Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca41e076964f427d…

MALICIOUS

PDF

45.2 KB Created: 2018-11-26 20:03:36 +03:00 Authoring application: Microsoft Word (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 9f87a0c7f2136da6b729b42b37320eca SHA-1: 5d30ca37198420cd09a49b5c9f42257512864389 SHA-256: ca41e076964f427dedf49061579e1e795ad47ac08a674aca04daa23558119117
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDFs on the same domain, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/illusion-of-order-the-false-promise-of-broken-windows-policing.pdf
    • http://www.gorillawalker.com/the-men-s-guide-to-the-women-s-bathroom.pdf
    • http://www.gorillawalker.com/by-sheldon-p-gordon-functioning-in-the-real-world-a.pdf
    • http://www.gorillawalker.com/cheating-wife-hot-sex-stories.pdf
    • http://www.gorillawalker.com/sap-basics-for-it-admins-sap-transactions-tables-and-hana.pdf
    • http://www.gorillawalker.com/honda-cb750-haynes-great-bikes.pdf
    • http://www.gorillawalker.com/capitalisms-and-capitalism-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/colloquial-spanish-of-latin-america-2-the-next-step-in.pdf
    • http://www.gorillawalker.com/christmas-joys-trombone-sax.pdf
    • http://www.gorillawalker.com/first-principles-the-crazy-business-of-doing-serious-science.pdf
    • http://www.gorillawalker.com/amphibians-reptiles-of-north-west-europe-their-natural-history-ecology.pdf
    • http://www.gorillawalker.com/ged-test-prep-physics-review-flashcards-ged-study-guide-book.pdf
    • http://www.gorillawalker.com/microneurosurgery-volume-i-microsurgical-anatomy-of-the-basal-cisterns-and.pdf
    • http://www.gorillawalker.com/principles-of-research-in-communication.pdf
    • http://www.gorillawalker.com/psalms-in-haiku-meditative-songs-of-prayer.pdf
    • http://www.gorillawalker.com/adolf-hitler-german-dictator-essential-lives.pdf
    • http://www.gorillawalker.com/victerotica-i-a-carnal-collection-sex-stories-from-the-victorian.pdf
    • http://www.gorillawalker.com/dashed-dreams-and-diamonds-stories-from-seven-women-of-the.pdf
    • http://www.gorillawalker.com/tics-tourette-syndrome-and-other-movement-disorders.pdf
    • http://www.gorillawalker.com/anal-pleasures-and-health-a-guide-for-men-and-women.pdf
    • http://www.gorillawalker.com/semiconductor-circuits-theory-design-and-experiment.pdf
    • http://www.gorillawalker.com/god-save-the-cook-world-cook-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-grand-jury-an-essay-awarded-the-peter-stephen-duponceau.pdf
    • http://www.gorillawalker.com/suzuki-piano-school-volume-1-cd-the-suzuki-method-core.pdf
    • http://www.gorillawalker.com/the-vintage-sardar-the-very-best-of-kushwant-singh.pdf
    • http://www.gorillawalker.com/marvelous-images-on-values-and-the-arts.pdf
    • http://www.gorillawalker.com/asterix-and-the-golden-sickle-album-2-bk-2.pdf
    • http://www.gorillawalker.com/diagnosis-and-management-of-osteoporosis.pdf
    • http://www.gorillawalker.com/somewhere-to-come-from-just-this-side-of-paradise.pdf
    • http://www.gorillawalker.com/principles-of-computerized-tomographic-imaging-classics-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/je-veux-maintenant-parent-isabelle-filliozat-pr-sente-french-edition.pdf
    • http://www.gorillawalker.com/hal-leonard-rubank-selected-duets-for-flute-vol-1-easy.pdf
    • http://www.gorillawalker.com/metal-gear-solid-3-snake-eater-the-official-guide.pdf
    • http://www.gorillawalker.com/bodybuilding-the-10-commandments-of-six-pack-abs-kindle-edition.pdf
    • http://www.gorillawalker.com/las-matematicas-de-oz-the-mathematics-of-oz-gimnasia-mental.pdf
    • http://www.gorillawalker.com/juvenile-delinquency-instructor-s-annotated-edition.pdf
    • http://www.gorillawalker.com/1999-the-arrl-handbook-for-radio-amateurs-arrl-handbook-for.pdf
    • http://www.gorillawalker.com/shattered-spaces-encountering-jewish-ruins-in-postwar-germany-and-poland.pdf
    • http://www.gorillawalker.com/digital-jacquard-design.pdf
    • http://www.gorillawalker.com/the-meowmorphosis-quirk-classics.pdf
    • http://www.gorillawalker.com/capitali
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.