Malicious PDF — malware analysis report

Static analysis result for SHA-256 c47137861cf03cc5…

MALICIOUS

PDF

42.9 KB Created: 2018-12-14 20:10:35 +03:00 Authoring application: Microsoft Word (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 81ec3e1fcf0fac38794a6332e008be82 SHA-1: bda965c48ec7ecefb8128080ddce67dff03e6d43 SHA-256: c47137861cf03cc504c5c93c71609f346e0b23a0bbf985d4e2f4aa7f2bcdaa1e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/conduct-unbecoming-lesbians-and-gays-in-the-u-s-military.pdf
    • http://www.gorillawalker.com/crime-scene-whodunits-dr-quicksolve-mini-mysteries.pdf
    • http://www.gorillawalker.com/at-the-heart-of-it-ordinary-people-extraordinary-lives.pdf
    • http://www.gorillawalker.com/just-for-you-i-can-t-take-a-bath.pdf
    • http://www.gorillawalker.com/guitar-heroes-legendary-craftsmen-from-italy-to-new-york-metropolitan.pdf
    • http://www.gorillawalker.com/tango-time-cello-bkcd-book-with-cd.pdf
    • http://www.gorillawalker.com/advances-in-materials-and-materials-processing-selected-peer-reviewed-papers.pdf
    • http://www.gorillawalker.com/state-by-state-guide-to-construction-contracts-and-claims.pdf
    • http://www.gorillawalker.com/concrete-and-reinforced-concrete-construction.pdf
    • http://www.gorillawalker.com/programming-in-prolog-using-the-iso-standard-5th-edition.pdf
    • http://www.gorillawalker.com/the-wine-journal.pdf
    • http://www.gorillawalker.com/fire-safety-legislation-cpd-study-packs.pdf
    • http://www.gorillawalker.com/il-manoscritto-di-jonathan-merris-italian-edition.pdf
    • http://www.gorillawalker.com/theatre-of-empire-ambitions-imp-rialistes-three-hundred-years-of.pdf
    • http://www.gorillawalker.com/the-high-velocity-edge-how-market-leaders-leverage-operational-excellence.pdf
    • http://www.gorillawalker.com/basic-drawing-design-and-color.pdf
    • http://www.gorillawalker.com/rolemaster-combat-screen-rolemaster-2nd-edition-game-rules-advanced-fantasy.pdf
    • http://www.gorillawalker.com/outstanding-scenic-geological-features-of-pennsylvania-environmental-geology-reports-no.pdf
    • http://www.gorillawalker.com/helen-and-teacher-story-of-helen-keller-and-anne-sullivan.pdf
    • http://www.gorillawalker.com/flesh-wounds-an-inspector-troy-novel-a-black-cat-book.pdf
    • http://www.gorillawalker.com/cross-and-sanctification.pdf
    • http://www.gorillawalker.com/ugo-mulas.pdf
    • http://www.gorillawalker.com/national-geographic-science-rocks-and-soil-earth-science-teacher-s.pdf
    • http://www.gorillawalker.com/maxwell-on-molecules-and-gases.pdf
    • http://www.gorillawalker.com/the-king-s-last-song.pdf
    • http://www.gorillawalker.com/anaesthesia-pain-intensive-care-and-emergency-medicine-a-p-i.pdf
    • http://www.gorillawalker.com/the-future-as-nightmare-h-g-wells-and-the-anti.pdf
    • http://www.gorillawalker.com/housekeeping-in-old-virginia-kindle-edition.pdf
    • http://www.gorillawalker.com/a-guide-to-anatomy-for-students-of-medical-gymnastics-massage.pdf
    • http://www.gorillawalker.com/the-rainbow-at-midnight.pdf
    • http://www.gorillawalker.com/practical-handbook-of-fluorescein-angiography.pdf
    • http://www.gorillawalker.com/escape-to-the-forest-based-on-a-true-story-of.pdf
    • http://www.gorillawalker.com/american-british-canadian-intelligence-relations-1939-2000-studies-in-intelligence.pdf
    • http://www.gorillawalker.com/shaped-board-book-lipton-shaped-cookbook.pdf
    • http://www.gorillawalker.com/hurricane-ivan-survival-stories-as-told-by-the-people-of.pdf
    • http://www.gorillawalker.com/catch-score-parts.pdf
    • http://www.gorillawalker.com/the-boy-travellers-in-the-far-east-part-second-adventures.pdf
    • http://www.gorillawalker.com/hard-knox-the-life-of-an-nfl-coach.pdf
    • http://www.gorillawalker.com/angels-on-my-window.pdf
    • http://www.gorillawalker.com/a-touch-of-midnight-library-edition-midnight-breed.pdf
    • http://www.gorillawalker.com/advances-in-materials
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.