Malicious PDF — malware analysis report

Static analysis result for SHA-256 eb7072be9cc2cd7c…

MALICIOUS

PDF

41.8 KB Created: 2018-12-07 18:28:12 +03:00 Authoring application: Writer (via OpenOffice.org 2.0.3)
MD5: 13271fffb1a30fc52a9d2447f525882b SHA-1: 31f4f14a868d29bd6b7a630caadf436b4bdf4ac8 SHA-256: eb7072be9cc2cd7c967f687cc98f76fdbcff9e37419cce278f9e3dbe583b86ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to other PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/victoria-the-insider-s-guide-for-every-visitor-to-the.pdf
    • http://www.gorillawalker.com/mechanics-of-materials-an-integrated-learning-system.pdf
    • http://www.gorillawalker.com/across-the-equator-a-holiday-trip-in-java.pdf
    • http://www.gorillawalker.com/a-life-in-secrets-vera-atkins-and-the-missing-agents.pdf
    • http://www.gorillawalker.com/twelve-deaths-of-christmas-di-lauren-rose-2.pdf
    • http://www.gorillawalker.com/1000-japanese-words-1000-words.pdf
    • http://www.gorillawalker.com/beautiful-savior-silesian-folk-tune.pdf
    • http://www.gorillawalker.com/how-to-rebuild-any-automotive-engine-sa-design-performance-how.pdf
    • http://www.gorillawalker.com/messy-bessey-s-school-desk-rookie-readers-level-c.pdf
    • http://www.gorillawalker.com/creativity-and-the-management-of-change-manchester-business-and-management.pdf
    • http://www.gorillawalker.com/ocr-as-biology-a-my-revision-notes.pdf
    • http://www.gorillawalker.com/refashioned-cutting-edge-clothing-from-upcycled-materials.pdf
    • http://www.gorillawalker.com/a-crocodile-s-life-living-large.pdf
    • http://www.gorillawalker.com/legacy-of-the-golden-wielder-a-novella-prequel-to-the.pdf
    • http://www.gorillawalker.com/puppy-love-volume-19-kindle-edition.pdf
    • http://www.gorillawalker.com/web-marketing-that-works-confessions-from-the-marketing-trenches.pdf
    • http://www.gorillawalker.com/the-crc-s-guide-to-coordinating-clinical-research.pdf
    • http://www.gorillawalker.com/tune-your-brain.pdf
    • http://www.gorillawalker.com/rise-and-fall-of-strategic-planning.pdf
    • http://www.gorillawalker.com/the-beautiful-country-tourism-and-the-impossible-state-of-destination.pdf
    • http://www.gorillawalker.com/the-vietnam-war-an-interactive-modern-history-adventure-you-choose.pdf
    • http://www.gorillawalker.com/spinal-imaging-and-image-analysis-lecture-notes-in-computational-vision.pdf
    • http://www.gorillawalker.com/bastian-s-storm-surviving-raine-volume-2.pdf
    • http://www.gorillawalker.com/the-ecology-of-fishes-on-coral-reefs.pdf
    • http://www.gorillawalker.com/bob-marley-complete-chord-songbook.pdf
    • http://www.gorillawalker.com/the-last-zombie-before-the-after-4-the-last-zombie.pdf
    • http://www.gorillawalker.com/neoplastic-hematopathology-experimental-and-clinical-approaches-contemporary-hematology.pdf
    • http://www.gorillawalker.com/deep-water.pdf
    • http://www.gorillawalker.com/amazon-fba-useful-guide-for-online-trading-with-ways-to.pdf
    • http://www.gorillawalker.com/the-baseball-heroes-woodland-mysteries.pdf
    • http://www.gorillawalker.com/dying-to-read-a-novel-the-cate-kinkaid-files-book.pdf
    • http://www.gorillawalker.com/and-she-was-a-verse-novel-pavilion-poetry-lup.pdf
    • http://www.gorillawalker.com/meeting-the-general-tales-of-911-runaways.pdf
    • http://www.gorillawalker.com/complete-icelandic-beginner-to-intermediate-course-book-and-audio-support.pdf
    • http://www.gorillawalker.com/pmp-certification-all-in-one-desk-reference-for-dummies.pdf
    • http://www.gorillawalker.com/sigrid-undset-in-america.pdf
    • http://www.gorillawalker.com/cuentos-de-canterbury-spanish-edition.pdf
    • http://www.gorillawalker.com/arrowstorm-the-archer-in-the-hundred-years-war.pdf
    • http://www.gorillawalker.com/the-life-of-saint-rose-of-lima.pdf
    • http://www.gorillawalker.com/beginners-guide-to-freehand-decorative-painting-jackie-shaw-studio-publication.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.