Malicious PDF — malware analysis report

Static analysis result for SHA-256 d66162a5c401ac1a…

MALICIOUS

PDF

42.3 KB Created: 2018-11-30 20:34:28 +03:00 Authoring application: Writer (via OpenOffice.org 2.0)
MD5: a5e8e374fdfb462a5d178978729406a7 SHA-1: 6d686d98817992b8b26aa9bcda0ad9dc85db56e7 SHA-256: d66162a5c401ac1ae7d7ec2280e9758942d43db031f831f93ee1319a25e6bc22
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of potentially malicious content. The ML classifier also flagged this PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8219

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wild-flowers-of-australia-and-oceania-an-illustrated-guide-to.pdf
    • http://www.gorillawalker.com/american-jurisprudence-2d-state-federal-social-security-and-medicare-2006.pdf
    • http://www.gorillawalker.com/national-geographic-magazine-may-1989-vol-175-no-5.pdf
    • http://www.gorillawalker.com/complete-with-her-risso-family-book-3.pdf
    • http://www.gorillawalker.com/the-art-and-science-of-string-performance.pdf
    • http://www.gorillawalker.com/impacts-of-climate-change-on-food-security-in-small-island.pdf
    • http://www.gorillawalker.com/puss-in-boots-keepsake-stories.pdf
    • http://www.gorillawalker.com/african-critters.pdf
    • http://www.gorillawalker.com/johnny-football-johnny-manziel-s-wild-ride-from-obscurity-to.pdf
    • http://www.gorillawalker.com/space-structures-principles-and-practice.pdf
    • http://www.gorillawalker.com/relentless-the-lost-fleet-book-5.pdf
    • http://www.gorillawalker.com/die-lachsm-se-12-einblicke-german-edition.pdf
    • http://www.gorillawalker.com/athletic-body-in-balance.pdf
    • http://www.gorillawalker.com/hardhats-hippies-and-hawks-the-vietnam-antiwar-movement-as-myth.pdf
    • http://www.gorillawalker.com/the-bonaparte-secret-lang-reilly-thrillers.pdf
    • http://www.gorillawalker.com/mitos-y-psicoanalisis-spanish-edition.pdf
    • http://www.gorillawalker.com/art-class-a-beginner-s-complete-guide-to-painting-and.pdf
    • http://www.gorillawalker.com/pufferfish-freaky-fish.pdf
    • http://www.gorillawalker.com/baby-whale-s-journey.pdf
    • http://www.gorillawalker.com/the-dinah-project-a-handbook-for-congregational-response-to-sexual.pdf
    • http://www.gorillawalker.com/photography-11th-edition.pdf
    • http://www.gorillawalker.com/psychiatric-mental-health-nursing-evidence-based-concepts-skills-and-practices.pdf
    • http://www.gorillawalker.com/the-abomination-of-desolation-in-matthew-24-15-library-of.pdf
    • http://www.gorillawalker.com/hatch-value-scales-with-five-grades-drawspace-module-3-1.pdf
    • http://www.gorillawalker.com/united-states-reports-cases-adjudged-in-the-supreme-court-at.pdf
    • http://www.gorillawalker.com/interconnect-and-contact-metallization-for-ulsi-proceedings-of-the-international.pdf
    • http://www.gorillawalker.com/etienne-erotica-book-2-bk-2.pdf
    • http://www.gorillawalker.com/the-legend-of-the-dancing-trees.pdf
    • http://www.gorillawalker.com/pynchon-character-names-a-dictionary.pdf
    • http://www.gorillawalker.com/federalism-and-responsibility-a-study-on-product-safety-law-and.pdf
    • http://www.gorillawalker.com/clued-in-how-to-keep-customers-coming-back-again-and.pdf
    • http://www.gorillawalker.com/missing-bureaucrat.pdf
    • http://www.gorillawalker.com/safety-pin-bracelets-turn-ordinary-safety-pins-into-extraordinary-bracelets.pdf
    • http://www.gorillawalker.com/ceylon-beckons-a-guide-to-tourists.pdf
    • http://www.gorillawalker.com/the-musculoskeletal-system-systems-of-the-body-series-2e.pdf
    • http://www.gorillawalker.com/automated-blood-counts-and-differentials-a-practical-guide-johns-hopkins.pdf
    • http://www.gorillawalker.com/stress-counselling-a-rational-emotive-behaviour-approach.pdf
    • http://www.gorillawalker.com/coaching-for-the-inner-edge.pdf
    • http://www.gorillawalker.com/point-blank-don-t-close-your-eyes-book-5.pdf
    • http://www.gorillawalker.com/raving-fans-a-revolutionary-approach-to-customer-service-1993-publication.pdf
    • http://www.gorillawalker.com/space
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.