Malicious PDF — malware analysis report

Static analysis result for SHA-256 8ca3f5ab953ecc8a…

MALICIOUS

PDF

41.7 KB Created: 2019-03-16 18:19:06 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: 1870019696337b452cc9b6fe397c45e8 SHA-1: 362b34c7f0519cb1d4b24d761ae000b9b333d094 SHA-256: 8ca3f5ab953ecc8a5069e82e6caafd3e986c02a8d50b27713f58d450ab124bb0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, constituting a link farm. The primary heuristic indicates this is a PDF SEO link farm, suggesting the document's purpose is to drive traffic to a large collection of other PDFs hosted on www.gorillawalker.com. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/creamy-studies-an-adult-nursing-novella.pdf
    • http://www.gorillawalker.com/coders-desk-reference-for-procedures-2015.pdf
    • http://www.gorillawalker.com/lonely-planet-discover-thailand-travel-guide.pdf
    • http://www.gorillawalker.com/studyguide-for-hematology-clinical-principles-and-applications-by-rodak-bernadette.pdf
    • http://www.gorillawalker.com/social-evolution-and-inclusive-fitness-theory-an-introduction.pdf
    • http://www.gorillawalker.com/como-jugar-y-ganar-al-poker-how-to-play-and.pdf
    • http://www.gorillawalker.com/the-function-of-humour-in-roman-verse-satire-laughing-and.pdf
    • http://www.gorillawalker.com/slim-and-none-my-wild-ride-from-the-wha-to.pdf
    • http://www.gorillawalker.com/a-voice-from-jerusalem.pdf
    • http://www.gorillawalker.com/earthworks-art-and-the-landscape-of-the-sixties.pdf
    • http://www.gorillawalker.com/dream-of-red-mansions-vol-ii.pdf
    • http://www.gorillawalker.com/understanding-ultrasound-physics-fundamentals-and-exam-review.pdf
    • http://www.gorillawalker.com/shipbuilding-in-waterford-1820-1882-a-historical-technical-and-pictorial.pdf
    • http://www.gorillawalker.com/interior-design-materials-and-specifications.pdf
    • http://www.gorillawalker.com/the-art-of-rock-posters-from-presley-to-punk-tiny.pdf
    • http://www.gorillawalker.com/taking-care-a-guide-for-nursing-assistants-4th-edition.pdf
    • http://www.gorillawalker.com/taming-the-tiger-the-story-of-the-india-general-service.pdf
    • http://www.gorillawalker.com/the-consumer-s-guide-to-hair-transplant-surgery-everything-you.pdf
    • http://www.gorillawalker.com/hansel-and-gretel-simplified-piano-solo-get-to-know-classical.pdf
    • http://www.gorillawalker.com/argentine-caudillo-juan-manuel-de-rosas-latin-american-silhouettes.pdf
    • http://www.gorillawalker.com/freckly-friends-kindle-edition.pdf
    • http://www.gorillawalker.com/first-person-sorrowful.pdf
    • http://www.gorillawalker.com/domicile-and-diaspora-anglo-indian-women-and-the-spatial-politics.pdf
    • http://www.gorillawalker.com/hylozoic-ground-liminal-responsive-architecture.pdf
    • http://www.gorillawalker.com/coast-of-cambodia-the.pdf
    • http://www.gorillawalker.com/eco-s-chaosmos-from-the-middle-ages-to-postmodernity-toronto.pdf
    • http://www.gorillawalker.com/dinosaurs-mega-books.pdf
    • http://www.gorillawalker.com/understanding-boat-wiring.pdf
    • http://www.gorillawalker.com/nausica-of-the-valley-of-the-wind-vols-1-4.pdf
    • http://www.gorillawalker.com/sisters-charming-petites.pdf
    • http://www.gorillawalker.com/carlos-is-gonna-get-it.pdf
    • http://www.gorillawalker.com/church-on-the-other-side-the.pdf
    • http://www.gorillawalker.com/nutrition-concepts-and-controversies-12th-edition-available-titles-coursemate.pdf
    • http://www.gorillawalker.com/laura-at-omg-eros-gallery-eighteen-college-girl.pdf
    • http://www.gorillawalker.com/beyond-shanghai.pdf
    • http://www.gorillawalker.com/new-marriage-law-learning-reading-chinese-edition.pdf
    • http://www.gorillawalker.com/a-poet-s-craft-a-comprehensive-guide-to-making-and.pdf
    • http://www.gorillawalker.com/letters-to-god-preteen-expressions-from-their-hearts-to-his.pdf
    • http://www.gorillawalker.com/fasttrack-physical-pharmacy-fast-track-pharmacy-series.pdf
    • http://www.gorillawalker.com/chihuly-through-the-looking-glass.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.