Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7a18824ef932e98…

MALICIOUS

PDF

41.5 KB Created: 2018-11-26 08:37:01 +03:00 Authoring application: mPDF 6.0
MD5: ecc9b4bbba752359e1556448b284655e SHA-1: 2ff3689c6df0880c45f2d2ffdea53e2f0f2a92f6 SHA-256: f7a18824ef932e98a1316f7ecae875fc3fde93c6e1135136e1f4084a8f46f8a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content hosting scheme. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external PDF links, predominantly hosted on www.gorillawalker.com. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of user-facing lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/calclabs-with-mathematica-for-stewart-s-multivariable-calculus-6th.pdf
    • http://www.gorillawalker.com/nutrici-n-cronobiol-gica-y-bioenerg-tica-el-eslab-n.pdf
    • http://www.gorillawalker.com/human-robotics-neuromechanics-and-motor-control.pdf
    • http://www.gorillawalker.com/mats-sundin-hockey-heroes-biography-series-hockey-heroes-greystone.pdf
    • http://www.gorillawalker.com/stephen-roche-latin-america-honduras-stamps-postal-history-proofs.pdf
    • http://www.gorillawalker.com/strictly-strings-pop-style-solos.pdf
    • http://www.gorillawalker.com/toxic-terror-assessing-terrorist-use-of-chemical-and-biological-weapons.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-gustafson-karr-massey-s-intermediate-algebra.pdf
    • http://www.gorillawalker.com/agroecosystem-sustainability-developing-practical-strategies-advances-in-agroecology.pdf
    • http://www.gorillawalker.com/my-girlfriend-s-a-geek-vol-5-my-girlfriend-s.pdf
    • http://www.gorillawalker.com/lonely-planet-madagascar-comoros-3rd-ed.pdf
    • http://www.gorillawalker.com/diary-of-john-manningham-1868.pdf
    • http://www.gorillawalker.com/wisconsin-its-geography-and-topography-history-geology-and-mineralogy-together.pdf
    • http://www.gorillawalker.com/introduction-to-bioengineering-advanced-series-in-biomechanics-volume-2.pdf
    • http://www.gorillawalker.com/tales-of-the-madman-underground.pdf
    • http://www.gorillawalker.com/ambassador-of-the-shadows-valerian-vol-6-valerian-and-laureline.pdf
    • http://www.gorillawalker.com/escaping-darkness-red-rock-mysteries-10.pdf
    • http://www.gorillawalker.com/frank-wood-s-business-accounting-volume-1.pdf
    • http://www.gorillawalker.com/geopolitics.pdf
    • http://www.gorillawalker.com/technical-communication-13th-edition.pdf
    • http://www.gorillawalker.com/electric-illumination-international-textbook-company-bluebooks.pdf
    • http://www.gorillawalker.com/animal-tumors-of-the-female-reproductive-tract-spontaneous-and-experimental.pdf
    • http://www.gorillawalker.com/super-little-giant-book-of-magic-tricks-turtleback-school-library.pdf
    • http://www.gorillawalker.com/treasury-of-children-s-prayer-a.pdf
    • http://www.gorillawalker.com/risk-and-liability-in-air-law-maritime-and-transport-law.pdf
    • http://www.gorillawalker.com/the-year-of-dreaming-dangerously-kindle-edition.pdf
    • http://www.gorillawalker.com/elementary-linear-algebra-7th-seventh-edition.pdf
    • http://www.gorillawalker.com/instant-skits-for-children-s-ministry.pdf
    • http://www.gorillawalker.com/unruly-women-the-politics-of-social-and-sexual-control-in.pdf
    • http://www.gorillawalker.com/david-busch-s-sony-alpha-slt-a58-guide-to-digital.pdf
    • http://www.gorillawalker.com/greek-gods-zeus-lives-greek-gods-romance-greek-gods-and.pdf
    • http://www.gorillawalker.com/all-the-books-of-the-bible-bible-crossword-volume-one.pdf
    • http://www.gorillawalker.com/mercy-sparx-volume-2-2-mercy-sparx-volume-2-2.pdf
    • http://www.gorillawalker.com/surgical-technology-skills-and-procedures-program-five-prepping-dvd-series.pdf
    • http://www.gorillawalker.com/american-journal-of-dental-science-volume-20.pdf
    • http://www.gorillawalker.com/una-luz-que-se-apaga-spanish-edition.pdf
    • http://www.gorillawalker.com/de-rerum-natura-oxford-classical-texts-bks-1-6-latin.pdf
    • http://www.gorillawalker.com/fix-it-duck.pdf
    • http://www.gorillawalker.com/trick-or-treat-smell-my-feet-mulberry-books.pdf
    • http://www.gorillawalker.com/the-runaway-fear-street-series-41.pdf
    • http://www.gorillawalker.com/toxic-terror-assess
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.