Malicious PDF — malware analysis report

Static analysis result for SHA-256 b685c034c8a56349…

MALICIOUS

PDF

33.7 KB Created: 2019-12-13 19:41:55 +03:00 Authoring application: Microsoft Word (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 06185e550598c806e02d8e1b773bb8fd SHA-1: 9208486118eb15cd0e8715e00000a18b141935bd SHA-256: b685c034c8a563490f937fffb86599ad2be4f380b4cc2fbc12b55141a96a0fc3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file exhibits a critical heuristic firing for a link farm, containing 32 external links to PDF documents on www.gorillawalker.com. This suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The ML classifier also flagged the PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated and truncated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/foundations-of-empirical-software-engineering-the-legacy-of-victor-r.pdf
    • http://www.gorillawalker.com/aprender-grafologia-learn-graphology-spanish-edition.pdf
    • http://www.gorillawalker.com/let-me-live-class-culture.pdf
    • http://www.gorillawalker.com/typographic-design-form-and-communication.pdf
    • http://www.gorillawalker.com/architectural-maxims-and-theorems-in-elucidation-of-some-of-the.pdf
    • http://www.gorillawalker.com/athens-berlitz-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/iylana-vanzant-living-from-your-center-guided-meditations-for-creating.pdf
    • http://www.gorillawalker.com/air-space-smithsonian-august-2009-apache-ah-mk1-helicopters-used.pdf
    • http://www.gorillawalker.com/all-together-now-improving-cross-sector-collaboration-in-the-uk.pdf
    • http://www.gorillawalker.com/poseidon-earth-shaker-olympians.pdf
    • http://www.gorillawalker.com/asoka.pdf
    • http://www.gorillawalker.com/lucas-the-loner-sons-and-lovers-kindle-edition.pdf
    • http://www.gorillawalker.com/supply-chain-management-based-on-sap-systems.pdf
    • http://www.gorillawalker.com/faces-of-fear-encounters-with-the-creators-of-modern-horror.pdf
    • http://www.gorillawalker.com/work-in-progress.pdf
    • http://www.gorillawalker.com/the-big-blue-book-of-french-verbs-second-edition.pdf
    • http://www.gorillawalker.com/hey-mister-your-menu-s-on-fire-reflections-on-life.pdf
    • http://www.gorillawalker.com/advanced-assessment-and-treatment-of-trauma-aaos.pdf
    • http://www.gorillawalker.com/victor-records-catalog-april-1920.pdf
    • http://www.gorillawalker.com/sharing-brenda-sensual-awakening-volume-2.pdf
    • http://www.gorillawalker.com/let-s-learn-250-words-a-very-first-reading-book.pdf
    • http://www.gorillawalker.com/acoustooptics-and-applications-4th-spring-school-23-27-may-1989.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-great-britain.pdf
    • http://www.gorillawalker.com/pcmkr-classics-romeo-and-juliet-se-96c-pacemaker-classics-series.pdf
    • http://www.gorillawalker.com/bickley-11e-vst-plus-lww-docucare-six-month-access-package.pdf
    • http://www.gorillawalker.com/the-hunter-s-world.pdf
    • http://www.gorillawalker.com/la-belle-saison.pdf
    • http://www.gorillawalker.com/civil-war-cooking-the-union-exploring-history-through-simple-recipes.pdf
    • http://www.gorillawalker.com/the-history-of-pennsylvania-in-north-america-from-the-original.pdf
    • http://www.gorillawalker.com/lana-s-lakota-moons.pdf
    • http://www.gorillawalker.com/moment-musicale-in-f-minor-op-94-no-3-rare.pdf
    • http://www.gorillawalker.com/history-of-early-stone-sculpture-at-mathura-ca-150-bce.pdf
    • http://www.gorillawalker.com/persecution-and-genocide-a-history.pdf
    • http://www.gorillawalker.com/ico-castle-in-the-mist.pdf
    • http://www.gorillawalker.com/the-legal-theory-of-ethical-positivism-applied-legal-philosophy.pdf
    • http://www.gorillawalker.com/the-making-of-national-money-territorial-currencies-in-historical-perspective.pdf
    • http://www.gorillawalker.com/ethnic-groups-of-south-asia-and-the-pacific-an-encyclopedia.pdf
    • http://www.gorillawalker.com/land-of-waters-the-south-american-rainforest-and-savannah.pdf
    • http://www.gorillawalker.com/runner-s-high-2014-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/20-20-project-management-how-to-deliver-on-time-on.pdf
    • http://www.gorillawalker.com/all-together-now-improving-cross
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.