Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5e7a3d264ed103d…

MALICIOUS

PDF

45.8 KB Created: 2018-11-15 18:34:41 +03:00 Authoring application: Microsoft® Word 2013
MD5: e2d3adac4faa1f70266caf6cfeebd725 SHA-1: 27014db715067128dc86bdb65c643aeeb1a2f299 SHA-256: c5e7a3d264ed103d025e3877c02956fd9ff8490597d6d367ddecae5934755bba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a deceptive lure, aiming to redirect the user to potentially malicious content or to manipulate search engine rankings. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/people-plants-and-genes-the-story-of-crops-and-humanity.pdf
    • http://www.gorillawalker.com/pilates-relaxation-health-fitness-health-and-wellbeing.pdf
    • http://www.gorillawalker.com/the-bare-facts-of-general-pathology.pdf
    • http://www.gorillawalker.com/the-development-of-persistent-criminality.pdf
    • http://www.gorillawalker.com/the-traitor-queen-the-traitor-spy-trilogy.pdf
    • http://www.gorillawalker.com/discrete-convex-analysis-monographs-on-discrete-math-and-applications-monographs.pdf
    • http://www.gorillawalker.com/by-minecraft-books-minecraft-jokes-for-kids-hilarious-minecraft-jokes.pdf
    • http://www.gorillawalker.com/victoria-hema-maps-states.pdf
    • http://www.gorillawalker.com/attracting-hummingbirds-and-butterflies-to-your-backyard-watch-your-garden.pdf
    • http://www.gorillawalker.com/cultureshock-korea-culture-shock-korea-kindle-edition.pdf
    • http://www.gorillawalker.com/die-reue-nach-der-that-german-edition.pdf
    • http://www.gorillawalker.com/mountain-ecology-in-the-australian-region-proceedings-of-the-ecological.pdf
    • http://www.gorillawalker.com/sports-illustrated-blood-sweat-chalk-the-ultimate-football-playbook-how.pdf
    • http://www.gorillawalker.com/the-illustrated-dictionary-of-mathematics.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-about-chemical-dependence-vernon-johnson.pdf
    • http://www.gorillawalker.com/matter-building-block-of-the-universe.pdf
    • http://www.gorillawalker.com/also-sprach-zarathustra-op-30-percussion-part-qty-2-a2120.pdf
    • http://www.gorillawalker.com/a-volcano-in-my-tummy-helping-children-to-handle-anger.pdf
    • http://www.gorillawalker.com/the-brick-testament-the-story-of-christmas.pdf
    • http://www.gorillawalker.com/echoes-of-empire-memory-identity-and-the-legacy-of-imperialism.pdf
    • http://www.gorillawalker.com/the-complete-illustrated-encyclopedia-of-plants-flowers.pdf
    • http://www.gorillawalker.com/democracy-and-political-violence.pdf
    • http://www.gorillawalker.com/life-magazine-february-17-1961.pdf
    • http://www.gorillawalker.com/manatee-county-florida-sheriff-s-office-1855-2005-150th-anniversary.pdf
    • http://www.gorillawalker.com/ices-and-how-to-make-them-a-popular-treatise-on.pdf
    • http://www.gorillawalker.com/revolution-in-oriental-medicine-tao-shiatsu.pdf
    • http://www.gorillawalker.com/leave-no-trace-the-vanishing-north-american-wilderness.pdf
    • http://www.gorillawalker.com/ocean-passages-for-the-world-np136.pdf
    • http://www.gorillawalker.com/the-maya-indians-of-southern-yucatan-and-northern-british-honduras.pdf
    • http://www.gorillawalker.com/pamphlet-architecture-30-coupling-strategies-for-infrastructural-opportunism.pdf
    • http://www.gorillawalker.com/cape-town-encounters-portraits-of-diversity-kindle-edition.pdf
    • http://www.gorillawalker.com/genealogical-history-showing-the-paternal-line-of-descent-from-arthur.pdf
    • http://www.gorillawalker.com/midnight-man-a-canterbury-tale-of-mystery-and-murder.pdf
    • http://www.gorillawalker.com/common-vetch-management-in-rice-fallow-blackgram-a-chemical-weed.pdf
    • http://www.gorillawalker.com/the-sonnets-shakespeare-explained.pdf
    • http://www.gorillawalker.com/it-s-easy-to-play-marches-efs-239.pdf
    • http://www.gorillawalker.com/differentiating-development-beyond-an-anthropology-of-critique.pdf
    • http://www.gorillawalker.com/orthodoxy-and-the-cold-war-religion-and-political-power-in.pdf
    • http://www.gorillawalker.com/the-last-hero-bill-tilman-a-biography-of-the-explorer.pdf
    • http://www.gorillawalker.com/eating-disorders-the-april-2002-issue-of-the-child-and.pdf
    • http://www.gorillawalker.com/victoria-hema-maps-st
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.