Malicious PDF — malware analysis report

Static analysis result for SHA-256 f22045b52ce4d5f3…

MALICIOUS

PDF

32.6 KB Created: 2019-12-10 02:23:39 +03:00 Authoring application: Word (via Mac OS X 10.8.5 Quartz PDFContext)
MD5: cde0ba7ccff566a82f2062f56c8debb4 SHA-1: eb751c49ad1edb274d9232e0f38bbae97769c29a SHA-256: f22045b52ce4d5f35f6682eed8ebe3b4e0f7f3ee1843c71805909d4341d3fdde
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a link farm with 32 external PDF links, all hosted on www.gorillawalker.com. This heuristic, combined with the ML classifier flagging the document as malicious, suggests a social engineering attack. The purpose appears to be to drive traffic to these external resources, potentially for SEO manipulation or to host malicious content indirectly.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/translife-international-new-media-art.pdf
    • http://www.gorillawalker.com/practical-handbook-of-soil-vadose-zone-and-ground-water-contamination.pdf
    • http://www.gorillawalker.com/imperialism-world-politics.pdf
    • http://www.gorillawalker.com/straight-acting-popular-gay-drama-from-wilde-to-rattigan-lesbian.pdf
    • http://www.gorillawalker.com/century-collection-mandolin-and-guitar-music-series-ii-544-waves.pdf
    • http://www.gorillawalker.com/smaranam-a-garland-of-kirtan.pdf
    • http://www.gorillawalker.com/just-peacemaking-the-new-paradigm-for-the-ethics-of-peace.pdf
    • http://www.gorillawalker.com/skin-care-and-cosmetic-ingredients-dictionary-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-artwork-of-guy-erma-and-the-son-of-empire.pdf
    • http://www.gorillawalker.com/smart-about-the-fifty-states-smart-about-history.pdf
    • http://www.gorillawalker.com/glencoe-understanding-psychology.pdf
    • http://www.gorillawalker.com/contrasts-webster-s-specialty-crossword-puzzles-volume-3-the-expert.pdf
    • http://www.gorillawalker.com/the-effect-of-palimpsest-culture-literature-history-literary-and-cultural.pdf
    • http://www.gorillawalker.com/earth-surface-processes.pdf
    • http://www.gorillawalker.com/the-bhs-manual-of-equitation-the-training-of-horse-and.pdf
    • http://www.gorillawalker.com/clipperton.pdf
    • http://www.gorillawalker.com/the-bahamas-speed-weeks.pdf
    • http://www.gorillawalker.com/behavioral-expressions-and-biosocial-bases-of-sensation-seeking.pdf
    • http://www.gorillawalker.com/how-to-win-customers-and-keep-them-for-life.pdf
    • http://www.gorillawalker.com/old-english-poems-prose-and-lessons.pdf
    • http://www.gorillawalker.com/the-cambridge-handbook-of-communication-disorders-cambridge-handbooks-in-language.pdf
    • http://www.gorillawalker.com/the-business-of-ecotourism.pdf
    • http://www.gorillawalker.com/the-society-of-tomorrow-large-print-edition-a-forecast-of.pdf
    • http://www.gorillawalker.com/ob-gyn-sonography-an-illustrated-review.pdf
    • http://www.gorillawalker.com/conquests-and-cultures-an-international-history.pdf
    • http://www.gorillawalker.com/wild-chickens-and-petty-tyrants-108-metaphors-for-mindfulness-1st.pdf
    • http://www.gorillawalker.com/inbound-for-pleasure-bound-to-him-book-1.pdf
    • http://www.gorillawalker.com/liar-liar-the-theory-practice-and-destructive-properties-of-deception.pdf
    • http://www.gorillawalker.com/nelson-mandela-s-favorite-african-folktales-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/computers-programming-ferguson-career-launcher-hardcover-hardback-common.pdf
    • http://www.gorillawalker.com/teaching-to-mastery-mathematics-teaching-of-decimals.pdf
    • http://www.gorillawalker.com/tough-secrets.pdf
    • http://www.gorillawalker.com/tchaikovsky-piano-trio-opus-50-in-a-minor-edition-peters.pdf
    • http://www.gorillawalker.com/the-anti-inflammation-cookbook-the-delicious-way-to-reduce-inflammation.pdf
    • http://www.gorillawalker.com/social-studies-projects-learning-on-your-own.pdf
    • http://www.gorillawalker.com/the-misanthrope-dover-thrift-editions-kindle-edition.pdf
    • http://www.gorillawalker.com/what-i-learned-in-narnia-kindle-edition.pdf
    • http://www.gorillawalker.com/orient-express-a-personal-journey.pdf
    • http://www.gorillawalker.com/oral-fixation-kindle-edition.pdf
    • http://www.gorillawalker.com/plant-virology-fifth-edition.pdf
    • http://www.gorillawalker.com/contrasts-webster-s-specialty-crossword-puzzles-v
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.