Malicious PDF — malware analysis report

Static analysis result for SHA-256 a925f8537959554f…

MALICIOUS

PDF

42.6 KB Created: 2019-04-11 13:06:23 +03:00 Authoring application: Writer (via OpenOffice.org 1.1.2)
MD5: 6e37a9c71e1a76106a5cd284e7cbdb98 SHA-1: beb84e64dce136b9908c9807d47db4db0d5fdea0 SHA-256: a925f8537959554ff79f3f79adf7a2cb6b17803bbbe8d4bfc947b850bb5e4819
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain www.gorillawalker.com. This behavior is indicative of a PDF_SEO_LINK_FARM heuristic firing, suggesting the document is designed to manipulate search engine results or redirect users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8219

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/miserable-miracle-la-mescaline.pdf
    • http://www.gorillawalker.com/ice-skating-stars-dk-readers.pdf
    • http://www.gorillawalker.com/civilizations-of-ancient-iraq.pdf
    • http://www.gorillawalker.com/model-masters-dragons.pdf
    • http://www.gorillawalker.com/the-giraffe-has-a-long-neck.pdf
    • http://www.gorillawalker.com/the-roman-army-at-war-100-bc-ad-200-oxford.pdf
    • http://www.gorillawalker.com/forget-me-not-an-alzheimer-s-love-story.pdf
    • http://www.gorillawalker.com/fishing-michigan.pdf
    • http://www.gorillawalker.com/freeing-the-innocent-from-bangkok-hilton-to-guantanamo.pdf
    • http://www.gorillawalker.com/current-law-case-citator-2014.pdf
    • http://www.gorillawalker.com/pumafish-abandoned-in-the-arctic.pdf
    • http://www.gorillawalker.com/the-legal-dictionary-for-bad-spellers.pdf
    • http://www.gorillawalker.com/african-smallholders-food-crops-markets-and-policy.pdf
    • http://www.gorillawalker.com/reach-the-top-in-new-home-neighborhood-sales-myers-barnes.pdf
    • http://www.gorillawalker.com/the-united-states-and-torture-interrogation-incarceration-and-abuse.pdf
    • http://www.gorillawalker.com/into-the-light-book-three-of-the-into-the-mists.pdf
    • http://www.gorillawalker.com/the-victory-chimes-photobook-a-week-aboard-the-victory-chimes.pdf
    • http://www.gorillawalker.com/alberto-baraya-jonathan-hern-ndez-natural-disaster.pdf
    • http://www.gorillawalker.com/new-ideas-for-out-of-doors-the-field-and-forest.pdf
    • http://www.gorillawalker.com/holy-family-prayer-book-prayers-for-every-family.pdf
    • http://www.gorillawalker.com/the-lore-of-ireland-an-encyclopaedia-of-myth-legend-and.pdf
    • http://www.gorillawalker.com/ghettoside-a-true-story-of-murder-in-america-kindle-edition.pdf
    • http://www.gorillawalker.com/analyzing-intelligence-national-security-practitioners-perspectives.pdf
    • http://www.gorillawalker.com/bacchae-oberon-classics.pdf
    • http://www.gorillawalker.com/shellfish-safety-and-quality-woodhead-publishing-series-in-food-science.pdf
    • http://www.gorillawalker.com/travel-leisure-world-s-greatest-hotels-resorts-spas-2009-worlds.pdf
    • http://www.gorillawalker.com/combat-survival-life-stories-from-a-purple-heart.pdf
    • http://www.gorillawalker.com/watching-my-doctor-husband-with-younger-women-complete-series-boxed.pdf
    • http://www.gorillawalker.com/politics-of-compromise-coalition-government-in-colombia.pdf
    • http://www.gorillawalker.com/sweden-one-world-many-countries.pdf
    • http://www.gorillawalker.com/precalculus-essentials-2nd-edition.pdf
    • http://www.gorillawalker.com/conflict-in-the-classroom-positive-staff-support-for-troubled-students.pdf
    • http://www.gorillawalker.com/interpretation-of-diagnostic-tests-interpretation-of-diagnostic-tests-wallach.pdf
    • http://www.gorillawalker.com/politics-and-propaganda-weapons-of-mass-seduction.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-peru-rough-guides.pdf
    • http://www.gorillawalker.com/college-mathematics-solving-problems-in-finite-mathematics-and-calculus.pdf
    • http://www.gorillawalker.com/all-about-agile-agile-management-made-easy.pdf
    • http://www.gorillawalker.com/gurps-wwii-world-war-2.pdf
    • http://www.gorillawalker.com/mesoamerican-writing-systems-propaganda-myth-and-history-in-four-ancient.pdf
    • http://www.gorillawalker.com/the-alaska-almanac-facts-about-alaska-28th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.