Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4b939fee278cbf5…

MALICIOUS

PDF

33.9 KB Created: 2019-11-23 19:48:32 +03:00 Authoring application: Word (via Mac OS X 10.4.2 Quartz PDFContext)
MD5: c366399361e6d15ad014be81773d678b SHA-1: 782f592e15cd52baeefc8b0a5acb9300dc17f2c8 SHA-256: a4b939fee278cbf59187afa627665a3e108e5910cbc0c319b3219f1256fdeaea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass link farm, suggesting the document's primary purpose is to host these links. No scripts were extracted from this sample. The links themselves do not appear to be malicious based on reputation, but the sheer volume and nature of the link farm point towards a malicious intent, likely for SEO manipulation or as a precursor to a more targeted attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mcquail-s-reader-in-mass-communication-theory.pdf
    • http://www.gorillawalker.com/mazeppa-symphonic-poem-no-6-study-score.pdf
    • http://www.gorillawalker.com/think-like-jesus-lead-like-moses-leadership-lessons-from-the.pdf
    • http://www.gorillawalker.com/pininfarina.pdf
    • http://www.gorillawalker.com/in-search-of-the-wild.pdf
    • http://www.gorillawalker.com/the-reno-court-of-inquiry-abstract-of-the-official-record.pdf
    • http://www.gorillawalker.com/trade-policy-in-developing-countries.pdf
    • http://www.gorillawalker.com/3-seconds-to-being-your-higher-self-a-guide-to.pdf
    • http://www.gorillawalker.com/aqa-chemistry-workbook-and-answers-2012-exams-only-letts-gcse.pdf
    • http://www.gorillawalker.com/the-edge-of-when.pdf
    • http://www.gorillawalker.com/quantitative-trait-loci-analysis-in-animals-cabi-publishing.pdf
    • http://www.gorillawalker.com/seven-living-splendors-venice-rome-paris-new-york-tel-aviv.pdf
    • http://www.gorillawalker.com/tropical-hemato-oncology.pdf
    • http://www.gorillawalker.com/from-vanderhoof-to-lower-post.pdf
    • http://www.gorillawalker.com/tomorrow-s-synagogue-today-creating-vibrant-centers-of-jewish-life.pdf
    • http://www.gorillawalker.com/aeschylus-the-complete-plays-vol-ii.pdf
    • http://www.gorillawalker.com/k-r-1924-1925-and-1926-1924-kammer-and-reinhardt.pdf
    • http://www.gorillawalker.com/hung-by-the-tongue-french-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/art-of-the-brooklyn-bridge-a-visual-history-kindle-edition.pdf
    • http://www.gorillawalker.com/in-a-pickle.pdf
    • http://www.gorillawalker.com/catalytic-asymmetric-synthesis-second-edition.pdf
    • http://www.gorillawalker.com/a-thug-s-charm-5.pdf
    • http://www.gorillawalker.com/activities-for-older-people-in-care-homes-a-handbook-for.pdf
    • http://www.gorillawalker.com/hearing-the-whole-story-the-politics-of-plot-in-mark.pdf
    • http://www.gorillawalker.com/increasing-psychological-well-being-in-clinical-and-educational-settings-interventions.pdf
    • http://www.gorillawalker.com/wiley-gaap-for-governments-2004-interpretation-and-application-of-generally.pdf
    • http://www.gorillawalker.com/the-deliberate-corruption-of-climate-science-kindle-edition.pdf
    • http://www.gorillawalker.com/a-joint-venture-partnership-corporate-tax-practice-korean-edition.pdf
    • http://www.gorillawalker.com/historical-atlas-of-the-united-states.pdf
    • http://www.gorillawalker.com/catholic-women-writers-a-bio-bibliographical-sourcebook.pdf
    • http://www.gorillawalker.com/fertility-conception-pregnancy-boost-your-chance-of-success-hypnosis-cd.pdf
    • http://www.gorillawalker.com/the-turning-book-1-what-curiosity-kills.pdf
    • http://www.gorillawalker.com/software-fault-tolerance-techniques-and-implementation-artech-house-computing-library.pdf
    • http://www.gorillawalker.com/new-york-mets-101-my-first-team-board-book.pdf
    • http://www.gorillawalker.com/used-mitsubishi-space-star-buyer-s-guide-1999-present.pdf
    • http://www.gorillawalker.com/simply-salads-more-than-100-creative-recipes-you-can-make.pdf
    • http://www.gorillawalker.com/an-optimist-s-tour-of-the-future-one-curious-man.pdf
    • http://www.gorillawalker.com/fraud-casebook-lessons-from-the-bad-side-of-business.pdf
    • http://www.gorillawalker.com/indian-flavours.pdf
    • http://www.gorillawalker.com/thai-for-lovers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.