Malicious PDF — malware analysis report

Static analysis result for SHA-256 116ccf9d330d45a3…

MALICIOUS

PDF

45.9 KB Created: 2018-12-15 20:01:56 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: c455c4c604a1d42bac83fcc1e3d07429 SHA-1: f895fa5b3a099c3d1c7604bb60e6fb08f27609cb SHA-256: 116ccf9d330d45a33aa28837ef6cfa8678fb09d952ebe1f4f1a4056b4722e318
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document is designed to redirect users to a multitude of sites, potentially for SEO spam or to host malicious content. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fighting-ships-of-the-far-east-vol-1-china-and.pdf
    • http://www.gorillawalker.com/keaton-s-lessons-brac-village-6-siren-publishing-everlasting-classic.pdf
    • http://www.gorillawalker.com/one-among-men-the-maryland-state-university-series-book-1.pdf
    • http://www.gorillawalker.com/oeuvres-compl-tes-de-paul-verlaine-vol-1-po-mes.pdf
    • http://www.gorillawalker.com/where-the-wild-rose-blooms-rocky-mountain-memories-1.pdf
    • http://www.gorillawalker.com/legends-of-american-dance-and-choreography-collective-biographies.pdf
    • http://www.gorillawalker.com/tackling-dad.pdf
    • http://www.gorillawalker.com/las-genealog-as-alfaguara-spanish-edition.pdf
    • http://www.gorillawalker.com/bright-brainy-3rd-grade-practice-bright-brainy-level-3.pdf
    • http://www.gorillawalker.com/a-spectrum-of-voices-prominent-american-voice-teachers-discuss-the.pdf
    • http://www.gorillawalker.com/western-new-york-amusement-parks-images-of-america-series.pdf
    • http://www.gorillawalker.com/a-coloring-book-of-ancient-africa.pdf
    • http://www.gorillawalker.com/fodor-s-arizona-the-grand-canyon-2014-full-color-travel.pdf
    • http://www.gorillawalker.com/mascagni-cavalleria-rusticana-mamma-quelvino-e-generoso-turiddu-tenor-instantly.pdf
    • http://www.gorillawalker.com/the-best-of-buffalo-springfield-retrospective.pdf
    • http://www.gorillawalker.com/acts-of-compassion-an-alternative-break-challenge-journal-for-students.pdf
    • http://www.gorillawalker.com/mono-divide-high-country-trail-map-tom-harrison-maps.pdf
    • http://www.gorillawalker.com/tangled-3-hello-gorgeous.pdf
    • http://www.gorillawalker.com/regeneration-species-imperative-3.pdf
    • http://www.gorillawalker.com/the-hcg-diet-gourmet-cookbook-volume-two-150-more-easy.pdf
    • http://www.gorillawalker.com/bloody-right.pdf
    • http://www.gorillawalker.com/austin-osman-spare-the-occult-life-of-london-s-legendary.pdf
    • http://www.gorillawalker.com/child-of-the-owl.pdf
    • http://www.gorillawalker.com/inside-microsoft-sql-server-2008-t-sql-programming-developer-reference.pdf
    • http://www.gorillawalker.com/fault-and-joint-development-in-brittle-and-semi-brittle-rock.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-functions-and-applications-teacher-s-edition.pdf
    • http://www.gorillawalker.com/kid-s-guitar-course-book-1-book-and-enhanced-cd.pdf
    • http://www.gorillawalker.com/bought-with-blood-the-divine-exchange-at-the-cross.pdf
    • http://www.gorillawalker.com/legal-reasoning-and-legal-writing-structure-strategy-and-style-6th.pdf
    • http://www.gorillawalker.com/constitution-and-by-laws-for-the-everlasting-gospel-institute-church.pdf
    • http://www.gorillawalker.com/the-organic-nanny-s-guide-to-raising-healthy-kids-how.pdf
    • http://www.gorillawalker.com/oecd-compendium-of-productivity-indicators-2013.pdf
    • http://www.gorillawalker.com/the-rubber-stamper-magazine-september-october-1999-for-rubber-stamp.pdf
    • http://www.gorillawalker.com/tricia-guild-in-town-contemporary-design-for-urban-living.pdf
    • http://www.gorillawalker.com/hairbrained.pdf
    • http://www.gorillawalker.com/understanding-the-main-idea-advanced-level-comprehension-skills-series.pdf
    • http://www.gorillawalker.com/pearson-s-canal-companion-oxford-grand-union-and-nene.pdf
    • http://www.gorillawalker.com/the-advanced-pistol-marksmanship-instructor-s-manual.pdf
    • http://www.gorillawalker.com/a-love-to-remember-2.pdf
    • http://www.gorillawalker.com/shipwrecks-north-of-boston-vol-1-salem-bay.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.