Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0624640547d3f7b…

MALICIOUS

PDF

44.2 KB Created: 2018-11-30 01:48:57 +03:00 Authoring application: Microsoft® Word 2013
MD5: f361ef6008fc722af4668b3b4d8cdc9b SHA-1: 211d043752075ff0645ccf0e189a116ddec4a6b3 SHA-256: d0624640547d3f7bea5584f042ba693e8da3932209d91ccf8393d85522918d3e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/conceptual-modeling-for-traditional-and-spatio-temporal-applications-the-mads.pdf
    • http://www.gorillawalker.com/sangha-walks-advice-to-americans-in-buddhist-robes-usa-sangha.pdf
    • http://www.gorillawalker.com/brown-bag-science-plants-soils.pdf
    • http://www.gorillawalker.com/suzuki-ts-100-125-185-250-air-cooled-trail-bikes.pdf
    • http://www.gorillawalker.com/the-libation-bearers.pdf
    • http://www.gorillawalker.com/introduction-to-chaos-and-coherence.pdf
    • http://www.gorillawalker.com/alfred-s-basic-guitar-method-book-2-book-cd.pdf
    • http://www.gorillawalker.com/graphic-arts-problem-solving.pdf
    • http://www.gorillawalker.com/coal-combustion-science-and-technology-of-industrial-and-utility-applications.pdf
    • http://www.gorillawalker.com/advanced-hypnotherapy-for-professionals.pdf
    • http://www.gorillawalker.com/new-york-city-a-food-biography-big-city-food-biographies.pdf
    • http://www.gorillawalker.com/piano-2015-scales-arpeggios-initial-grade-5.pdf
    • http://www.gorillawalker.com/bidrag-till-k-nnedom-om-finlands-natur-och-folk-volume.pdf
    • http://www.gorillawalker.com/the-long-gilded-age-american-capitalism-and-the-lessons-of.pdf
    • http://www.gorillawalker.com/american-pioneers-and-patriots-david-crockett.pdf
    • http://www.gorillawalker.com/the-owner-s-manual-to-terrible-parenting.pdf
    • http://www.gorillawalker.com/learn-from-the-legends.pdf
    • http://www.gorillawalker.com/charmed-the-war-on-witches.pdf
    • http://www.gorillawalker.com/the-golden-ghetto-the-psychology-of-affluence.pdf
    • http://www.gorillawalker.com/voiceworks-a-handbook-for-singing-bk-1.pdf
    • http://www.gorillawalker.com/the-golden-one-amelia-peabody-mysteries-book-14.pdf
    • http://www.gorillawalker.com/the-book-of-firsts-150-world-changing-people-and-events.pdf
    • http://www.gorillawalker.com/wildflowers-of-north-america-a-guide-to-field-identification-golden.pdf
    • http://www.gorillawalker.com/introducci-n-a-la-ling-istica-hisp-nica.pdf
    • http://www.gorillawalker.com/dying-to-live-boulevard-of-broken-dreams.pdf
    • http://www.gorillawalker.com/handbook-of-multifrequency-electron-paramagnetic-resonance-data-and-techniques.pdf
    • http://www.gorillawalker.com/shaolin-nei-jin-qi-gong-ancient-healing-in-the-modern.pdf
    • http://www.gorillawalker.com/percutaneous-penetration-enhancers-chemical-methods-in-penetration-enhancement-nanocarriers.pdf
    • http://www.gorillawalker.com/off-the-willows-the-rebirth-of-modern-jewish-music.pdf
    • http://www.gorillawalker.com/the-judo-handbook-martial-arts-rosen.pdf
    • http://www.gorillawalker.com/cultural-diversity-in-the-united-states.pdf
    • http://www.gorillawalker.com/thai-food-recipes-complete-series-thai-food-recipes-amazing-thailand.pdf
    • http://www.gorillawalker.com/elias-west-bend-saints-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/concierto-de-aranjuez-1809-for-guitar-and-orchestra-schott.pdf
    • http://www.gorillawalker.com/hindu-scriptures-discovering-sacred-texts.pdf
    • http://www.gorillawalker.com/god-said-spring-bulletin-2015-regular-package-of-50.pdf
    • http://www.gorillawalker.com/reflections-on-the-mississippi.pdf
    • http://www.gorillawalker.com/theoretical-and-computational-dynamics-of-a-compressible-flow.pdf
    • http://www.gorillawalker.com/seven-mistakes-that-can-destroy-your-pennsylvania-workers-compensation-case.pdf
    • http://www.gorillawalker.com/star-wars-rebels-ezra-s-duel-with-danger-a-star.pdf
    • http://www.gorillawalker.com/co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.