Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5032ab7fec0c28c…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 08:10:50 +03:00 Authoring application: Microsoft® Word 2013
MD5: a6730c585b911ed8e72c19f372add366 SHA-1: b449de1cd4e2397a9050ba95a2dbeeb59dcb86e7 SHA-256: a5032ab7fec0c28c842dfa40671286c9cdae2ee90a68a48751895986034a4283
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/liderazgo-101-lo-que-todo-l.pdf
    • http://www.gorillawalker.com/we-can-still-be-friends.pdf
    • http://www.gorillawalker.com/the-official-queen-2016-a3-calendar.pdf
    • http://www.gorillawalker.com/forgiveness-a-bold-choice-for-a-peaceful-heart.pdf
    • http://www.gorillawalker.com/rising-from-deep-places-women-s-lives-and-the-ecology.pdf
    • http://www.gorillawalker.com/epilepsy-a-behavior-medicine-approach-to-assessment-and-treatment-in.pdf
    • http://www.gorillawalker.com/guide-to-normandy-brittany-their-celtic-monuments-ancient-churches-and.pdf
    • http://www.gorillawalker.com/anti-monopoly-law-and-practice-in-china.pdf
    • http://www.gorillawalker.com/lucinda-la-gansa-y-la-venta-de-patio-spanish-edition.pdf
    • http://www.gorillawalker.com/by-lynda-juall-carpenito-rn-msn-crnp-nursing-diagnosis-application.pdf
    • http://www.gorillawalker.com/management-of-habituation-and-food-conditioning-in-the-national-parks.pdf
    • http://www.gorillawalker.com/roane-county-west-virginia-families.pdf
    • http://www.gorillawalker.com/children-s-art-therapy-2007-engagement-calendar.pdf
    • http://www.gorillawalker.com/a-priest-in-the-home.pdf
    • http://www.gorillawalker.com/the-invitation-only-zone-the-true-story-of-north-korea.pdf
    • http://www.gorillawalker.com/summer-of-the-viking.pdf
    • http://www.gorillawalker.com/sherlock-the-sign-of-three-scholastic-readers.pdf
    • http://www.gorillawalker.com/visceral-and-obstetric-osteopathy-1e-by-caroline-stone-dec-28.pdf
    • http://www.gorillawalker.com/what-is-god-an-investigation-of-the-perfections-of-god.pdf
    • http://www.gorillawalker.com/self-publishing-books-101-a-step-by-step-guide-to.pdf
    • http://www.gorillawalker.com/lip-flexibilities-for-all-brass-instruments-by-bai-lin-1996.pdf
    • http://www.gorillawalker.com/the-goodnight-kiss-collectors-edition-fear-street-includes-2-super.pdf
    • http://www.gorillawalker.com/murphy-s-sleep-to-get-you-get-rich-money-and.pdf
    • http://www.gorillawalker.com/fortran.pdf
    • http://www.gorillawalker.com/human-capital-management-achieving-added-value-through-people.pdf
    • http://www.gorillawalker.com/the-casualty-issue-in-american-military-practice-the-impact-of.pdf
    • http://www.gorillawalker.com/deliverance-defiance-trilogy.pdf
    • http://www.gorillawalker.com/environments-for-multi-agent-systems-iv-4th-international-workshop-e4mas.pdf
    • http://www.gorillawalker.com/easter-1916-the-irish-rebellion.pdf
    • http://www.gorillawalker.com/doing-plays-for-a-change.pdf
    • http://www.gorillawalker.com/the-psychology-of-politicians.pdf
    • http://www.gorillawalker.com/preaching-islamic-revival-amr-khaled-mass-media-and-social-change.pdf
    • http://www.gorillawalker.com/morphosemantic-number-from-kiowa-noun-classes-to-ug-number-features.pdf
    • http://www.gorillawalker.com/the-cello-of-mr-o.pdf
    • http://www.gorillawalker.com/the-genus-epimedium-and-other-herbaceous-berberidaceae-a-botanical-magazine.pdf
    • http://www.gorillawalker.com/awareness-through-movement-easy-to-do-health-exercises-to-improve.pdf
    • http://www.gorillawalker.com/constructing-the-coens-from-blood-simple-to-inside-llewyn-davis.pdf
    • http://www.gorillawalker.com/eiskunstlauf-basics-german-edition.pdf
    • http://www.gorillawalker.com/trinity-rock-pop-exams-bass-grade-6.pdf
    • http://www.gorillawalker.com/introduction-to-medical-surgical-nursing-3e.pdf
    • http://www.gorillawalker.com/epileps
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.