Malicious PDF — malware analysis report

Static analysis result for SHA-256 29ea29274d7c4096…

MALICIOUS

PDF

32.7 KB Created: 2020-02-08 18:27:31 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: d297311b722de59f395a4bb0e63c9f14 SHA-1: 50c868d8fb4ddbcfd95706742b104d55e70d8034 SHA-256: 29ea29274d7c40968465157ac0eee892b0a6aef7c9b21ffaf909351cd2c5fea7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links pointing to PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/blim-the-bible-s-life-instruction-manual.pdf
    • http://www.gorillawalker.com/claymore-vol-17.pdf
    • http://www.gorillawalker.com/informants.pdf
    • http://www.gorillawalker.com/the-rough-guide-ibiza-and-formentera-second-edition.pdf
    • http://www.gorillawalker.com/blue-dahlia-black-gold-a-journey-into-angola.pdf
    • http://www.gorillawalker.com/an-a-to-z-of-critical-thinking.pdf
    • http://www.gorillawalker.com/prayer-warrior-book-of-prayers-the-power-of-praying-your.pdf
    • http://www.gorillawalker.com/ancient-germanic-literatures-medieval-renais-text-studies.pdf
    • http://www.gorillawalker.com/armies-in-lebanon-1982-84-men-at-arms-series-165.pdf
    • http://www.gorillawalker.com/how-to-be-intelligent-investor-like-warren-buffett.pdf
    • http://www.gorillawalker.com/heart-drops-of-dharmakaya-dzogchen-practice-of-the-bon-tradition.pdf
    • http://www.gorillawalker.com/a-short-history-of-reconstruction-updated-edition.pdf
    • http://www.gorillawalker.com/the-silver-butterfly.pdf
    • http://www.gorillawalker.com/stolen-man-the-story-of-the-amistad-rebellion.pdf
    • http://www.gorillawalker.com/the-food-that-would-last-forever-understanding-the-dangers-of.pdf
    • http://www.gorillawalker.com/imperial-leather-race-gender-and-sexuality-in-the-colonial-contest.pdf
    • http://www.gorillawalker.com/best-of-def-leppard-guitar-recorded-versions.pdf
    • http://www.gorillawalker.com/incubus-a-novel.pdf
    • http://www.gorillawalker.com/compactifications-of-symmetric-and-locally-symmetric-spaces-mathematics-theory-applications.pdf
    • http://www.gorillawalker.com/step-one-killing-hitler-saving-hitler-volume-1.pdf
    • http://www.gorillawalker.com/moral-philosophy-a-reader.pdf
    • http://www.gorillawalker.com/the-new-extended-working-range-for-clarinet.pdf
    • http://www.gorillawalker.com/film-genre-from-iconography-to-ideology-short-cuts.pdf
    • http://www.gorillawalker.com/design-and-performance-of-mat-foundations-state-of-the-art.pdf
    • http://www.gorillawalker.com/the-utterly-completely-and-totally-useless-fact-o-pedia-a.pdf
    • http://www.gorillawalker.com/treat-me-right-kids-talk-about-respect.pdf
    • http://www.gorillawalker.com/mediated-learning-teaching-tasks-and-tools-to-unlock-cognitive-potential.pdf
    • http://www.gorillawalker.com/rick-steves-scandinavia-1997-annual.pdf
    • http://www.gorillawalker.com/professional-review-guide-for-the-ccs-p-examination-w-interactive.pdf
    • http://www.gorillawalker.com/englishman-s-hebrew-and-chaldee-concordance-of-the-old-testament.pdf
    • http://www.gorillawalker.com/100-years-of-collectible-jewelry.pdf
    • http://www.gorillawalker.com/social-communication-among-primates.pdf
    • http://www.gorillawalker.com/ruby-under-a-microscope-an-illustrated-guide-to-ruby-internals.pdf
    • http://www.gorillawalker.com/la-mujer-de-pie-spanish-edition.pdf
    • http://www.gorillawalker.com/le-v-ritable-st-genest-french-edition.pdf
    • http://www.gorillawalker.com/investing-101.pdf
    • http://www.gorillawalker.com/understanding-sustainability-economics-towards-pluralism-in-economics.pdf
    • http://www.gorillawalker.com/the-periodic-table-mapping-the-elements-exploring-science-physical-science.pdf
    • http://www.gorillawalker.com/america-in-the-cold-war-a-reference-guide-guides-to.pdf
    • http://www.gorillawalker.com/english-books-and-readers-1558-1603-volume-2-being-a.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.