Malicious PDF — malware analysis report

Static analysis result for SHA-256 8c371a43e5848f46…

MALICIOUS

PDF

47.0 KB Created: 2019-02-15 20:13:13 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: fc8ae42db35e6ff6d7f0f317a8e669d3 SHA-1: a261726b7b0ca4296a6fdabccb4b075720aa991f SHA-256: 8c371a43e5848f46fe747bce8671f2d488226a75a3ecefa8eda7cbe10c48d42c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute potentially malicious content. The ML classifier's high score indicates a strong likelihood of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/berlitz-rush-hour-express-spanish-berlitz-express-spanish-edition-english.pdf
    • http://www.gorillawalker.com/vall-s-will.pdf
    • http://www.gorillawalker.com/denmark-immigration-laws-and-regulations-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/elementary-fluid-mechanics.pdf
    • http://www.gorillawalker.com/new-spirit-filled-life-bible-kingdom-equipping-through-the-power.pdf
    • http://www.gorillawalker.com/conversion-between-network-level-and-project-level-units-of-measure.pdf
    • http://www.gorillawalker.com/hazardous-waste-disposal-nato-challenges-of-modern-society.pdf
    • http://www.gorillawalker.com/next-series-introduction-to-google-apps-personal-apps.pdf
    • http://www.gorillawalker.com/aufz-hlung-der-chilenischen-dipteren-german-edition.pdf
    • http://www.gorillawalker.com/you-make-me-strong.pdf
    • http://www.gorillawalker.com/hypnosis-a-journey-into-the-mind.pdf
    • http://www.gorillawalker.com/prophetic-prayer-for-divine-intervention-21-days-prayer-nuggets-that.pdf
    • http://www.gorillawalker.com/the-birth-of-insight-meditation-modern-buddhism-and-the-burmese.pdf
    • http://www.gorillawalker.com/fielding-s-vietnam-the-adventurous-up-to-the-minute-guide.pdf
    • http://www.gorillawalker.com/chester-carlson-and-the-development-of-xerography-unlocking-the-secrets.pdf
    • http://www.gorillawalker.com/infrared-and-raman-spectroscopic-imaging.pdf
    • http://www.gorillawalker.com/christian-meditation-experiencing-the-presence-of-god.pdf
    • http://www.gorillawalker.com/accounting-for-inventory-accountingtools.pdf
    • http://www.gorillawalker.com/an-introduction-to-r.pdf
    • http://www.gorillawalker.com/the-victorious-kingdom-understanding-the-book-of-revelation-series-volume.pdf
    • http://www.gorillawalker.com/stages-creative-ideas-for-teaching-drama-revised-2nd-edition.pdf
    • http://www.gorillawalker.com/barefoot-church-serving-the-least-in-a-consumer-culture-exponential.pdf
    • http://www.gorillawalker.com/carl-fischer-method-for-cello.pdf
    • http://www.gorillawalker.com/daddy-needs-a-drink-an-irreverent-look-at-parenting-from.pdf
    • http://www.gorillawalker.com/evolution-of-the-conjugate-east-african-madagascan-margins-and-the.pdf
    • http://www.gorillawalker.com/rich-dad-poor-dad-what-the-rich-teach-their-kids.pdf
    • http://www.gorillawalker.com/this-everlasting-silence-the-love-letters-of-paquita-delprat-and.pdf
    • http://www.gorillawalker.com/download-skydiving-kindle-edition.pdf
    • http://www.gorillawalker.com/instant-immersion-japanese-instant-immersion.pdf
    • http://www.gorillawalker.com/kinetics-of-enzyme-modifier-interactions-selected-topics-in-the-theory.pdf
    • http://www.gorillawalker.com/salonovations-professional-s-reflexology-handbook.pdf
    • http://www.gorillawalker.com/60-of-the-funkiest-keyboard-riffs-known-to-mankind-book.pdf
    • http://www.gorillawalker.com/the-battleship-builders-constructing-and-arming-british-capital-ships.pdf
    • http://www.gorillawalker.com/all-in-curriculum-kit-you-are-one-decision-away-from.pdf
    • http://www.gorillawalker.com/alfred-lord-tennyson-bloom-s-major-poets-comprehensive-research-and.pdf
    • http://www.gorillawalker.com/murdergram-part-2.pdf
    • http://www.gorillawalker.com/elsie-adventures-of-an-arizona-schoolteacher-1913-1916.pdf
    • http://www.gorillawalker.com/the-lion-sleeps-tonight-for-a-minimum-of-five-steel.pdf
    • http://www.gorillawalker.com/taken-by-force.pdf
    • http://www.gorillawalker.com/zion-s-christian-soldiers-the-bible-israel-and-the-church.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.