Malicious PDF — malware analysis report

Static analysis result for SHA-256 d6017a2344579b8b…

MALICIOUS

PDF

42.8 KB Created: 2019-03-17 06:35:40 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext)
MD5: c6fc316aee0cb28747b6c5c3d0a1ecf9 SHA-1: 6dd00a8b0deca823adea719c3f0113221da99185 SHA-256: d6017a2344579b8b260b4f49a606ba85fa70d397b93b3e21a943285092139cf6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of external PDF links, indicating a link farm. The embedded URLs all point to PDFs on the same domain, suggesting a coordinated effort to direct users to external content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fish-karyotypes-a-check-list.pdf
    • http://www.gorillawalker.com/write-better.pdf
    • http://www.gorillawalker.com/operational-risk-with-excel-and-vba-applied-statistical-methods-for.pdf
    • http://www.gorillawalker.com/new-treatments-in-noninfectious-uveitis-developments-in-ophthalmology-vol-51.pdf
    • http://www.gorillawalker.com/epilepsy-chart-1e-netter-charts.pdf
    • http://www.gorillawalker.com/cahier-des-sons-cp-french-edition.pdf
    • http://www.gorillawalker.com/lance-armstrong-a-biography-kindle-edition.pdf
    • http://www.gorillawalker.com/take-me-through-the-bible-word-searches-for-kids.pdf
    • http://www.gorillawalker.com/the-sacred-and-civil-calendar-of-the-athenian-year-princeton.pdf
    • http://www.gorillawalker.com/canoe-traveling-log-of-a-cruise-on-the-baltic-and.pdf
    • http://www.gorillawalker.com/fifth-virginia-infantry-the-virginia-regimental-histories-series.pdf
    • http://www.gorillawalker.com/step-by-step-guide-to-planning-your-wedding.pdf
    • http://www.gorillawalker.com/through-the-looking-glass-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-image-quality-characterization-and-prediction-optical-science-and.pdf
    • http://www.gorillawalker.com/timed-arrays-wideband-and-time-varying-antenna-arrays.pdf
    • http://www.gorillawalker.com/geometry-grades-9-12-mcdougal-littell-high-school-math-mcdougal.pdf
    • http://www.gorillawalker.com/the-favored-daughter-one-woman-s-fight-to-lead-afghanistan.pdf
    • http://www.gorillawalker.com/the-disgraceful-duke-barbara-cartland-eternal-collection.pdf
    • http://www.gorillawalker.com/riding-denver-s-rails-a-mile-high-streetcar-history.pdf
    • http://www.gorillawalker.com/prisoners-of-geography-ten-maps-that-explain-everything-about-the.pdf
    • http://www.gorillawalker.com/introduction-to-animal-science-global-biological-social-and-industry-perspectives.pdf
    • http://www.gorillawalker.com/forex-trading-signals-abandon-the-indicators-trade-like-the-pros.pdf
    • http://www.gorillawalker.com/hear-say-popstars-easy-keyboard.pdf
    • http://www.gorillawalker.com/wild-west-christmas-make-christmas-begin-within-book-2.pdf
    • http://www.gorillawalker.com/by-hal-marcus-blackjack-counter-basic-strategy-4-8-decks.pdf
    • http://www.gorillawalker.com/japanese-working-women.pdf
    • http://www.gorillawalker.com/corpus-of-maya-hieroglyphic-inscriptions-volume-2-part-1-naranjo.pdf
    • http://www.gorillawalker.com/the-gold-standard-video-mcat-general-chemistry-science-review.pdf
    • http://www.gorillawalker.com/the-beatles-files.pdf
    • http://www.gorillawalker.com/eleftherios-venizelos-greece-haus-publishing-makers-of-the-modern-world.pdf
    • http://www.gorillawalker.com/marley-and-the-great-easter-egg-hunt.pdf
    • http://www.gorillawalker.com/a-hunter-s-wanderings-in-africa-african-hunting-reprint-series.pdf
    • http://www.gorillawalker.com/sinai-and-palestine-in-connection-with-their-history.pdf
    • http://www.gorillawalker.com/dialectical-passions-negation-in-postwar-art-theory-columbia-themes-in.pdf
    • http://www.gorillawalker.com/crimson-china-kindle-edition.pdf
    • http://www.gorillawalker.com/tressa-the-12-year-old-mum-my-true-story.pdf
    • http://www.gorillawalker.com/red-flower-of-china-an-autobiography.pdf
    • http://www.gorillawalker.com/wedding-skin-care-korean-edition.pdf
    • http://www.gorillawalker.com/running-the-world-belgrade-serbia-blaze-travel-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/list-of-officers-of-the-royal-regiment-of-artillery-from.pdf
    • http://www.gorillawalker.com/cahier-des-sons-cp-french-editi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.