Malicious PDF — malware analysis report

Static analysis result for SHA-256 8dd633a647207842…

MALICIOUS

PDF

41.0 KB Created: 2018-11-14 08:15:27 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: 125e88416c15382597a6eb1a4b097f73 SHA-1: e10238f1353851e260810bbff00144b9690eeb8a SHA-256: 8dd633a647207842835e8941cca24ab932e1b0616f3e6eb09dc3ab0a06dca8db
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded links to external PDF files hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of links suggests a potential SEO manipulation or a lure to download further malicious content. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9526

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/o-poder-da-semente-portuguese-edition.pdf
    • http://www.gorillawalker.com/12-concerti-grossi-op-1-concerto-no-1-viola-part.pdf
    • http://www.gorillawalker.com/bridge-technique-a-entry-management.pdf
    • http://www.gorillawalker.com/law-and-institutions-of-the-european-communities.pdf
    • http://www.gorillawalker.com/building-technology-set-2.pdf
    • http://www.gorillawalker.com/libro-secreto-de-los-duendes-que-pase-el-tren-spanish.pdf
    • http://www.gorillawalker.com/free-energy-a-do-it-yourself-primer-kindle-edition.pdf
    • http://www.gorillawalker.com/it-all-counts-kindle-edition.pdf
    • http://www.gorillawalker.com/st-kitts-and-nevis-portrait-of-a-nation-celebrating-25.pdf
    • http://www.gorillawalker.com/the-making-of-a-country-lawyer-an-autobiography.pdf
    • http://www.gorillawalker.com/finger-exercises-for-violin-book-one.pdf
    • http://www.gorillawalker.com/nondiscrimination-in-environmental-regulation-a-legal-analysis-kindle-edition.pdf
    • http://www.gorillawalker.com/combat-and-survival-what-it-takes-to-fight-and-win.pdf
    • http://www.gorillawalker.com/history-of-the-150th-regiment-pennsylvania-volunteers-second-regiment-bucktail.pdf
    • http://www.gorillawalker.com/the-american-tax-dollar-bailouts-2011-taxes-liquidity-bailouts-of.pdf
    • http://www.gorillawalker.com/through-the-years-the-songs-of-steve-dorff-p-v.pdf
    • http://www.gorillawalker.com/the-witch-who-stole-my-manhood-gender-change-futanari-erotica.pdf
    • http://www.gorillawalker.com/risen-kindle-edition.pdf
    • http://www.gorillawalker.com/oral-histology-anatomy-questions-answers.pdf
    • http://www.gorillawalker.com/the-gladiators-history-s-most-deadly-sport.pdf
    • http://www.gorillawalker.com/recollections-of-paros-and-the-greek-islands-kindle-edition.pdf
    • http://www.gorillawalker.com/kinesiology-taping-the-essential-step-by-step-guide-taping-for.pdf
    • http://www.gorillawalker.com/tribunals-of-hermes-rome-ars-magica-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/the-ultimate-challenge-the-3x-1-problem.pdf
    • http://www.gorillawalker.com/report-of-an-expedition-down-the-zuni-and-colorado-rivers.pdf
    • http://www.gorillawalker.com/islam-without-extremes-a-muslim-case-for-liberty-unabridged-audible.pdf
    • http://www.gorillawalker.com/egyptian-dawn-exposing-the-real-truth-behind-ancient-egypt.pdf
    • http://www.gorillawalker.com/heterogeneous-nanocomposite-photocatalysis-for-water-purification.pdf
    • http://www.gorillawalker.com/future-minded-the-psychology-of-agency-and-control.pdf
    • http://www.gorillawalker.com/optical-detectors-for-astronomy-proceedings-of-an-eso-ccd-workshop.pdf
    • http://www.gorillawalker.com/the-sibling-effect-what-the-bonds-among-brothers-and-sisters.pdf
    • http://www.gorillawalker.com/an-introduction-to-methods-of-dewatering-and-groundwater-control.pdf
    • http://www.gorillawalker.com/connect-1-semester-access-card-for-chemistry-the-molecular-nature.pdf
    • http://www.gorillawalker.com/where-children-run-volume-1.pdf
    • http://www.gorillawalker.com/social-work-in-hospitals-a-contribution-to-progressive-medicine-classic.pdf
    • http://www.gorillawalker.com/waiting-at-the-tradesmans-entrance-and-other-poetical-gris-gris.pdf
    • http://www.gorillawalker.com/moon-mother-moon-daughter.pdf
    • http://www.gorillawalker.com/national-geographic-readers-martin-luther-king-jr-readers-bios.pdf
    • http://www.gorillawalker.com/dream-jobs-american-cognac-tennis-boot-camp-quebec-roadtrip-lexus.pdf
    • http://www.gorillawalker.com/mental-toughness-training-for-volleyball-using-visualization-to-reach-your.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.