Malicious PDF — malware analysis report

Static analysis result for SHA-256 b9e3ddd2e374c6bd…

MALICIOUS

PDF

42.8 KB Created: 2018-12-03 17:45:55 +03:00 Authoring application: Writer (via OpenOffice.org 3.2)
MD5: a4769b32e16e289b116f7a173f74f6c8 SHA-1: 70699a9f70bf1e930b3ec5c989ca6195d83f5c15 SHA-256: b9e3ddd2e374c6bdfc0450d99262ccedffe0588a88e564c04902468e7dcca4bc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aprendiendo-de-latino-america-learning-of-latin-america-el-museo.pdf
    • http://www.gorillawalker.com/thermochemical-conversion-of-biomass-to-liquid-fuels-and-chemicals-rsc.pdf
    • http://www.gorillawalker.com/national-geographic-my-first-pocket-guide-constellations-ng-my-first.pdf
    • http://www.gorillawalker.com/mountain-bike-texas-oklahoma.pdf
    • http://www.gorillawalker.com/by-blood-alone-legion.pdf
    • http://www.gorillawalker.com/property-investment-appraisal.pdf
    • http://www.gorillawalker.com/chemistry-the-molecular-nature-of-matter-and-change-special-edition.pdf
    • http://www.gorillawalker.com/certified-professional-secretary-cps-and-certified-administrative-professional-cap-examination.pdf
    • http://www.gorillawalker.com/living-an-exceptional-life-live-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/medical-insurance-an-integrated-claims-process-approach-with-medical-coding.pdf
    • http://www.gorillawalker.com/virgin-to-the-life.pdf
    • http://www.gorillawalker.com/live-it-again-1959.pdf
    • http://www.gorillawalker.com/fia-management-information-ma1-interactive-text.pdf
    • http://www.gorillawalker.com/san-francisco-coloring-book-maya-filippo.pdf
    • http://www.gorillawalker.com/glued-to-games-how-video-games-draw-us-in-and.pdf
    • http://www.gorillawalker.com/john-lee-hooker-a-blues-legend.pdf
    • http://www.gorillawalker.com/commanding-the-red-army-s-sherman-tanks-the-world-war.pdf
    • http://www.gorillawalker.com/symbian-os-c-for-mobile-phones-programming-with-extended-functionality.pdf
    • http://www.gorillawalker.com/grandpa-tell-me-your-memories.pdf
    • http://www.gorillawalker.com/naked-in-the-rain.pdf
    • http://www.gorillawalker.com/you-can-make-more-money-the-more-money-book.pdf
    • http://www.gorillawalker.com/modeling-of-steelmaking-processes.pdf
    • http://www.gorillawalker.com/the-smartest-money-book-you-ll-ever-read-everything-you.pdf
    • http://www.gorillawalker.com/shapes-chunky-board-books.pdf
    • http://www.gorillawalker.com/national-geographic-kids-everything-castles-capture-these-facts-photos-and.pdf
    • http://www.gorillawalker.com/holy-spirit-come-bring-your-supernatural-power-to-equip-and.pdf
    • http://www.gorillawalker.com/a-world-on-the-move-the-portuguese-in-africa-asia.pdf
    • http://www.gorillawalker.com/bridge-deck-analysis-second-edition.pdf
    • http://www.gorillawalker.com/history-of-xerxes-the-great.pdf
    • http://www.gorillawalker.com/get-started-in-writing-science-fiction-and-fantasy-teach-yourself.pdf
    • http://www.gorillawalker.com/dream-city-vancouver-and-the-global-imagination.pdf
    • http://www.gorillawalker.com/copahue-caviahue-hiking-map-argentina-1-75-000.pdf
    • http://www.gorillawalker.com/do-cool-sh-t-quit-your-day-job-start-your.pdf
    • http://www.gorillawalker.com/a-guide-to-the-birds-and-mammals-of-coastal-patagonia.pdf
    • http://www.gorillawalker.com/pressure-cooker-recipes-for-a-flat-belly-and-indian-recipes.pdf
    • http://www.gorillawalker.com/hybrid-tribunals-a-comparative-examination-springer-series-on-international-justice.pdf
    • http://www.gorillawalker.com/my-brother-my-enemy.pdf
    • http://www.gorillawalker.com/snooker-legends-and-where-are-they-now.pdf
    • http://www.gorillawalker.com/falling-in-love.pdf
    • http://www.gorillawalker.com/jordan-stake-history-of-stake-and-directory-of-stake-and.pdf
    • http://www.gorillawalker.com/certified-professional-secretary-cps-and-certified-administrative-prof
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.