Malicious PDF — malware analysis report

Static analysis result for SHA-256 9cccd04b23970a19…

MALICIOUS

PDF

42.8 KB Created: 2018-12-14 10:24:14 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: e3c19a5718738561edcc9a355fede169 SHA-1: b159feba71741cd070a69bdb14f248d2b8c1c73d SHA-256: 9cccd04b23970a19ac556715a1080492d15548c3b5052722d44cffdbc328feb4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs suggest a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, to unsuspecting users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-golden-age-of-shotgunning.pdf
    • http://www.gorillawalker.com/large-power-steam-turbines-design-and-operation-vol-2.pdf
    • http://www.gorillawalker.com/the-narrative-modes-techniques-of-the-short-story.pdf
    • http://www.gorillawalker.com/man-of-the-year-pb.pdf
    • http://www.gorillawalker.com/the-lore-of-spices-their-history-nature-and-uses.pdf
    • http://www.gorillawalker.com/street-rhyme-and-riffs.pdf
    • http://www.gorillawalker.com/mugs-of-love-kindle-edition.pdf
    • http://www.gorillawalker.com/life-in-a-dolphin-pod-dolphin-worlds.pdf
    • http://www.gorillawalker.com/when-you-comin-back-red-ryder.pdf
    • http://www.gorillawalker.com/finding-france-western-provence.pdf
    • http://www.gorillawalker.com/second-edition-consumer-law-2010-isbn-4887309694-japanese-import.pdf
    • http://www.gorillawalker.com/the-mercenary-s-tale-in-the-company-of-men-book.pdf
    • http://www.gorillawalker.com/ecopreneurs.pdf
    • http://www.gorillawalker.com/ultimate-questions.pdf
    • http://www.gorillawalker.com/flames-across-the-border-1813-1814.pdf
    • http://www.gorillawalker.com/signing-naturally-teacher-s-curriculum-guide-level-one-vista-curriculum.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-prepping-45-survival-tips-for-beginners.pdf
    • http://www.gorillawalker.com/the-survey-of-american-lawyers-at-major-law-firms-view.pdf
    • http://www.gorillawalker.com/apologia-exploring-creation-with-biology-vocabulary-word-flash-cards-2nd.pdf
    • http://www.gorillawalker.com/work-and-pay-in-20th-century-britain.pdf
    • http://www.gorillawalker.com/accelerate-building-strategic-agility-for-a-faster-moving-world-kindle.pdf
    • http://www.gorillawalker.com/attack-of-the-mutant-goosebumps.pdf
    • http://www.gorillawalker.com/razi-crossing.pdf
    • http://www.gorillawalker.com/spider-webb-s-classic-tattoo-flash-2-bk-2.pdf
    • http://www.gorillawalker.com/contemporary-hong-kong-politics-governance-in-the-post-1997-era.pdf
    • http://www.gorillawalker.com/zombie-town.pdf
    • http://www.gorillawalker.com/the-wood-felling-the-raid-and-other-stories-russian-edition.pdf
    • http://www.gorillawalker.com/andrew-mason-and-groupon-internet-biographies.pdf
    • http://www.gorillawalker.com/evaluating-technology-in-teacher-education-lessons-from-the-preparing-tomorrow.pdf
    • http://www.gorillawalker.com/the-badminton-magazine-of-sports-and-pastimes-volume-xxxviii.pdf
    • http://www.gorillawalker.com/instant-parties-everything-you-need-for-great-spur-of-the.pdf
    • http://www.gorillawalker.com/attention-deficit-hyperactivity-disorder-adhd-pipeline-review-q4-2010-download.pdf
    • http://www.gorillawalker.com/the-small-business-marketing-bible-work-less-and-boom-your.pdf
    • http://www.gorillawalker.com/war-wings-films-of-the-first-air-war-second-book.pdf
    • http://www.gorillawalker.com/a-geography-of-new-hampshire-with-a-new-map-of.pdf
    • http://www.gorillawalker.com/boys-in-the-pits-child-labour-in-coal-mines.pdf
    • http://www.gorillawalker.com/the-holiness-pentecostal-movement-a-comprehensive-guide-atla-bibliography-series.pdf
    • http://www.gorillawalker.com/the-domestic-rabbit.pdf
    • http://www.gorillawalker.com/seashells-note-pad.pdf
    • http://www.gorillawalker.com/fire-mountains-of-the-west-the-cascade-and-mono-lake.pdf
    • http://www.gorillawalker.com/the-lore-of-spices-their-histor
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.