Malicious PDF — malware analysis report

Static analysis result for SHA-256 cec8ae1e9f0a58e5…

MALICIOUS

PDF

45.8 KB Created: 2018-12-11 20:45:14 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext)
MD5: 6012a0a94ac4cfbe17edceadab3af5e7 SHA-1: be6321a4320590a6d170899b685122136547a1d7 SHA-256: cec8ae1e9f0a58e541a0d2e5c11fb81a7d0d97397c4657650980deeea469a85e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, which suggests an attempt to manipulate search engine results or distribute content from a large number of URLs. The document body is heavily obfuscated and unreadable, providing no direct clues to its intent. The primary attack pattern observed is the mass linking to external resources, likely for SEO manipulation or as a distribution vector for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/colourful-food-chinese-readers-series-d-level-1-orange-chinese.pdf
    • http://www.gorillawalker.com/geo-electromagnetism.pdf
    • http://www.gorillawalker.com/confronting-poverty-weak-states-and-u-s-national-security.pdf
    • http://www.gorillawalker.com/quick-n-cheap-recipes-for-a-flat-belly-and-raw.pdf
    • http://www.gorillawalker.com/walking-in-the-sacred-manner-healers-dreamers-and-pipe-carriers.pdf
    • http://www.gorillawalker.com/the-coffin-quilt-the-feud-between-the-hatfields-and-the.pdf
    • http://www.gorillawalker.com/irrigation-water-management-principles-and-practice-kindle-edition.pdf
    • http://www.gorillawalker.com/alzheimer-s-science-and-god.pdf
    • http://www.gorillawalker.com/the-dreaming-void-void-trilogy-book-1-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/wired-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/a-devil-and-her-love-song-vol-4.pdf
    • http://www.gorillawalker.com/physics-for-flash-games-animation-and-simulations.pdf
    • http://www.gorillawalker.com/a-texas-made-match-love-inspired-historical.pdf
    • http://www.gorillawalker.com/the-life-of-padre-pio-between-the-altar-and-the.pdf
    • http://www.gorillawalker.com/on-equal-terms-adventures-of-a-disabled-crew-in-the.pdf
    • http://www.gorillawalker.com/me-you-and-my-point-of-view-inspirational-and-motivational.pdf
    • http://www.gorillawalker.com/a-dialogue-kindle-edition.pdf
    • http://www.gorillawalker.com/human-melanoma-from-basic-research-to-clinical-application.pdf
    • http://www.gorillawalker.com/time-varying-image-processing-and-moving-object-recognition-proceedings-of.pdf
    • http://www.gorillawalker.com/dynamics-of-marine-structures-methods-of-calculating-the-dynamic-response.pdf
    • http://www.gorillawalker.com/we-can-t-teach-what-we-don-t-know-white.pdf
    • http://www.gorillawalker.com/knowledge-and-liberation-tibetan-buddhist-epistemology-in-support-of-transformative.pdf
    • http://www.gorillawalker.com/egmont-the-story-of-a-mountain.pdf
    • http://www.gorillawalker.com/magic-universe-a-grand-tour-of-modern-science.pdf
    • http://www.gorillawalker.com/confessions-of-a-therapist.pdf
    • http://www.gorillawalker.com/how-to-keep-erect-naturally.pdf
    • http://www.gorillawalker.com/the-economic-competitiveness-of-renewable-energy-pathways-to-100-global.pdf
    • http://www.gorillawalker.com/flute-concerto-in-g-major-qv-5-174-full-score.pdf
    • http://www.gorillawalker.com/allen-carr-s-easy-way-for-women-to-stop-smoking.pdf
    • http://www.gorillawalker.com/commercial-litigation-damages-and-other-remedies-for-breach-of-contract.pdf
    • http://www.gorillawalker.com/brain-rules-12-principles-for-surviving-and-thriving-at-work.pdf
    • http://www.gorillawalker.com/looking-for-a-rain-god-and-other-short-stories-from.pdf
    • http://www.gorillawalker.com/this-road-tonight-a-new-pilgrim-s-progress.pdf
    • http://www.gorillawalker.com/stability-theory-of-elastic-rods-series-on-stability-vibration-and.pdf
    • http://www.gorillawalker.com/closing-my-legs-kindle-edition.pdf
    • http://www.gorillawalker.com/creating-lightweight-components-with-atl.pdf
    • http://www.gorillawalker.com/aviation-mechanic-handbook-the-aviation-standard.pdf
    • http://www.gorillawalker.com/zagatsurvey-2004-downtown-new-york-city-below-houston-street-zagatsurvey.pdf
    • http://www.gorillawalker.com/aprender-italiano-textos-paralelos-historias-sencillas-espa.pdf
    • http://www.gorillawalker.com/priority-setting-processes-for-healthcare-in-oregon-usa-new-zealand.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.