Malicious PDF — malware analysis report

Static analysis result for SHA-256 bc650c6649a16c96…

MALICIOUS

PDF

33.1 KB Created: 2020-01-17 19:19:37 +03:00 Authoring application: Writer (via OpenOffice.org 1.1.2)
MD5: 28a31cd7e3f0cbcbc771ae52b0a193e1 SHA-1: b2b5986d3cd08bb74a01ee32809d28394c4c06ae SHA-256: bc650c6649a16c963793c88dde5f686b0c62a1de8fcceb8888205ae20874bc6c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/snapshots-framing-my-life-s-purpose.pdf
    • http://www.gorillawalker.com/the-first-americans-the-pleistocene-colonization-of-the-new-world.pdf
    • http://www.gorillawalker.com/21st-century-master-guide-to-veterans-benefits-and-the-va.pdf
    • http://www.gorillawalker.com/child-abuse-and-neglect-a-clinician-s-handbook-2e.pdf
    • http://www.gorillawalker.com/i-am-friendly-character-values.pdf
    • http://www.gorillawalker.com/minecraft-finding-the-portal-minecraft-stories-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-transmigration-of-timothy-archer-the-transmigration-of-timothy-archer.pdf
    • http://www.gorillawalker.com/post-traumatic-slave-syndrome.pdf
    • http://www.gorillawalker.com/global-health-and-international-relations.pdf
    • http://www.gorillawalker.com/breaking-vegan-one-woman-s-journey-from-veganism-and-extreme.pdf
    • http://www.gorillawalker.com/junqueira-s-basic-histology-text-atlas.pdf
    • http://www.gorillawalker.com/mobile-persuasion-design-changing-behaviour-by-combining-persuasion-design-with.pdf
    • http://www.gorillawalker.com/italian-neighbors.pdf
    • http://www.gorillawalker.com/american-and-foreign-stock-exchange-practice-stock-and-bond-trading.pdf
    • http://www.gorillawalker.com/alif-21-lyrical-phenomenon-journal-of-comparative-poetics-number-21.pdf
    • http://www.gorillawalker.com/black-decker-trim-finish-carpentry-with-dvd-2nd-edition-tips.pdf
    • http://www.gorillawalker.com/behaviour-handling-of-s.pdf
    • http://www.gorillawalker.com/simply-heavenly-the-monastery-vegetarian-cookbook.pdf
    • http://www.gorillawalker.com/sketching-and-drawing-bible-artist-s-bibles.pdf
    • http://www.gorillawalker.com/literature-across-cultures-2009-mla-update-5th-edition.pdf
    • http://www.gorillawalker.com/tax-policy-theory-and-practice-in-oecd-countries.pdf
    • http://www.gorillawalker.com/co-morbidities-in-heart-failure-an-issue-of-heart-failure.pdf
    • http://www.gorillawalker.com/pediatric-practice-sports-medicine.pdf
    • http://www.gorillawalker.com/arilla-sun-down-kindle-edition.pdf
    • http://www.gorillawalker.com/volando-colombia-paisajes-spanish-edition.pdf
    • http://www.gorillawalker.com/lonely-planet-honduras-the-bay-islands-country-travel-guide.pdf
    • http://www.gorillawalker.com/moods-of-africa-kindle-edition.pdf
    • http://www.gorillawalker.com/price-action-trading-revealed-shocking-dirty-secrets-and-weird-secret.pdf
    • http://www.gorillawalker.com/missing-links-discovered-in-assyrian-tablets.pdf
    • http://www.gorillawalker.com/dungeons-dragons-classics-volume-2.pdf
    • http://www.gorillawalker.com/the-chap-almanac-an-esoterick-yearbook-for-the-decadent-gentleman.pdf
    • http://www.gorillawalker.com/but-enough-about-me-how-a-small-town-girl-went.pdf
    • http://www.gorillawalker.com/make-mine-a-ranger-special-ops-homefront-book-4-kindle.pdf
    • http://www.gorillawalker.com/schumann-robert-fantasy-pieces-op-73-for-cello-and-piano.pdf
    • http://www.gorillawalker.com/stars-and-planets.pdf
    • http://www.gorillawalker.com/implant-restorations-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/public-relations-the-profession-and-the-practice.pdf
    • http://www.gorillawalker.com/fire-engines-in-north-america.pdf
    • http://www.gorillawalker.com/voting-rites-the-devolution-of-american-politics.pdf
    • http://www.gorillawalker.com/steep-trails.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.