Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad4a5843fadf221c…

MALICIOUS

PDF

42.6 KB Created: 2018-12-02 20:09:55 +03:00 Authoring application: Microsoft® Word 2016
MD5: 4625cb415c29f0cf1da4a5212b93833c SHA-1: 83625bb2dd1dd25e985b16c8840fbe36a2bd6b80 SHA-256: ad4a5843fadf221cc1db4a4af61eafcbcdfe7f1e0db41f1d721a52f6f3327d86
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the 'gorillawalker.com' domain. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to serve as a distribution point for other malicious content, rather than a direct exploit within the PDF itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/design-of-clothing-manufacturing-processes-a-systematic-approach-to-planning.pdf
    • http://www.gorillawalker.com/el-efecto-mourinho-tierra-quemada-fuera-de-colecci.pdf
    • http://www.gorillawalker.com/on-the-path-to-genocide-armenia-and-rwanda-re-examined.pdf
    • http://www.gorillawalker.com/easy-paleo-italian-recipes-healthy-and-authentic-paleo-italian-recipes.pdf
    • http://www.gorillawalker.com/winning-teenagers-over-in-home-and-school-a-manual-for.pdf
    • http://www.gorillawalker.com/the-royal-governor-and-the-duchess-the-duke-and-duchess.pdf
    • http://www.gorillawalker.com/healing-your-family-tree.pdf
    • http://www.gorillawalker.com/the-new-york-city-bucket-list-50-places-you-have.pdf
    • http://www.gorillawalker.com/anarchism-today-studies-in-comparative-politics.pdf
    • http://www.gorillawalker.com/dungeonscape-an-essential-guide-to-dungeon-adventuring-dungeons-dragons-d20.pdf
    • http://www.gorillawalker.com/el-choclo-tango-sheet-music-select-edition-for-two-mandolins.pdf
    • http://www.gorillawalker.com/libro-de-actividades-del-abrazo-magico-del-arcoiris-spanish-edition.pdf
    • http://www.gorillawalker.com/breaking-free-from-a-negative-self-image-finding-god-s.pdf
    • http://www.gorillawalker.com/vocal-score-in-windsor-forest-a-cantata-adapted-from-the.pdf
    • http://www.gorillawalker.com/the-affair-a-jack-reacher-novel.pdf
    • http://www.gorillawalker.com/the-circle-cubed-erecting-the-temple-in-four-dimensions.pdf
    • http://www.gorillawalker.com/they-came-by-ship-the-stories-of-the-calitrani-immigrants.pdf
    • http://www.gorillawalker.com/into-abba-s-arms-aacc-library.pdf
    • http://www.gorillawalker.com/suite-for-two-cellos-and-piano-gian-carlo-menotti.pdf
    • http://www.gorillawalker.com/the-mountains-to-sea-trail-western-north-carolina-s-majestic.pdf
    • http://www.gorillawalker.com/souvenir-du-passe-part-s-heritage-of-the-cornet.pdf
    • http://www.gorillawalker.com/miki.pdf
    • http://www.gorillawalker.com/snake-and-sword.pdf
    • http://www.gorillawalker.com/riding-academy.pdf
    • http://www.gorillawalker.com/leopoldo-zea-from-mexicanidad-to-a-philosophy-of-history.pdf
    • http://www.gorillawalker.com/transpersonal-hypnotherapy-gateway-to-body-mind-and-spirit-paperback-2010.pdf
    • http://www.gorillawalker.com/not-his-type-the-women-of-tenacity-volume-3.pdf
    • http://www.gorillawalker.com/marconi-great-scientists.pdf
    • http://www.gorillawalker.com/achieving-business-success-through-powerful-design-marketing-your-questions-answered.pdf
    • http://www.gorillawalker.com/desktop-digital-video.pdf
    • http://www.gorillawalker.com/the-complete-networker.pdf
    • http://www.gorillawalker.com/city-of-light-city-of-dark-exploring-paris-below.pdf
    • http://www.gorillawalker.com/get-started-in-dutch-a-tech-yourself-program-with-audio.pdf
    • http://www.gorillawalker.com/teacher-s-pet-naughty-tutoring-school-taboo-older-man-younger.pdf
    • http://www.gorillawalker.com/graph-paper-art-graph-art-s.pdf
    • http://www.gorillawalker.com/lab-manual-for-emmons-turfgrass-science-and-management-4th.pdf
    • http://www.gorillawalker.com/louise-loves-art.pdf
    • http://www.gorillawalker.com/the-sexual-theologian-essays-on-sex-god-and-politics-queering.pdf
    • http://www.gorillawalker.com/bmw-m3-the-complete-story.pdf
    • http://www.gorillawalker.com/smart-start-in-connecticut-smartstart-oasis-press.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.