Malicious PDF — malware analysis report

Static analysis result for SHA-256 a37122d538a60caa…

MALICIOUS

PDF

40.9 KB Created: 2019-03-16 12:58:54 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT) First seen: 2019-04-17
MD5: 88195e739785b8f8651739a4ac163bea SHA-1: 96d3a612ed6cbab6f2c8f7705bfa6d96e593749e SHA-256: a37122d538a60caa95a98cc2362c917f9ba9e22d011db5321be19721586553e0
92 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/manhattan-gateway-new-york-s-pennsylvania-station-golden-years-of.pdf In PDF document text
    • http://www.gorillawalker.com/lire-davantage-evaluation-pack-b.pdfIn PDF document text
    • http://www.gorillawalker.com/clinical-advances-in-cognitive-psychotherapy-theory-an-application.pdfIn PDF document text
    • http://www.gorillawalker.com/we-come-as-eagles-mahanta-transcript-mahanta-transcripts.pdfIn PDF document text
    • http://www.gorillawalker.com/masters-masterpieces-of-iranian-cinema.pdfIn PDF document text
    • http://www.gorillawalker.com/skydiving-dogs-dog-heroes.pdfIn PDF document text
    • http://www.gorillawalker.com/into-the-light-the-projected-image-in-american-art-1964.pdfIn PDF document text
    • http://www.gorillawalker.com/powder-river.pdfIn PDF document text
    • http://www.gorillawalker.com/fisherman-jack-s-secret.pdfIn PDF document text
    • http://www.gorillawalker.com/the-wedding-day-collection.pdfIn PDF document text
    • http://www.gorillawalker.com/communication-scenarios-for-the-mrcpch-and-dch-clinical-exams-masterpass.pdfIn PDF document text
    • http://www.gorillawalker.com/karate-for-children-basics.pdfIn PDF document text
    • http://www.gorillawalker.com/the-films-of-rene-clair-exposition-and-analysis-documentation.pdfIn PDF document text
    • http://www.gorillawalker.com/churchill-livingstone-s-dictionary-of-nursing-19e.pdfIn PDF document text
    • http://www.gorillawalker.com/color-photography-1973.pdfIn PDF document text
    • http://www.gorillawalker.com/duff-cooper.pdfIn PDF document text
    • http://www.gorillawalker.com/they-called-me-number-one-secrets-and-survival-at-an.pdfIn PDF document text
    • http://www.gorillawalker.com/history-of-magic-and-experimental-science-vol-6.pdfIn PDF document text
    • http://www.gorillawalker.com/the-bond-markets-1995-a-desktop-reference-to-world-debt.pdfIn PDF document text
    • http://www.gorillawalker.com/quantum-evolution-the-new-science-of-life.pdfIn PDF document text
    • http://www.gorillawalker.com/melissa-forney-s-picture-speller-for-young-writers.pdfIn PDF document text
    • http://www.gorillawalker.com/cowboy-boots.pdfIn PDF document text
    • http://www.gorillawalker.com/perilous-waters-love-inspired-suspense.pdfIn PDF document text
    • http://www.gorillawalker.com/virgil-new-surveys-in-the-classics-no-28.pdfIn PDF document text
    • http://www.gorillawalker.com/a-village-christmas-20-exquisite-punch-out-ornaments.pdfIn PDF document text
    • http://www.gorillawalker.com/in-search-of-mind-essays-in-autobiography-alfred-p-sloan.pdfIn PDF document text
    • http://www.gorillawalker.com/committed-styles-modernism-politics-and-left-wing-literature-in-the.pdfIn PDF document text
    • http://www.gorillawalker.com/on-the-tracks-of-007.pdfIn PDF document text
    • http://www.gorillawalker.com/colours-of-nature-botanical-painting.pdfIn PDF document text
    • http://www.gorillawalker.com/cardboard-turtleback-school-library-binding-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/ear-the-eye-and-the-arm.pdfIn PDF document text
    • http://www.gorillawalker.com/how-to-prepare-for-the-act-assessment.pdfIn PDF document text
    • http://www.gorillawalker.com/21st-century-ultimate-medical-guide-to-acne-authoritative-practical-clinical.pdfIn PDF document text
    • http://www.gorillawalker.com/garden-wigglers-earthworms-in-your-backyard-backyard-bugs.pdfIn PDF document text
    • http://www.gorillawalker.com/national-geographic-september-1960-vol-118-no-3.pdfIn PDF document text
    • http://www.gorillawalker.com/the-stalking-of-eve.pdfIn PDF document text
    • http://www.gorillawalker.com/arcade-mania-the-turbo-charged-world-of-japan-s-game.pdfIn PDF document text
    • http://www.gorillawalker.com/laminated-vienna-city-streets-map-by-borch-english-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/ghana-s-concert-party-theatre.pdfIn PDF document text
    • http://www.gorillawalker.com/the-end-times-controversy-the-second-coming-under-attack-tim.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_001_off00000c97.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xC97 16675 bytes
SHA-256: ed691336da286426e19a4961fd9ba341dcb2c99824295707f40cf61d8eeed051