Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5b601677da0eabc…

MALICIOUS

PDF

40.1 KB Created: 2018-12-02 10:56:09 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: e99861867c4a12a6dcb7af810aa73bfd SHA-1: 82772c9aa77efd71b249bfeea49754356506404d SHA-256: d5b601677da0eabcb01d84e32ac25f397fd57035e6e7117b71a84dc6eb3e17cb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs all point to the same domain, suggesting a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pteranodonte-pteranodon-dinosaurios-y-animales-prehist-ricos-dinosaurs-and-prehistoric.pdf
    • http://www.gorillawalker.com/spiggot-too.pdf
    • http://www.gorillawalker.com/46-great-winners-for-trombone.pdf
    • http://www.gorillawalker.com/kinship-with-all-life.pdf
    • http://www.gorillawalker.com/the-anguish-of-the-jews-twenty-three-centuries-of-antisemitism.pdf
    • http://www.gorillawalker.com/alto-recorder-for-kids-christmas-carols-classical-music-nursery-rhymes.pdf
    • http://www.gorillawalker.com/vocational-core-curriculum-materials-management-specialty-corporate-tax-practice.pdf
    • http://www.gorillawalker.com/english-grammar.pdf
    • http://www.gorillawalker.com/the-powerscore-lsat-deconstructed-series-three-lsats-deconstructed.pdf
    • http://www.gorillawalker.com/iconoclastia-architectural-papers.pdf
    • http://www.gorillawalker.com/maghella-n-12-son-tornate-a-fiorire-le-rose-italian.pdf
    • http://www.gorillawalker.com/fire-hydraulics.pdf
    • http://www.gorillawalker.com/bid-for-a-bride.pdf
    • http://www.gorillawalker.com/long-slow-distance-the-humane-way-to-train.pdf
    • http://www.gorillawalker.com/moleskine-city-notebook-praha-prague.pdf
    • http://www.gorillawalker.com/detector-finds-3.pdf
    • http://www.gorillawalker.com/training-session-ff-lesbian-bdsm-mma-erotic-romance.pdf
    • http://www.gorillawalker.com/wimmer-harry-adventures-in-cello-country-book-1c-meet-the.pdf
    • http://www.gorillawalker.com/can-one-live-after-auschwitz-a-philosophical-reader.pdf
    • http://www.gorillawalker.com/moon-monterey-and-carmel-including-santa-cruz-and-big-sur.pdf
    • http://www.gorillawalker.com/my-underpants-rule.pdf
    • http://www.gorillawalker.com/training-a-tiger-a-father-s-guide-to-raising-a.pdf
    • http://www.gorillawalker.com/malala-yousafzai-against-the-odds-biographies-library-binding.pdf
    • http://www.gorillawalker.com/restoring-broken-things.pdf
    • http://www.gorillawalker.com/campfire-cooking-recipes-for-ravenous-adventurers-quick-and-easy-meals.pdf
    • http://www.gorillawalker.com/basic-concepts-columns-beams-and-plates-volume-1-buckling-experiments.pdf
    • http://www.gorillawalker.com/grizzlies-in-the-mist.pdf
    • http://www.gorillawalker.com/werebear-m-nage-mm-paranormal-erotic-romance.pdf
    • http://www.gorillawalker.com/the-meaning-is-in-the-shadows.pdf
    • http://www.gorillawalker.com/new-practical-chinese-reader-1-teacher-s-edition-cd-chinese.pdf
    • http://www.gorillawalker.com/alien-caged-clans-of-kalquor-book-8.pdf
    • http://www.gorillawalker.com/hey-anita-what-s-my-account-balance-speech-recognition-technology.pdf
    • http://www.gorillawalker.com/bio-philosophy.pdf
    • http://www.gorillawalker.com/structure-analysis-by-small-angle-x-ray-and-neutron-scattering.pdf
    • http://www.gorillawalker.com/intriguing-mathematical-problems-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/black-people-white-people.pdf
    • http://www.gorillawalker.com/oliver-w-hill-virginia-my-state-biographies.pdf
    • http://www.gorillawalker.com/world-without-cats.pdf
    • http://www.gorillawalker.com/the-servant-as-leader.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-21-20-fm-7-20-the.pdf
    • http://www.gorillawalker.com/vocational-core-curri
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.