Malicious PDF — malware analysis report

Static analysis result for SHA-256 2194ec34694b162f…

MALICIOUS

PDF

43.2 KB Created: 2019-02-12 18:31:06 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 1.1)
MD5: 608c97d5a10783d3a239630e90f1ecd9 SHA-1: 96079e69ff6642dcc48eacc7d04ed24d6a801437 SHA-256: 2194ec34694b162fa304cc205c2ed224d90e91f24f0ef829365da3b987c30827
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the same domain, suggesting a link farm or content distribution tactic. While no scripts were extracted, the sheer volume of links and the ML classification strongly suggest a malicious intent, likely related to SEO manipulation or serving as a lure for further malicious downloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rainwater-harvesting-and-use-understanding-the-basics-of-rainwater-harvesting.pdf
    • http://www.gorillawalker.com/hitler-1889-1936-hubris-and-hitler-1936-1945-nemesis-2.pdf
    • http://www.gorillawalker.com/forty-centuries-of-ink.pdf
    • http://www.gorillawalker.com/des-moines-register-cookbook-bur-oak-book.pdf
    • http://www.gorillawalker.com/robert-ludlum-s-the-paris-option-a-covert-one-novel.pdf
    • http://www.gorillawalker.com/de-carnaval-reinas-y-narco-spanish-edition.pdf
    • http://www.gorillawalker.com/iowans-of-the-mighty-eighth.pdf
    • http://www.gorillawalker.com/community-and-the-human-spirit-oral-histories-from-montreal-s.pdf
    • http://www.gorillawalker.com/huge-hashi-30x30-deluxe-easy-to-hard-volume-4-255.pdf
    • http://www.gorillawalker.com/visual-encyclopedia-of-ornamental-design.pdf
    • http://www.gorillawalker.com/tenkafubu-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/eye-examination-and-refraction.pdf
    • http://www.gorillawalker.com/beyond-armageddon.pdf
    • http://www.gorillawalker.com/the-incan-empire-exploring-the-ancient-world.pdf
    • http://www.gorillawalker.com/taxing-the-financial-sector-concepts-issues-and-practice.pdf
    • http://www.gorillawalker.com/institutional-critique-and-after-soccas-symposia-vol-2.pdf
    • http://www.gorillawalker.com/bni-general-construction-costbook-2009-building-news-general-construction-costbook.pdf
    • http://www.gorillawalker.com/maps-of-meaning-the-architecture-of-belief-hardcover-1999-author.pdf
    • http://www.gorillawalker.com/rationing-america-s-medical-care-the-oregon-plan-and-beyond.pdf
    • http://www.gorillawalker.com/guide-to-the-european-automotive-industry-directory-of-the-ec.pdf
    • http://www.gorillawalker.com/fifty-days-of-solitude-publisher-beacon-press.pdf
    • http://www.gorillawalker.com/against-the-giants-a-dungeons-dragons-miniatures-huge-pack-d.pdf
    • http://www.gorillawalker.com/the-supernatural-and-english-fiction.pdf
    • http://www.gorillawalker.com/expert-resumes-for-teachers-and-educators-3rd-ed.pdf
    • http://www.gorillawalker.com/he-llorado-tantas-veces-al-recordar-el-r-o-de.pdf
    • http://www.gorillawalker.com/dangers-of-smoking-anatomical-chart.pdf
    • http://www.gorillawalker.com/son-of-zeus-madness-kindle-edition.pdf
    • http://www.gorillawalker.com/landscape-and-exile.pdf
    • http://www.gorillawalker.com/by-michelin-travel-lifestyle-norway-maps-country-michelin-7th-edition.pdf
    • http://www.gorillawalker.com/restaurant-man.pdf
    • http://www.gorillawalker.com/wooden-boats-2015-calendar-wal-calendar.pdf
    • http://www.gorillawalker.com/yoga-for-kids.pdf
    • http://www.gorillawalker.com/teaching-deaf-learners-psychological-and-developmental-foundations-perspectives-on-deafness.pdf
    • http://www.gorillawalker.com/diagnostic-endocrinology-2e.pdf
    • http://www.gorillawalker.com/investigating-the-social-world-the-process-and-practice-of-research.pdf
    • http://www.gorillawalker.com/virginia-woolf-and-the-russian-point-of-view.pdf
    • http://www.gorillawalker.com/country-hardball-the-autobiography-of-enos-country-slaughter.pdf
    • http://www.gorillawalker.com/por-qu-mi-perro-hace-eso-spanish-edition.pdf
    • http://www.gorillawalker.com/industrial-fluid-power-vol-1-basic-text-on-hydraulics-air.pdf
    • http://www.gorillawalker.com/connect-1-semester-access-card-for-mechanics-of-materials.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.