Malicious PDF — malware analysis report

Static analysis result for SHA-256 2294feff0f7640e9…

MALICIOUS

PDF

45.6 KB Created: 2019-03-16 09:03:11 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: 7fc4f930e4f6e5eb491841878ff0acb4 SHA-1: 1048578d89e4c040820d162151704bba2ccc8562 SHA-256: 2294feff0f7640e97f814aea08463bf95e2f61fbe23210d540953ff0325ba9e0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a mass external link farm, with 32 links pointing to PDFs hosted on gorillawalker.com. This heuristic, combined with the ML classifier's high confidence, suggests a malicious intent. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links indicates a coordinated effort to direct users to external content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fish-finelli-book-3-ghosts-don-t-wear-glasses.pdf
    • http://www.gorillawalker.com/precalculus-etext-with-mymathlab-and-explorations-and-notes-access-card.pdf
    • http://www.gorillawalker.com/ali-cat-is-a-scaredy-cat-i-can-read-ali.pdf
    • http://www.gorillawalker.com/cramsession-s-adobe-photoshop-6-0-certification-study-guide-download.pdf
    • http://www.gorillawalker.com/cambridge-igcse-ict-2nd-edition.pdf
    • http://www.gorillawalker.com/high-five-the-magic-of-working-together.pdf
    • http://www.gorillawalker.com/fu-mingxia-an-entry-from-gale-s-notable-sports-figures.pdf
    • http://www.gorillawalker.com/shadow-play-a-mystery.pdf
    • http://www.gorillawalker.com/rethinking-rehabilitation-theory-and-practice-rehabilitation-science-in-practice-series.pdf
    • http://www.gorillawalker.com/the-uncommon-sense-of-the-immortal-mullah-nasruddin-stories-jests.pdf
    • http://www.gorillawalker.com/volcanic-tourist-destinations-geoheritage-geoparks-and-geotourism.pdf
    • http://www.gorillawalker.com/training-the-modern-jumper.pdf
    • http://www.gorillawalker.com/napkin-folding-for-every-occasion.pdf
    • http://www.gorillawalker.com/a-teaspoon-of-courage-a-little-book-of-encouragement-for.pdf
    • http://www.gorillawalker.com/voice-over-packet-networks.pdf
    • http://www.gorillawalker.com/remembering-the-armenian-genocide-1915-2015.pdf
    • http://www.gorillawalker.com/beer-uk-version-photographs-of-beer-calvendo-food.pdf
    • http://www.gorillawalker.com/peterson-s-graduate-programs-in-management-of-engineering-technology-materials.pdf
    • http://www.gorillawalker.com/new-gourd-art-with-ink-dyes-design-originals.pdf
    • http://www.gorillawalker.com/daily-drills-and-technical-studies-for-trumpet.pdf
    • http://www.gorillawalker.com/iec-60245-6-ed-2-0-b-1994-rubber-insulated.pdf
    • http://www.gorillawalker.com/welcome-to-the-club-surviving-cancer-one-laugh-at-a.pdf
    • http://www.gorillawalker.com/nana-2-nursing-assistant-big-comics-special-2012-isbn-4091843786.pdf
    • http://www.gorillawalker.com/beyond-diet-the-28-day-metabolic-breakthrough-plan.pdf
    • http://www.gorillawalker.com/the-horse-rider-s-problem-solver-provides-practical-solutions-to.pdf
    • http://www.gorillawalker.com/spotsylvania-county-va-atlas.pdf
    • http://www.gorillawalker.com/expediciones-matem-ticas-fuera-de-colecci-n-spanish-edition.pdf
    • http://www.gorillawalker.com/secret-tunnels-of-england-folklore-and-fact.pdf
    • http://www.gorillawalker.com/foundations-of-radiation-theory-and-quantum-electrodynamics.pdf
    • http://www.gorillawalker.com/the-mobility-revolution-zero-emissions-zero-accidents-zero-ownership.pdf
    • http://www.gorillawalker.com/the-lost-city-of-z-a-tale-of-deadly-obsession.pdf
    • http://www.gorillawalker.com/viola-building-technic-with-beautiful-music-viola-volume-1.pdf
    • http://www.gorillawalker.com/welsh-cistercians-written-to-commemorate-the-centenary-of-the-death.pdf
    • http://www.gorillawalker.com/gre-subject-test-psychology-5th-edition.pdf
    • http://www.gorillawalker.com/intimacy-from-the-inside-out-courage-and-compassion-in-couple.pdf
    • http://www.gorillawalker.com/fish-sticks-the-fall-and-rise-of-the-new-york.pdf
    • http://www.gorillawalker.com/blues-guitar-tab-white-pages.pdf
    • http://www.gorillawalker.com/a-people-s-history-of-the-vietnam-war-new-press.pdf
    • http://www.gorillawalker.com/this-is-not-available-061406.pdf
    • http://www.gorillawalker.com/the-executive-rules-a-complete-guide-to-landing-an-executive.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.