Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1baa7b56ea85d2d…

MALICIOUS

PDF

40.6 KB Created: 2018-11-30 20:23:43 +03:00 Authoring application: Microsoft Word (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: fba1f83a4d974ef233c3d12c5748b295 SHA-1: dcaacd416ee0f76e605732e964980956d77d58f4 SHA-256: e1baa7b56ea85d2ded1a0414dc177cfb1da8d95484c9c6a91e139c510d4f2541
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as detected by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the same domain, suggesting a link farm or a method to distribute content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-do-i-find-foreclosures-how-can-you-buy-a.pdf
    • http://www.gorillawalker.com/bali-ve-lombok-cep-rehberi.pdf
    • http://www.gorillawalker.com/treasure-ben-hood-thrillers-book-9-kindle-edition.pdf
    • http://www.gorillawalker.com/more-terrible-than-death-massacres-drugs-and-america-s-war.pdf
    • http://www.gorillawalker.com/performance-analysis-of-complex-networks-and-systems-kindle-edition.pdf
    • http://www.gorillawalker.com/1-20-2015-sml-drug-stocks-buy-sell-hold-ratings.pdf
    • http://www.gorillawalker.com/the-bankruptcy-issues-handbook-6th-ed-2013-critical-issues-in.pdf
    • http://www.gorillawalker.com/bruce-lee-s-fighting-method-the-complete-edition.pdf
    • http://www.gorillawalker.com/pez-payaso-clown-fish-bajo-las-olas-under-the-sea.pdf
    • http://www.gorillawalker.com/the-bilingual-book-of-rhymes-songs-stories-and-fingerplays-over.pdf
    • http://www.gorillawalker.com/100-science-experiments.pdf
    • http://www.gorillawalker.com/frog-mountain-blues.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-teacher-s-manual-picture-this-shakespeare.pdf
    • http://www.gorillawalker.com/nourishing-the-inner-life-of-clinicians-and-humanitarians-the-ethical.pdf
    • http://www.gorillawalker.com/vida-de-jos.pdf
    • http://www.gorillawalker.com/the-hidden-mother.pdf
    • http://www.gorillawalker.com/a-dictionary-of-business-law-terms-black-s-law-dictionary.pdf
    • http://www.gorillawalker.com/florida-wildflowers-in-their-natural-communities.pdf
    • http://www.gorillawalker.com/road-trip-usa-route-66.pdf
    • http://www.gorillawalker.com/rave-art-flyers-invitations-and-membership-cards-from-the-birth.pdf
    • http://www.gorillawalker.com/the-rose-garden-a-daughter-s-story.pdf
    • http://www.gorillawalker.com/blume-s-atlas-of-pediatric-and-adult-electroencephalography.pdf
    • http://www.gorillawalker.com/mla-style-manual-and-guide-to-scholarly-publishing-2nd-edition.pdf
    • http://www.gorillawalker.com/motorcycle-club-menage.pdf
    • http://www.gorillawalker.com/ravished-by-the-wolf-god-a-medieval-fantasy-erotic-romance.pdf
    • http://www.gorillawalker.com/enlightenment-scientific-experiments-of-scientists-hands-on-invention-with-cd.pdf
    • http://www.gorillawalker.com/cultural-dimensions-of-expatriate-life-in-the-czech-republic-kindle.pdf
    • http://www.gorillawalker.com/beasts-of-gor-gorean-saga.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-bible-puzzles-volume-2-sudoku.pdf
    • http://www.gorillawalker.com/topics-in-pali-historical-phonology.pdf
    • http://www.gorillawalker.com/the-anthropology-of-citizenship-a-reader.pdf
    • http://www.gorillawalker.com/human-factors-ergonomics-for-building-and-construction-construction-management-and.pdf
    • http://www.gorillawalker.com/biomass-processing-over-gold-catalysts-springerbriefs-in-molecular-science.pdf
    • http://www.gorillawalker.com/the-einstein-pursuit.pdf
    • http://www.gorillawalker.com/thank-you-god-for-puppies.pdf
    • http://www.gorillawalker.com/gravitational-n-body-simulations-tools-and-algorithms-cambridge-monographs-on.pdf
    • http://www.gorillawalker.com/clinical-guide-to-wound-care.pdf
    • http://www.gorillawalker.com/secrets-of-successful-direct-mail.pdf
    • http://www.gorillawalker.com/rebuttal-the-cia-responds-to-the-senate-intelligence-committee-s.pdf
    • http://www.gorillawalker.com/the-darkest-tunnel.pdf
    • http://www.gorillawalker.com/the-bankruptcy-issues-handbook-6th-ed-2013-cr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.