Malicious PDF — malware analysis report

Static analysis result for SHA-256 9b0a114867129396…

MALICIOUS

PDF

31.9 KB Created: 2020-02-08 18:27:35 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: 08c1361724232fe9492f811b9b7e7dad SHA-1: 7054f8bdc50cfcd1e2bec371aea71e9d755d3734 SHA-256: 9b0a1148671293961aac55c8b6068586b19bb10d7192729480bb2feeacb06a72
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body appears to be malformed or encrypted, preventing a deeper analysis of its specific content, but the primary attack vector is the link farm designed to direct users to potentially malicious content hosted on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/out-of-nowhere-the-inside-story-of-how-nike-marketed.pdf
    • http://www.gorillawalker.com/gogol-s-dead-souls-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/unequal-under-law-race-in-the-war-on-drugs.pdf
    • http://www.gorillawalker.com/proving-woman-female-spirituality-and-inquisitional-culture-in-the-later.pdf
    • http://www.gorillawalker.com/everyday-words-flashcards-russian.pdf
    • http://www.gorillawalker.com/humic-substances-molecular-details-and-applications-in-land-and-water.pdf
    • http://www.gorillawalker.com/play-magic-golf-how-to-use-self-hypnosis-meditation-zen.pdf
    • http://www.gorillawalker.com/office-specialist-passbooks.pdf
    • http://www.gorillawalker.com/chop-monster-book-1-tenor-saxophone-2.pdf
    • http://www.gorillawalker.com/capriccio-study-score-faber-edition.pdf
    • http://www.gorillawalker.com/sanibel-joe-s-songbook.pdf
    • http://www.gorillawalker.com/mustangs-and-cow-horses.pdf
    • http://www.gorillawalker.com/inferno-new-perdition-s-gate-omnibus-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/zen-mind-beginner-s-mind-kindle-edition.pdf
    • http://www.gorillawalker.com/hesiod-volume-i-theogony-works-and-days-testimonia-loeb-classical.pdf
    • http://www.gorillawalker.com/the-criminals-of-islam.pdf
    • http://www.gorillawalker.com/big-bk-real-trains.pdf
    • http://www.gorillawalker.com/human-factors-in-the-training-of-pilots.pdf
    • http://www.gorillawalker.com/mary-mcleod-bethune-in-florida-bringing-social-justice-to-the.pdf
    • http://www.gorillawalker.com/principles-of-airport-economics.pdf
    • http://www.gorillawalker.com/le-reve-des-nuages-2016-admirons-ensemble-la-magie-etheree.pdf
    • http://www.gorillawalker.com/the-trinity-i-5-works-of-saint-augustine-a-translation.pdf
    • http://www.gorillawalker.com/documents-annexed-to-the-argument-of-costa-rica-scholar-s.pdf
    • http://www.gorillawalker.com/candlestick-and-pivot-point-trading-triggers-cd-rom-setups-for.pdf
    • http://www.gorillawalker.com/electricity-principles-and-applications-basic-skills-in-electricity-and-electronics.pdf
    • http://www.gorillawalker.com/concise-practical-surveying-general-techniques.pdf
    • http://www.gorillawalker.com/large-hand-puppet-book-snow-white.pdf
    • http://www.gorillawalker.com/intermediate-algebra-for-college-students-custom-edition-for-diablo-valley.pdf
    • http://www.gorillawalker.com/st-mark-s-basilica-in-venice.pdf
    • http://www.gorillawalker.com/az-revenge-of-an-archangel-volume-1.pdf
    • http://www.gorillawalker.com/black-girl-daydreamin-extended-edition.pdf
    • http://www.gorillawalker.com/horse-housing-how-to-plan-build-and-remodel-barns-and.pdf
    • http://www.gorillawalker.com/friday-night-3-rochelle.pdf
    • http://www.gorillawalker.com/our-new-baby-calendar.pdf
    • http://www.gorillawalker.com/motivation-theories-and-principles-5th-edition.pdf
    • http://www.gorillawalker.com/gymnastricks-targeted-muscle-training-for-dogs.pdf
    • http://www.gorillawalker.com/delectable-collectable-a-nerdy-erotica.pdf
    • http://www.gorillawalker.com/ecstatic-transformation-transpersonal-psychology-in-the-work-of-mechthild-of.pdf
    • http://www.gorillawalker.com/estrategias-del-deseo-poesia-poetry-spanish-edition.pdf
    • http://www.gorillawalker.com/magic-shifts-kate-daniels-book-8.pdf
    • http://www.gorillawalker.com/sanibel-joe-s-songb
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.