Malicious PDF — malware analysis report

Static analysis result for SHA-256 bab978c2e15c9e0f…

MALICIOUS

PDF

44.1 KB Created: 2018-11-26 20:07:12 +03:00 Authoring application: Microsoft Word (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 9fd96f0ab3945090ec8fa7da1e707a51 SHA-1: 4179304f5fc6282ea2bac7f3bdb6032b80d4b8aa SHA-256: bab978c2e15c9e0fa778f9f66201da1bd058affb7b56873713ecff41fc5c3171
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cpa-ingreso-at-mico-quien-mas-quiere-ganar-mucho-dinero.pdf
    • http://www.gorillawalker.com/second-hand-shock-surviving-and-overcoming-vicarious-trauma.pdf
    • http://www.gorillawalker.com/poor-man-s-new-testament-commentary-vol-1-kindle-edition.pdf
    • http://www.gorillawalker.com/lyrics-from-shelters-world-literature-in-translation.pdf
    • http://www.gorillawalker.com/we-like-to-eat-well.pdf
    • http://www.gorillawalker.com/the-birdcage.pdf
    • http://www.gorillawalker.com/plum-and-posner-s-diagnosis-of-stupor-and-coma-contemporary.pdf
    • http://www.gorillawalker.com/influence-the-new-psychology-of-modern-persuasion.pdf
    • http://www.gorillawalker.com/the-complete-book-of-the-hand.pdf
    • http://www.gorillawalker.com/clever-tortoise.pdf
    • http://www.gorillawalker.com/i-help-on-our-farm-rosen-real-readers-stem-and.pdf
    • http://www.gorillawalker.com/acta-hydrophysica-vol-35-4-german-edition.pdf
    • http://www.gorillawalker.com/it-s-my-state-alabama.pdf
    • http://www.gorillawalker.com/off-with-his-nu-class-publications-presents.pdf
    • http://www.gorillawalker.com/math-connects-concepts-skills-and-problems-solving-course-2-word.pdf
    • http://www.gorillawalker.com/basic-life-support-healthcare-and-professional-rescuers-mh-version.pdf
    • http://www.gorillawalker.com/prostate-hormone-therapy-may-harm-your-heart-have-your-doctor.pdf
    • http://www.gorillawalker.com/god-s-self-confident-daughters-early-christianity-and-the-liberation.pdf
    • http://www.gorillawalker.com/nyotai-ka-volume-2-hentai-manga.pdf
    • http://www.gorillawalker.com/kimberlites-mineralogy-geochemistry-and-petrology.pdf
    • http://www.gorillawalker.com/ilean-21st-century-lean-chapter-7-productivity-kindle-edition.pdf
    • http://www.gorillawalker.com/orchestral-excerpts-from-the-symphonic-repertoire-for-trombone-and-tuba.pdf
    • http://www.gorillawalker.com/microwave-photonics-from-components-to-applications-and-systems.pdf
    • http://www.gorillawalker.com/night-fell-at-harry-s-farm.pdf
    • http://www.gorillawalker.com/take-care-of-yourself-progressive.pdf
    • http://www.gorillawalker.com/a-measure-of-everything-an-illustrated-guide-to-the-science.pdf
    • http://www.gorillawalker.com/new-approaches-to-the-identity-of-parasites-their-vect-intercultural.pdf
    • http://www.gorillawalker.com/double-act.pdf
    • http://www.gorillawalker.com/un-esercito-di-spazzaturai-history-crime-italian-edition.pdf
    • http://www.gorillawalker.com/the-beatles-complete-chord-songbook.pdf
    • http://www.gorillawalker.com/iridology-how-to-discover-your-own-pattern-of-health-and.pdf
    • http://www.gorillawalker.com/historic-washington-arkansas.pdf
    • http://www.gorillawalker.com/string-quartet-1922-set-of-parts-william-walton-edition.pdf
    • http://www.gorillawalker.com/fodor-s-miami-miami-beach-6th-edition-travel-guide.pdf
    • http://www.gorillawalker.com/the-divine-comedy-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/helicopter-instructor-s-handbook-faa-h-8083-4.pdf
    • http://www.gorillawalker.com/222-opening-traps-after-1-d4-progress-in-chess.pdf
    • http://www.gorillawalker.com/ent-secrets.pdf
    • http://www.gorillawalker.com/the-mark-of-mandragora-a-doctor-who-graphic-novel.pdf
    • http://www.gorillawalker.com/nothin-but-net-matt-christopher-s-classics.pdf
    • http://www.gorillawalker.com/we-like-to-eat-w
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.