Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8d3d71c3cf2d0c2…

MALICIOUS

PDF

40.5 KB Created: 2018-11-30 20:09:12 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: 30bb1158fb50e1cf22a65a7ca85281c5 SHA-1: 0999ab5c1833b872a61e5b3732acd1e510239454 SHA-256: a8d3d71c3cf2d0c22eb27e6b23b20b966b2ce06865eed0664982edf7f2b3fdc6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1566.002 Spearphishing Link

The PDF contains a large number of embedded links to other PDF files hosted on www.gorillawalker.com. This behavior is indicative of a PDF_SEO_LINK_FARM heuristic firing, suggesting the document is part of a scheme to manipulate search engine results or distribute content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/title-woman-and-labour.pdf
    • http://www.gorillawalker.com/the-last-ship-a-novel.pdf
    • http://www.gorillawalker.com/mechanics-of-composite-materials-second-edition-mechanical-and-aerospace-engineering.pdf
    • http://www.gorillawalker.com/biochimica-industriale-enzimi-e-loro-applicazioni-nella-bioindustria-italian-edition.pdf
    • http://www.gorillawalker.com/nova-nephilim-code-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/carving-gunstocks-power-techniques.pdf
    • http://www.gorillawalker.com/how-does-religion-influence-politics-at-issue-series.pdf
    • http://www.gorillawalker.com/macular-disease-practical-strategies-for-living-with-vision-loss.pdf
    • http://www.gorillawalker.com/never-tickle-a-tiger.pdf
    • http://www.gorillawalker.com/by-j-david-spiceland-financial-accounting-3rd-edition-6-10.pdf
    • http://www.gorillawalker.com/two-worlds-one-art-literary-translation-in-russia-and-america.pdf
    • http://www.gorillawalker.com/inteligencia-la-respuesta-creativa-al-ahora-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-tea-british-tea-times.pdf
    • http://www.gorillawalker.com/quick-review-math-handbook-hot-words-hot-topics-book-3.pdf
    • http://www.gorillawalker.com/the-professional-stranger-an-informal-introduction-to-ethnography.pdf
    • http://www.gorillawalker.com/fundamentals-of-global-positioning-system-receivers-a-software-approach.pdf
    • http://www.gorillawalker.com/greek-mathematical-thought-and-the-origin-of-algebra-dover-books.pdf
    • http://www.gorillawalker.com/el-arte-de-la-paz-spanish-edition.pdf
    • http://www.gorillawalker.com/a-separate-war-and-other-stories.pdf
    • http://www.gorillawalker.com/disciplined-for-her-sins-victorian-erotic-romance.pdf
    • http://www.gorillawalker.com/in-the-time-of-knights-i-was-there-books.pdf
    • http://www.gorillawalker.com/let-s-visit-tunisia.pdf
    • http://www.gorillawalker.com/waffen-ss-camouflage-uniforms-post-war-derivatives-europa-militaria.pdf
    • http://www.gorillawalker.com/claire-can-t-lose-making-out-12.pdf
    • http://www.gorillawalker.com/singapore-malaysia-brunei.pdf
    • http://www.gorillawalker.com/official-aston-villa-fc-annual-2014.pdf
    • http://www.gorillawalker.com/elements-of-quantum-mechanics.pdf
    • http://www.gorillawalker.com/through-the-grand-canyon-from-wyoming-to-mexico-signed.pdf
    • http://www.gorillawalker.com/metal-men-marc-rich-and-the-10-billion-scam-kindle.pdf
    • http://www.gorillawalker.com/the-varieties-of-religious-experience-a-study-in-human-nature.pdf
    • http://www.gorillawalker.com/organic-home-remedies-volume-2-the-best-no-prescription-needed.pdf
    • http://www.gorillawalker.com/cupid-s-war-the-true-story-of-a-horse-that.pdf
    • http://www.gorillawalker.com/blood-ties-the-stories-of-five-positive-women.pdf
    • http://www.gorillawalker.com/substituts-de-la-carn-catalan-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/power-snacks.pdf
    • http://www.gorillawalker.com/mail-order-bride-bordello-bride-western-mail-order-brides-book.pdf
    • http://www.gorillawalker.com/leukemia-patients-with-clinical-psychological-intervention-research-chinese-edition.pdf
    • http://www.gorillawalker.com/c-5-0-programmer-s-reference.pdf
    • http://www.gorillawalker.com/modernity-and-self-identity-self-and-society-in-the-late.pdf
    • http://www.gorillawalker.com/the-olympics-50-craziest-stories.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.