.0f1r8 for Power Macintosh)
MD5: d09ab3b21c773d95f1d3f9d382e87630 SHA-1: cff93ff18cd3271828f829774ceb434bcb8cd6d3 SHA-256: 8775ebd86f2045d34b93203d5fe400f1f7e7354741c8f32552b8e5dd9d6a4868
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/official-glee-calendar-2012.pdf
    • http://www.gorillawalker.com/nolo-s-essential-guide-to-buying-your-first-home-3th.pdf
    • http://www.gorillawalker.com/the-man-who-caught-crippen.pdf
    • http://www.gorillawalker.com/studies-in-language-origins-3-volumes.pdf
    • http://www.gorillawalker.com/lonely-planet-southeast-asia-on-a-shoestring-lonely-planet-shoestring.pdf
    • http://www.gorillawalker.com/rediscovering-mathematics-you-do-the-math.pdf
    • http://www.gorillawalker.com/acs-surgery-principles-and-practice-2-vol-set.pdf
    • http://www.gorillawalker.com/animal-behavior-fifth-edition.pdf
    • http://www.gorillawalker.com/the-philosophy-of-cognitive-behavioural-therapy-stoic-philosophy-as-rational.pdf
    • http://www.gorillawalker.com/one-referral-short-of-a-lobotomy-the-rantings-and-reflections.pdf
    • http://www.gorillawalker.com/fowey-lifeboats-an-illustrated-history.pdf
    • http://www.gorillawalker.com/the-bible-culture-community-society.pdf
    • http://www.gorillawalker.com/naked-crimes-we-are-all-tempted.pdf
    • http://www.gorillawalker.com/growth-hacker-marketing-a-primer-on-the-future-of-pr.pdf
    • http://www.gorillawalker.com/medieval-siege-weapons-2-byzantium-the-islamic-world-india-ad.pdf
    • http://www.gorillawalker.com/the-soviet-estimate-u-s-intelligence-analysis-russian-military-strength.pdf
    • http://www.gorillawalker.com/the-american-political-system-full-edition-election-update-with-policy.pdf
    • http://www.gorillawalker.com/microelectronics-automation-and-employment-in-the-automobile-industry.pdf
    • http://www.gorillawalker.com/advanced-sports-massage-manual.pdf
    • http://www.gorillawalker.com/interpreting-bonhoeffer-historical-perspectives-emerging-issues.pdf
    • http://www.gorillawalker.com/winter-harvest-cookbook-how-to-select-and-prepare-fresh-seasonal.pdf
    • http://www.gorillawalker.com/lady-sumeria-colecci.pdf
    • http://www.gorillawalker.com/winning-chess-openings-winning-chess-everyman-chess.pdf
    • http://www.gorillawalker.com/philosophy-and-organization-theory-research-in-the-sociology-of-organizations.pdf
    • http://www.gorillawalker.com/statistics-data-analysis-and-decision-modeling-3rd-edition.pdf
    • http://www.gorillawalker.com/loxfinger-a-thrilling-adventure-of-hebrew-secret-agent-oy-oy.pdf
    • http://www.gorillawalker.com/the-joy-of-eating-french-food-great-french-dishes-made.pdf
    • http://www.gorillawalker.com/crocodile-dock-firefly-finale-leader-pack.pdf
    • http://www.gorillawalker.com/iec-60335-2-88-ed-2-0-en-2002-household.pdf
    • http://www.gorillawalker.com/the-oldest-old.pdf
    • http://www.gorillawalker.com/the-language-of-jokes-analyzing-verbal-play-interface-by-chiaro.pdf
    • http://www.gorillawalker.com/youth-development-from-the-trenches-a-practitioner-examines-the-research.pdf
    • http://www.gorillawalker.com/channelling-use-your-psychic-powers-to-contact-your-spirit-guides.pdf
    • http://www.gorillawalker.com/the-2007-2012-outlook-for-smoothies-in-the-united-states.pdf
    • http://www.gorillawalker.com/a-carlin-home-companion-growing-up-with-george.pdf
    • http://www.gorillawalker.com/moshe-safdie-building-and-projects-1967-1992-with-cd-rom.pdf
    • http://www.gorillawalker.com/mexico-guatemala-el-salvador-belize-nelles-map-nelles-maps-english.pdf
    • http://www.gorillawalker.com/let-s-draw-manga-transforming-robots.pdf
    • http://www.gorillawalker.com/the-joys-of-cheap-wine-a-spirited-guide-to-buying.pdf
    • http://www.gorillawalker.com/glencoe-health-student-workbook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.