Malicious PDF — malware analysis report

Static analysis result for SHA-256 e92ccb253a7677cc…

MALICIOUS

PDF

43.4 KB Created: 2018-12-07 18:27:25 +03:00 Authoring application: Writer (via OpenOffice.org 2.4)
MD5: cc33343622986a98741c0be332766a61 SHA-1: e30e168165677b3489ea36a1dade428894ebb469 SHA-256: e92ccb253a7677cc979a9a66c68c027252758a03260e707b8f09782d59d17d37
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute additional malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/only-dreaming-sky-poems.pdf
    • http://www.gorillawalker.com/g-del-revisited-some-more-doubts-concerning-the-formal-correctness.pdf
    • http://www.gorillawalker.com/the-it-professional-s-guide-to-researching-a-new-industry.pdf
    • http://www.gorillawalker.com/physical-inorganic-chemistry-reactions-processes-and-applications.pdf
    • http://www.gorillawalker.com/no-more-hrt-menopause-treat-the-cause.pdf
    • http://www.gorillawalker.com/grief-and-its-challenges.pdf
    • http://www.gorillawalker.com/how-to-become-a-medical-transcriptionist.pdf
    • http://www.gorillawalker.com/annabel-karmel-s-new-complete-baby-and-toddler-meal-planner.pdf
    • http://www.gorillawalker.com/hochzeitsreigen-op-453-arrangement-for-theatre-orchestra-keyboard-conductor-score.pdf
    • http://www.gorillawalker.com/the-first-fifteen-lives-of-harry-august-kindle-edition.pdf
    • http://www.gorillawalker.com/heidegger-coping-and-cognitive-science-essays-in-honor-of-hubert.pdf
    • http://www.gorillawalker.com/safavid-iran-her-neighbors.pdf
    • http://www.gorillawalker.com/a-cheating-man-s-heart-2-kindle-edition.pdf
    • http://www.gorillawalker.com/a-tiger-grows-up-wild-animals-picture-window-paperback.pdf
    • http://www.gorillawalker.com/steck-vaughn-pair-it-books-early-fluency-stage-3-student.pdf
    • http://www.gorillawalker.com/the-girls-of-the-garden-club-a-comedy-in-three.pdf
    • http://www.gorillawalker.com/syria-cultures-of-the-world.pdf
    • http://www.gorillawalker.com/mindfulness-based-cognitive-therapy-distinctive-features-cbt-distinctive-features.pdf
    • http://www.gorillawalker.com/god-centric.pdf
    • http://www.gorillawalker.com/communication-theory-and-signal-processing-for-transform-coding-kindle-edition.pdf
    • http://www.gorillawalker.com/pharmacology-for-dental-allied-health-sciences.pdf
    • http://www.gorillawalker.com/wildflowers-of-the-berkshire-taconic-hills-berkshire-outdoors-series.pdf
    • http://www.gorillawalker.com/shang-yun-xiang-style-xingyiquan-the-foundations-and-subtleties-of.pdf
    • http://www.gorillawalker.com/a-first-course-in-noncommutative-rings-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-business-mathematics-complete-and-brief-editions.pdf
    • http://www.gorillawalker.com/financial-accounting-acc-232-arizona-state-university.pdf
    • http://www.gorillawalker.com/dancing-for-the-lord-the-academy-kindle-edition.pdf
    • http://www.gorillawalker.com/stress-fracture-dub-walker-series.pdf
    • http://www.gorillawalker.com/precalculus-enhanced-with-graphing-utilities-student-solutions-manual-third-edition.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-old-fishing-lures-made-in-north-america.pdf
    • http://www.gorillawalker.com/zinn-the-art-of-road-bike-maintenance.pdf
    • http://www.gorillawalker.com/c-mo-gan-2-000-000-en-la-bolsa-how.pdf
    • http://www.gorillawalker.com/a-short-history-of-indians-in-canada-stories.pdf
    • http://www.gorillawalker.com/english-and-catholic-the-lords-baltimore-in-the-seventeenth-century.pdf
    • http://www.gorillawalker.com/highway-engineering-management-and-practice-national-qualification-exam-construction-of.pdf
    • http://www.gorillawalker.com/the-humbled.pdf
    • http://www.gorillawalker.com/bartolomeu-dias.pdf
    • http://www.gorillawalker.com/lure-of-the-caribbean.pdf
    • http://www.gorillawalker.com/karate-the-ultimate-beginners-guide-to-mastering-karate-in-30.pdf
    • http://www.gorillawalker.com/get-the-check-the-attorney-marketing-center-s-guide-to.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.