Malicious PDF — malware analysis report

Static analysis result for SHA-256 c361d5dbe15d9d59…

MALICIOUS

PDF

41.4 KB Created: 2019-04-30 16:29:10 +03:00 Authoring application: Word (via Mac OS X 10.8.4 Quartz PDFContext)
MD5: 02ed2844303433655aa66336a91018ff SHA-1: 74099da225e3aa53e1de89ec72a64dd6b705b661 SHA-256: c361d5dbe15d9d59f3933701c1dae00ca010362b948063bb66a6374860a4a795
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shakespeare-from-the-margins-language-culture-context.pdf
    • http://www.gorillawalker.com/arizona-commission-proposes-far-reaching-changes-to-jury-procedures-arizona.pdf
    • http://www.gorillawalker.com/slave-society-in-cuba-during-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/to-the-end-of-the-rhine.pdf
    • http://www.gorillawalker.com/history-of-the-royal-scots-fusiliers-1678-1918.pdf
    • http://www.gorillawalker.com/prophecy-kindle-edition.pdf
    • http://www.gorillawalker.com/trading-in-memories-travels-through-a-scavenger-s-favorite-places.pdf
    • http://www.gorillawalker.com/kontakte-a-communicative-approach-student-prepack-with-bind-in-card.pdf
    • http://www.gorillawalker.com/real-estate-investing-that-works-a-proven-real-estate-sales.pdf
    • http://www.gorillawalker.com/henkersbraut-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-pill-and-other-forms-of-hormonal-contraception-the-facts.pdf
    • http://www.gorillawalker.com/vikram-seth-s-a-suitable-boy-a-reader-s-guide.pdf
    • http://www.gorillawalker.com/warhammer-tomb-kings-german-edition.pdf
    • http://www.gorillawalker.com/the-point-of-no-return-le-point-de-non-retour.pdf
    • http://www.gorillawalker.com/menil-the-menil-collection-renzo-piano-monographs-english-and-italian.pdf
    • http://www.gorillawalker.com/the-orchid-in-lore-and-legend.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-abridged-for-schools-and-performance.pdf
    • http://www.gorillawalker.com/delay-differential-equations-with-applications-in-population-dynamics.pdf
    • http://www.gorillawalker.com/caramel-cupcakes.pdf
    • http://www.gorillawalker.com/summer-cooking-penguin-cookery-library.pdf
    • http://www.gorillawalker.com/the-moon-resources-future-development-and-colonization-wiley-praxis-series.pdf
    • http://www.gorillawalker.com/handbook-of-spectral-lines-in-diamond-volume-1-tables-and.pdf
    • http://www.gorillawalker.com/1000-low-fat-salt-sugar-cholesterol-healthy-recipes.pdf
    • http://www.gorillawalker.com/modern-carpentry-essential-skills-for-the-building-trades-by-wagner.pdf
    • http://www.gorillawalker.com/dirt-mountain-bike-magazine-no-121.pdf
    • http://www.gorillawalker.com/the-old-testament-apocrypha-an-introduction.pdf
    • http://www.gorillawalker.com/for-love-or-money-nancy-drew-files-kindle-edition.pdf
    • http://www.gorillawalker.com/lightning-s-tale-the-story-of-a-wild-trout.pdf
    • http://www.gorillawalker.com/group-legal-services-generally-and-the-washington-experience.pdf
    • http://www.gorillawalker.com/post-split-america-divided.pdf
    • http://www.gorillawalker.com/2009-36-cfr-300-end-water-2009-title-36-parks.pdf
    • http://www.gorillawalker.com/buffy-the-vampire-slayer-panel-to-panel-seasons-8-9.pdf
    • http://www.gorillawalker.com/introduction-to-transportation-engineering-and-planning.pdf
    • http://www.gorillawalker.com/midnight-zoo.pdf
    • http://www.gorillawalker.com/national-geographic-february-1989.pdf
    • http://www.gorillawalker.com/3-chord-songs-play-10-songs-on-guitar-with-just.pdf
    • http://www.gorillawalker.com/social-studies-across-the-centuries-level-7-houghton-mifflin-social.pdf
    • http://www.gorillawalker.com/dear-bob-and-sue.pdf
    • http://www.gorillawalker.com/pornification.pdf
    • http://www.gorillawalker.com/dream-dare-the-night-horde-socal.pdf
    • http://www.gorillawalker.com/kontakte-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.