Malicious PDF — malware analysis report

Static analysis result for SHA-256 a7ea4e018b98d3b4…

MALICIOUS

PDF

44.8 KB Created: 2018-12-15 20:18:23 +03:00 Authoring application: Word (via Mac OS X 10.8.4 Quartz PDFContext)
MD5: 9073005468ece35b072b6d2eb5af7d88 SHA-1: 3dedc765bf99f7d8e1dd2f5dd67c6b21eb34d376 SHA-256: a7ea4e018b98d3b47bba1e7b4671cc1939ec26099f43cfa91249fcc61c921278
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body, though heavily obfuscated, contains URLs pointing to a single domain, suggesting a coordinated effort to redirect users. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chemistry-and-chemical-taxonomy-of-the-rutales-annual-preceedings-of.pdf
    • http://www.gorillawalker.com/reinvesting-in-america-the-grassroots-movements-that-are-feeding-the.pdf
    • http://www.gorillawalker.com/the-strange-case-of-hellish-nell-the-true-story-of.pdf
    • http://www.gorillawalker.com/backwater.pdf
    • http://www.gorillawalker.com/last-first-kiss.pdf
    • http://www.gorillawalker.com/beginning-cellist-s-songbook.pdf
    • http://www.gorillawalker.com/parameters-of-care-for-oral-and-maxillofacial-surgery-a-guide.pdf
    • http://www.gorillawalker.com/family-familie-bilingual-first-books-english-and-german-edition.pdf
    • http://www.gorillawalker.com/me-too.pdf
    • http://www.gorillawalker.com/the-devil-in-the-marshalsea.pdf
    • http://www.gorillawalker.com/elements-of-planting-design.pdf
    • http://www.gorillawalker.com/f-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/electrician-s-guide-to-control-and-monitoring-systems-installation-troubleshooting.pdf
    • http://www.gorillawalker.com/sourcebook-for-political-communication-research-methods-measures-and-analytical-techniques.pdf
    • http://www.gorillawalker.com/solar-eclipse-monitoring-for-solar-energy-applications-using-the-solar.pdf
    • http://www.gorillawalker.com/the-boss-s-bedroom-agenda-harlequin-comics.pdf
    • http://www.gorillawalker.com/spinoza-s-revolutions-in-natural-law.pdf
    • http://www.gorillawalker.com/an-italic-calligraphy-handbook.pdf
    • http://www.gorillawalker.com/in-the-lion-s-shadow-the-iranian-schindler-and-his.pdf
    • http://www.gorillawalker.com/alexandre-hogue-an-american-visionary-paintings-and-works-on-paper.pdf
    • http://www.gorillawalker.com/roulettechess-a-technology-of-systems-play-for-roulette-kindle-edition.pdf
    • http://www.gorillawalker.com/human-resource-management-for-the-hospitality-and-tourism-industries.pdf
    • http://www.gorillawalker.com/chapter-3-fast-file-physical-activity-and-fitness-glencoe-teen.pdf
    • http://www.gorillawalker.com/steck-vaughn-focus-on-science-student-edition-level-c.pdf
    • http://www.gorillawalker.com/the-99-critical-shots-in-pool.pdf
    • http://www.gorillawalker.com/lonergan-outstanding-christian-thinkers.pdf
    • http://www.gorillawalker.com/losing-emily-a-journey-through-stillbirth-to-finding-peace-and.pdf
    • http://www.gorillawalker.com/mysteries-of-the-last-days-kindle-edition.pdf
    • http://www.gorillawalker.com/alfred-s-teach-yourself-to-play-harmonica-bk-cd.pdf
    • http://www.gorillawalker.com/rbrvs-payment-calculator-2007.pdf
    • http://www.gorillawalker.com/basic-refrigeration-and-air-conditioning.pdf
    • http://www.gorillawalker.com/from-felt-to-fabric-new-techniques-in-nuno-felting.pdf
    • http://www.gorillawalker.com/happy-baby-words-bilingual-soft-to-touch-spanish-edition.pdf
    • http://www.gorillawalker.com/the-zofingia-lectures-collected-works-of-c-g-jung.pdf
    • http://www.gorillawalker.com/the-berenstain-bears-mother-s-day-blessings-berenstain-bears-living.pdf
    • http://www.gorillawalker.com/aging-aircraft-repair-replacement-decisions-with-depot-level-capacity-as.pdf
    • http://www.gorillawalker.com/the-w-e-t-workout-water-exercises-and-techniques-to.pdf
    • http://www.gorillawalker.com/kitty-kitty-bang-bang-a-novel-zane-presents.pdf
    • http://www.gorillawalker.com/cluster-algebra-and-poisson-geometry-mathematical-surveys-and-monographs.pdf
    • http://www.gorillawalker.com/neuroanatomy-through-clinical-cases-second-edition.pdf
    • http://www.gorillawalker.com/parameters-of-care-for-oral-and-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.