Malicious PDF — malware analysis report

Static analysis result for SHA-256 e357b40fff7d30c1…

MALICIOUS

PDF

44.6 KB Created: 2019-03-17 11:02:45 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: 2a7c8da870d519c75220ca9d576a1c57 SHA-1: e7919e1b43268ce902a7f1630ad9ae48a20458fb SHA-256: e357b40fff7d30c1b8a22b3f7258e3bf1e730c6954beb8d760528022e126ef43
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links to PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-quantum-physics-of-atomic-frequency-standards-recent-developments-and.pdf
    • http://www.gorillawalker.com/everybody-s-guide-to-the-law-deluxe-edition.pdf
    • http://www.gorillawalker.com/ssat-middle-level-secrets-study-guide-ssat-test-review-for.pdf
    • http://www.gorillawalker.com/asynchronous-circuit-design.pdf
    • http://www.gorillawalker.com/global-theory-of-connections-and-holonomy-groups.pdf
    • http://www.gorillawalker.com/genetics-essentials-concepts-and-connections.pdf
    • http://www.gorillawalker.com/the-walking-dead-ultimate-character-description-guide-book-includes-18.pdf
    • http://www.gorillawalker.com/heroic-eschatology-restoring-hope-and-optimism-by-killing-the-sacred.pdf
    • http://www.gorillawalker.com/la-citacion.pdf
    • http://www.gorillawalker.com/parting-from-the-four-attachments-a-commentary-on-jetsun-drakpa.pdf
    • http://www.gorillawalker.com/fish-evolution-and-systematics-evidence-from-spermatozoa-with-a-survey.pdf
    • http://www.gorillawalker.com/the-sea-of-trolls.pdf
    • http://www.gorillawalker.com/theorizing-documentary-afi-film-readers.pdf
    • http://www.gorillawalker.com/return-to-religion.pdf
    • http://www.gorillawalker.com/governing-japan-divided-politics-in-a-resurgent-economy.pdf
    • http://www.gorillawalker.com/managing-adhd-and-add-with-diet-a-comprehensive-guide-on.pdf
    • http://www.gorillawalker.com/the-overlook-film-encyclopedia-the-western.pdf
    • http://www.gorillawalker.com/trigger-mortis-with-original-material-by-ian-fleming-james-bond.pdf
    • http://www.gorillawalker.com/the-colonisation-of-land-origins-and-adaptations-of-terrestrial-animals.pdf
    • http://www.gorillawalker.com/on-the-chile-trail-100-great-recipes-from-across-america.pdf
    • http://www.gorillawalker.com/walking-back-to-happiness.pdf
    • http://www.gorillawalker.com/college-composition-freshman-college-level-examination-series-passbooks-college-level.pdf
    • http://www.gorillawalker.com/porsche-boxster-ultimate-portfolio-1996-2004.pdf
    • http://www.gorillawalker.com/sports-and-my-body.pdf
    • http://www.gorillawalker.com/who-i-m-becoming-firenine-book-4.pdf
    • http://www.gorillawalker.com/speak-kannada-in-10-days-learn-kannada-bhasha-from-telugu.pdf
    • http://www.gorillawalker.com/guitar-music-of-argentina.pdf
    • http://www.gorillawalker.com/century-praise-large-chinese-english-bilingual-hymnal-573-church-hymns.pdf
    • http://www.gorillawalker.com/a-clearing-in-the-forest-kindle-edition.pdf
    • http://www.gorillawalker.com/10-ways-you-ll-be-happier-in-munich.pdf
    • http://www.gorillawalker.com/concert-of-ghosts-kindle-edition.pdf
    • http://www.gorillawalker.com/thirteen-years-stephen-king-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/student-workbook-for-illustrated-dental-embryology-histology-and-anatomy-3e.pdf
    • http://www.gorillawalker.com/nineteen-conversations-with-jazz-musicians-new-york-city-1964-1965.pdf
    • http://www.gorillawalker.com/ray-charles-and-his-band-greenbacks-and-blackjack-78-rpm.pdf
    • http://www.gorillawalker.com/army-uniforms-of-the-world.pdf
    • http://www.gorillawalker.com/new-in-chess-yearbook-14-1989.pdf
    • http://www.gorillawalker.com/d-is-for-democracy-a-citizen-s-alphabet-sleeping-bear.pdf
    • http://www.gorillawalker.com/king-s-works-in-wales-1277-1330.pdf
    • http://www.gorillawalker.com/advanced-dermatologic-therapy-ii.pdf
    • http://www.gorillawalker.com/gl
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.