Malicious PDF — malware analysis report

Static analysis result for SHA-256 95ff04187688b804…

MALICIOUS

PDF

44.1 KB Created: 2019-04-11 21:02:25 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: 9d52e9307e0cf4699afe9b846d5f20e0 SHA-1: c0bbed4ddf8115d550c06cfdc79bab40a43f9b69 SHA-256: 95ff04187688b8047b0faec652fdde61bbf82d2e25c34363cf0607eecfb777ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for other malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-blue-chair-jam-cookbook.pdf
    • http://www.gorillawalker.com/practical-antennas-for-novices.pdf
    • http://www.gorillawalker.com/characterizing-the-u-s-industrial-base-for-coal-powered-electricity.pdf
    • http://www.gorillawalker.com/ugly-americans-the-true-story-of-the-ivy-league-cowboy.pdf
    • http://www.gorillawalker.com/something-sexy-book-8-in-the-action-series.pdf
    • http://www.gorillawalker.com/landforms-in-africa-an-introduction-to-geomorphology.pdf
    • http://www.gorillawalker.com/central-pennsylvania-redware-pottery-1780-1904-oral-traditions-project.pdf
    • http://www.gorillawalker.com/love-and-devotion-simple-poems-that-bless-the-heart.pdf
    • http://www.gorillawalker.com/judging-war-criminals-the-politics-of-international-justice.pdf
    • http://www.gorillawalker.com/tattoo-super-models-english-edition-inked-sexy.pdf
    • http://www.gorillawalker.com/sipri-yearbook-2014-armaments-disarmament-and-international-security.pdf
    • http://www.gorillawalker.com/running-will-make-you-fit-the-ultimate-running-guide-to.pdf
    • http://www.gorillawalker.com/de-como-europa-subdesarrollo-a-africa-spanish-edition.pdf
    • http://www.gorillawalker.com/optimising-distressed-loan-books-practical-solutions-for-dealing-with-non.pdf
    • http://www.gorillawalker.com/how-to-earn-your-cbap-or-ccba-in-3-months.pdf
    • http://www.gorillawalker.com/between-two-worlds-from-tyranny-to-freedom-my-escape-from.pdf
    • http://www.gorillawalker.com/working-with-auras-your-complete-guide-to-health-and-well.pdf
    • http://www.gorillawalker.com/money-for-food-your-piggy-bank-a-guide-to-spending.pdf
    • http://www.gorillawalker.com/akoma-greek-edition.pdf
    • http://www.gorillawalker.com/digging-for-history-at-old-washington.pdf
    • http://www.gorillawalker.com/foreigner-the-collection-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/profiles-in-courage-for-our-time.pdf
    • http://www.gorillawalker.com/desolate-assassin-s-rising-volume-4.pdf
    • http://www.gorillawalker.com/the-three-bears.pdf
    • http://www.gorillawalker.com/improvisation-et-caprice.pdf
    • http://www.gorillawalker.com/an-annotated-bibliography-of-court-cases-relevant-to-employment-decisions.pdf
    • http://www.gorillawalker.com/modeling-bipolar-power-semiconductor-devices-synthesis-lectures-on-power-electronics.pdf
    • http://www.gorillawalker.com/guide-to-rhodesia-for-the-use-of-tourists-and-settlers.pdf
    • http://www.gorillawalker.com/digital-signal-processing-laboratory-experiments-using-c-and-the-tms320c31.pdf
    • http://www.gorillawalker.com/breakfast-in-gascony.pdf
    • http://www.gorillawalker.com/computer-confluence-exploring-tomorrow-s-technology.pdf
    • http://www.gorillawalker.com/berlin-und-die-berliner-leute-dinge-sitten-winke-german-edition.pdf
    • http://www.gorillawalker.com/the-duke-s-holiday-the-regency-romp-trilogy-book-1.pdf
    • http://www.gorillawalker.com/paper-and-paper-products-in-new-zealand-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-fasting-girl-a-true-victorian-medical-mystery.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-24-parts-0-to-199-revised.pdf
    • http://www.gorillawalker.com/mike-smith-s-hockey-playbook.pdf
    • http://www.gorillawalker.com/the-malvern-hills-travels-through-elgar-country-classic-country-connections.pdf
    • http://www.gorillawalker.com/cellular-and-molecular-immunology-8e-cellular-and-molecular-immunology-abbas.pdf
    • http://www.gorillawalker.com/multielement-system-design-in-astronomy-and-radio-science-astrophysics-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.