Malicious PDF — malware analysis report

Static analysis result for SHA-256 e51aaf903f609b6d…

MALICIOUS

PDF

43.9 KB Created: 2019-03-17 06:35:12 +03:00 Authoring application: Microsoft® Word 2016
MD5: facd30de89f21628f434f8525df94ba2 SHA-1: 6f7dc4f7249d9f20bf32b2935427b749fdf1e846 SHA-256: e51aaf903f609b6d3a08bae2ed30fb32fb84a8a2105a12c67e14522f83dbea8c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The primary attack pattern appears to be SEO manipulation or the distribution of malicious content through a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/great-white-sharks-sharks-abdo.pdf
    • http://www.gorillawalker.com/dewalt-construction-professional-reference.pdf
    • http://www.gorillawalker.com/the-adventures-of-lady-the-big-storm-coloring-book.pdf
    • http://www.gorillawalker.com/give-away-your-timeshare-by-d-pats-kindle-edition.pdf
    • http://www.gorillawalker.com/a-biographical-history-of-lancaster-county.pdf
    • http://www.gorillawalker.com/authentic-italian-made-easy-antipasto-appetizers-for-busy-people-who.pdf
    • http://www.gorillawalker.com/you-re-smarter-than-you-think-a-kid-s-guide.pdf
    • http://www.gorillawalker.com/bear-aware-hiking-and-camping-in-bear-country-how-to.pdf
    • http://www.gorillawalker.com/the-basics-of-winning-sports-betting.pdf
    • http://www.gorillawalker.com/the-clinton-crack-up-the-boy-president-s-life-after.pdf
    • http://www.gorillawalker.com/measuring-young-people-s-legal-capability-kindle-edition.pdf
    • http://www.gorillawalker.com/the-arab-of-the-future-a-graphic-memoir.pdf
    • http://www.gorillawalker.com/romantic-vs-screwball-comedy-charting-the-difference-studies-in-film.pdf
    • http://www.gorillawalker.com/wild-boar-hong-kong-new-plays-selection-2012-kindle-edition.pdf
    • http://www.gorillawalker.com/an-infinitesimal-approach-to-stochastic-analysis.pdf
    • http://www.gorillawalker.com/fans-and-ventilation-a-practical-guide.pdf
    • http://www.gorillawalker.com/race-the-states-travel-games-with-press-and-peel-clings.pdf
    • http://www.gorillawalker.com/spunky-seniors-4.pdf
    • http://www.gorillawalker.com/la-justice-de-paix-a-l-aube-de-l-independance.pdf
    • http://www.gorillawalker.com/microfax-star-wars-han-solo-chewbacca-pack-funfax.pdf
    • http://www.gorillawalker.com/i-m-furious-dealing-with-feelings.pdf
    • http://www.gorillawalker.com/confirming-your-faith-student-journal.pdf
    • http://www.gorillawalker.com/the-jewish-war-revised-edition-penguin-classics.pdf
    • http://www.gorillawalker.com/subversive-voices-eroticizing-the-other-in-william-faulkner-and-tomi.pdf
    • http://www.gorillawalker.com/mi-libro-dorado-de-los-santos-my-golden-book-of.pdf
    • http://www.gorillawalker.com/common-sense-the-declaration-of-independence-giants-of-political-thought.pdf
    • http://www.gorillawalker.com/mechanics-of-materials-plus-masteringengineering-with-pearson-etext-access-card.pdf
    • http://www.gorillawalker.com/normal-and-abnormal-function-of-the-foot-clinical-biomechanics-volume.pdf
    • http://www.gorillawalker.com/indrani-in-festival-of-indian-dance-drama-and-music-programme.pdf
    • http://www.gorillawalker.com/the-resurrection-of-the-body-pier-paolo-pasolini-from-saint.pdf
    • http://www.gorillawalker.com/basic-principles-of-structural-equation-modeling-an-introduction-to-lisrel.pdf
    • http://www.gorillawalker.com/gardening-everything-you-need-to-know-to-grow-fruits-vegetables.pdf
    • http://www.gorillawalker.com/pink-floyd-new-edition.pdf
    • http://www.gorillawalker.com/introduction-to-sap-business-one.pdf
    • http://www.gorillawalker.com/magic-bites-kate-daniels.pdf
    • http://www.gorillawalker.com/introduction-to-skin-biothermomechanics-and-thermal-pain.pdf
    • http://www.gorillawalker.com/everyday-gluten-free-living-a-practical-roadmap-to-transforming-your.pdf
    • http://www.gorillawalker.com/kuro-no-kishi-black-knight-vol-2-yaoi-v-2.pdf
    • http://www.gorillawalker.com/nature-in-translation-freedom-subjectivity-and-japanese-tourism-encounters-in.pdf
    • http://www.gorillawalker.com/ambulance-emergency-vehicles.pdf
    • http://www.gorillawalker.com/you-re-smarter-than-you-think-a-kid-s-guide.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.