Malicious PDF — malware analysis report

Static analysis result for SHA-256 f40cad3555910a7f…

MALICIOUS

PDF

42.1 KB Created: 2018-11-23 21:09:14 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: 886432ebb8c439fd6861a4f18d9643e1 SHA-1: b828ac15ad625aaf1d63dfab13c14b79edfab076 SHA-256: f40cad3555910a7f7b36150721e014da8c79535b3a553f104c7b05208381a1d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links, forming a link farm. The document body is heavily obfuscated and unreadable, but the presence of 32 external PDF links suggests a social engineering attempt to direct users to potentially malicious content hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-sunflower.pdf
    • http://www.gorillawalker.com/nansen-explorer-and-humanitarian.pdf
    • http://www.gorillawalker.com/a-historical-and-descriptive-narrative-of-twenty-years-residence-in.pdf
    • http://www.gorillawalker.com/manifest-destiny-a-primary-source-history-of-america-s-territorial.pdf
    • http://www.gorillawalker.com/serenity-a-companion-for-twelve-step-recovery.pdf
    • http://www.gorillawalker.com/mindmelding-consciousness-neuroscience-and-the-mind-s-privacy.pdf
    • http://www.gorillawalker.com/shale-oil-production-processes.pdf
    • http://www.gorillawalker.com/the-rune-master-saga-kindle-edition.pdf
    • http://www.gorillawalker.com/basic-composting-all-the-skills-and-tools-you-need-to.pdf
    • http://www.gorillawalker.com/spriggles-motivational-books-for-children-inspiration-spriggles-motivational-books-for.pdf
    • http://www.gorillawalker.com/construction-scheduling-preparation-liability-and-claims-1999-cumulative-supplement.pdf
    • http://www.gorillawalker.com/passion-of-the-west.pdf
    • http://www.gorillawalker.com/the-great-ginger-beer-machine-the-initial-spark-book-1.pdf
    • http://www.gorillawalker.com/wheatgrass-hierba-de-trigo-spanish-edition.pdf
    • http://www.gorillawalker.com/english-vocabulary-in-use-elementary-with-answers.pdf
    • http://www.gorillawalker.com/wife-in-time-spellbound-silhouette-desire.pdf
    • http://www.gorillawalker.com/methanol-fuel-cell-systems-advancing-towards-commercialization.pdf
    • http://www.gorillawalker.com/works-of-the-law-at-qumran-and-in-paul-new.pdf
    • http://www.gorillawalker.com/the-heir-of-redclyffe.pdf
    • http://www.gorillawalker.com/nightfall-book-two-of-the-chronicles-of-arden-volume-2.pdf
    • http://www.gorillawalker.com/vietnam-travel-bugs.pdf
    • http://www.gorillawalker.com/la-novela-corta-y-el-relato-breve-c-mo-escribir.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-international-law-keyed-to-dunoff-ratner-and.pdf
    • http://www.gorillawalker.com/governments-of-illinois-2010-annual-financial-and-employee-analysis.pdf
    • http://www.gorillawalker.com/american-intellectual-histories-and-historians-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/night-runner.pdf
    • http://www.gorillawalker.com/the-changing-shape-of-nursing-practice-the-role-of-nurses.pdf
    • http://www.gorillawalker.com/all-for-the-boss.pdf
    • http://www.gorillawalker.com/clearing-candida-cookbook.pdf
    • http://www.gorillawalker.com/wireless-communication-technology.pdf
    • http://www.gorillawalker.com/flight-of-faith-my-miracle-on-the-hudson.pdf
    • http://www.gorillawalker.com/fighting-edge-using-your-martial-arts-to-fight-better.pdf
    • http://www.gorillawalker.com/the-natural-history-of-unicorns.pdf
    • http://www.gorillawalker.com/people-of-prowess-sport-leisure-and-labor-in-early-anglo.pdf
    • http://www.gorillawalker.com/chapman-piloting-seamanship-boat-handling.pdf
    • http://www.gorillawalker.com/mass-in-c-major-kalmus-edition.pdf
    • http://www.gorillawalker.com/new-mexico-a-new-guide-to-the-colorful-state.pdf
    • http://www.gorillawalker.com/nursing-anatomy-cardiovascular-system.pdf
    • http://www.gorillawalker.com/the-security-of-water-food-energy-and-liveability-of-cities.pdf
    • http://www.gorillawalker.com/the-economics-of-crime-lessons-for-and-from-latin-america.pdf
    • http://www.gorillawalker.com/the-rune-master
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.