Malicious PDF — malware analysis report

Static analysis result for SHA-256 d51d4f31b5b75f34…

MALICIOUS

PDF

42.4 KB Created: 2018-11-30 01:49:26 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: d01acbd38e265873ecb82335ed18da55 SHA-1: 419d10cbb520c5284a35ff12b4a464bae71069f3 SHA-256: d51d4f31b5b75f345c1258bdf607a118d7c0a581af71f5240236aabe7189bf0f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/elmer-s-weather-english-150-italian-elmer-series.pdf
    • http://www.gorillawalker.com/an-early-journey-home-helping-families-work-through-the-loss.pdf
    • http://www.gorillawalker.com/cultural-sociology-of-divorce-an-encyclopedia.pdf
    • http://www.gorillawalker.com/handbook-of-pediatric-hiv-care.pdf
    • http://www.gorillawalker.com/istanbul-revealed-sinan-s-mosques-turkey-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/unexplained-deaths-of-the-sinister-kind-mysterious-deaths-true-stories.pdf
    • http://www.gorillawalker.com/adventures-with-jackson-thailand-kindle-edition.pdf
    • http://www.gorillawalker.com/yolo.pdf
    • http://www.gorillawalker.com/going-beyond-the-mood-swings-of-bipolar-disorder-kindle-edition.pdf
    • http://www.gorillawalker.com/contemporary-rock-rhythm-rock-funk-reggae-and-rhythm-blues-grooves.pdf
    • http://www.gorillawalker.com/white-water-perspectives-book.pdf
    • http://www.gorillawalker.com/pregnancy-fitness-mind-body-spirit.pdf
    • http://www.gorillawalker.com/blow-molding-design-guide-spe-books.pdf
    • http://www.gorillawalker.com/herbal-home-health-care.pdf
    • http://www.gorillawalker.com/technical-topics-scrapbook-2000-2004.pdf
    • http://www.gorillawalker.com/yamaha-motorcycle-reports-hundreds-of-tests-on-used-yamaha-bikes.pdf
    • http://www.gorillawalker.com/theodor-seuss-geisel-lives-legacies-oxford.pdf
    • http://www.gorillawalker.com/application-of-nursing-process-and-nursing-diagnosis-an-interactive-text.pdf
    • http://www.gorillawalker.com/the-last-banana-dancing-with-the-watu.pdf
    • http://www.gorillawalker.com/multple-choice-questions-in-french.pdf
    • http://www.gorillawalker.com/bonyo-bonyo.pdf
    • http://www.gorillawalker.com/debt-and-delusion-central-bank-follies-that-threaten-economic-disaster.pdf
    • http://www.gorillawalker.com/high-crimes-the-fate-of-everest-in-an-age-of.pdf
    • http://www.gorillawalker.com/silent-fear-a-medical-mystery-a-dr-danny-tilson-novel.pdf
    • http://www.gorillawalker.com/atlas-of-breast-surgical-techniques-a-volume-in-the-surgical.pdf
    • http://www.gorillawalker.com/contemporary-communication-systems.pdf
    • http://www.gorillawalker.com/stunning-butterfly-photos-butterflies-close-up-photo-book-photo-album.pdf
    • http://www.gorillawalker.com/best-practices-in-quantitative-methods.pdf
    • http://www.gorillawalker.com/irish-masculinities-reflections-on-literature-and-culture.pdf
    • http://www.gorillawalker.com/mr-bear-babysits.pdf
    • http://www.gorillawalker.com/the-son-of-neptune-the-heroes-of-olympus-book-two.pdf
    • http://www.gorillawalker.com/vanquished-the-blood-trail-chronicles-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/found-photography-photofile.pdf
    • http://www.gorillawalker.com/thai-travel-pack.pdf
    • http://www.gorillawalker.com/drawing-the-clothed-figure-portraits-of-people-in-everyday-life.pdf
    • http://www.gorillawalker.com/theology-and-the-church-a-response-to-cardinal-ratzinger-and.pdf
    • http://www.gorillawalker.com/the-little-bean-book.pdf
    • http://www.gorillawalker.com/australian-christmas-cooking.pdf
    • http://www.gorillawalker.com/andropause-the-complete-male-menopause-guide-discover-the-shocking-truth.pdf
    • http://www.gorillawalker.com/ethics-in-crime-and-justice-dilemmas-and-decisions.pdf
    • http://www.gorillawalker.com/unexplained-deaths-of-the-sinister-kind-mysterious
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.