Malicious PDF — malware analysis report

Static analysis result for SHA-256 c3806491af167558…

MALICIOUS

PDF

42.9 KB Created: 2018-11-23 21:06:39 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: 072674966ea2545c33a5ad14a186f1b9 SHA-1: 50271fd8b28370452998799174b25afa3b1e0981 SHA-256: c3806491af167558b8780ac60b0450c81fe2d09f4e3e94023059d7c0efa525d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the domain www.gorillawalker.com. This suggests a link farm or content distribution tactic. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9163

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hook-me-up-playa.pdf
    • http://www.gorillawalker.com/spatial-optimization-in-ecological-applications.pdf
    • http://www.gorillawalker.com/the-1941-iris-pennsylvania-state-college-of-optometry-philadelphia-pa.pdf
    • http://www.gorillawalker.com/mr-erotica.pdf
    • http://www.gorillawalker.com/fireman-sam-s-favourite-tales-story-collection.pdf
    • http://www.gorillawalker.com/in-the-prophet-s-garden-a-selection-of-ahadith-for.pdf
    • http://www.gorillawalker.com/the-contents-of-the-fifth-and-sixth-books-of-euclid.pdf
    • http://www.gorillawalker.com/kenya-in-colors-world-of-colors.pdf
    • http://www.gorillawalker.com/el-pasado-siempre-vuelve-cuentos-spanish-edition.pdf
    • http://www.gorillawalker.com/trailer-park-taboo-a-bbw-milf-mfm-erotica.pdf
    • http://www.gorillawalker.com/how-to-make-ice-cream-51-recipes-for-classic-and.pdf
    • http://www.gorillawalker.com/people-centered-innovation-becoming-a-practitioner-in-innovation-research-kindle.pdf
    • http://www.gorillawalker.com/alternative-therapy-for-colon-cancer.pdf
    • http://www.gorillawalker.com/do-you-like-green-eggs-and-ham-dr-seuss-nursery.pdf
    • http://www.gorillawalker.com/engineering-principles-of-mechanical-vibration-3rd-edition.pdf
    • http://www.gorillawalker.com/mcat-biological-sciences-review-notes-kaplan-test-prep-and-admissions.pdf
    • http://www.gorillawalker.com/tool-and-manufacturing-engineers-handbook-vol-7-continuous-improvement-tool.pdf
    • http://www.gorillawalker.com/kettlebell-swing-a-simple-guide-to-learn-kettlebell-exercises-perfect.pdf
    • http://www.gorillawalker.com/the-charcoal-foundry-build-your-own-metal-working-shop-from.pdf
    • http://www.gorillawalker.com/the-homemaker-s-pictorial-encyclopedia-of-modern-cake-decorating-kindle.pdf
    • http://www.gorillawalker.com/political-parties-of-the-world.pdf
    • http://www.gorillawalker.com/fang-bang.pdf
    • http://www.gorillawalker.com/meseta-and-campina-landforms-in-central-spain.pdf
    • http://www.gorillawalker.com/a-mormon-bibliography-1830-1930-books-pamphlets-periodicals-and-broadsides.pdf
    • http://www.gorillawalker.com/attorney-fee-awards-trial-practice-series.pdf
    • http://www.gorillawalker.com/contemporary-creative-nonfiction-the-art-of-truth.pdf
    • http://www.gorillawalker.com/geometry-plus-new-mymathlab-with-pearson-etext-access-card-package.pdf
    • http://www.gorillawalker.com/a-free-man.pdf
    • http://www.gorillawalker.com/enduring-retribution-aaron-s-kiss-series-volume-5.pdf
    • http://www.gorillawalker.com/andree-putman.pdf
    • http://www.gorillawalker.com/drug-abuse-in-sport-issues.pdf
    • http://www.gorillawalker.com/freemasonry-as-a-world-power-versus-roman-clericalism.pdf
    • http://www.gorillawalker.com/designing-and-constructing-instruments-for-social-research-and-evaluation.pdf
    • http://www.gorillawalker.com/homeland-tv-show-season-2-trivia-quiz-book-paperback.pdf
    • http://www.gorillawalker.com/sew-trendy-fashions-accessories.pdf
    • http://www.gorillawalker.com/writing-myth-mythography-in-the-ancient-world-studies-in-the.pdf
    • http://www.gorillawalker.com/the-law-relating-to-social-security-in-northern-ireland-amendment.pdf
    • http://www.gorillawalker.com/adolescents-and-risk-making-sense-of-adolescent-psychology-making-sense.pdf
    • http://www.gorillawalker.com/fallen-descendants-saga-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/betrayed-the-legalization-of-age-discrimination-in-the-workplace-kindle.pdf
    • http://www.gorillawalker.com/the-contents-of-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.