Malicious PDF — malware analysis report

Static analysis result for SHA-256 412548fdeef1bfb9…

MALICIOUS

PDF

44.0 KB Created: 2019-03-17 04:32:12 +03:00 Authoring application: Apache FOP Version 1.0
MD5: 70f9c53d00206e994ebe2a90d342aac5 SHA-1: 256e388c7f2919bf29145df1b8679035a621efb6 SHA-256: 412548fdeef1bfb9a0bedaf379fadf4c9138d4ac02b808ffaf3af48781967306
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-is-a-rainbow-a-just-ask-book.pdf
    • http://www.gorillawalker.com/happy-talk.pdf
    • http://www.gorillawalker.com/a-passion-for-the-past-creative-teaching-of-u-s.pdf
    • http://www.gorillawalker.com/los-primeros-modernos-arte-y-sociedad-en-buenos-aires-a.pdf
    • http://www.gorillawalker.com/abc-of-epilepsy.pdf
    • http://www.gorillawalker.com/oeuvres-completes-de-moliere-la-princesse-d-elide-les-plaisirs.pdf
    • http://www.gorillawalker.com/on-zen-practice-body-breath-and-mind.pdf
    • http://www.gorillawalker.com/cinema-4d-11-workshop.pdf
    • http://www.gorillawalker.com/bankrupting-physics-how-today-s-top-scientists-are-gambling-away.pdf
    • http://www.gorillawalker.com/light-and-easy-diabetes-cuisine-2-ed-delicious-recipes-for.pdf
    • http://www.gorillawalker.com/88-songwriting-wrongs-and-how-to-right-them-concrete-ways.pdf
    • http://www.gorillawalker.com/coffee-in-the-cereal-the-first-year-with-multiple-sclerosis.pdf
    • http://www.gorillawalker.com/la-biblia-para-los-bebes-mas-historias-la-biblia-para.pdf
    • http://www.gorillawalker.com/mosses-lichens-ferns-of-northwest-north-america-lone-pine-guide.pdf
    • http://www.gorillawalker.com/australia-on-15-20-a-day.pdf
    • http://www.gorillawalker.com/reported-knowledge-and-management-of-acute-low-back-pain-by.pdf
    • http://www.gorillawalker.com/the-mask-strikes-back.pdf
    • http://www.gorillawalker.com/osten-sjostrand-world-authors.pdf
    • http://www.gorillawalker.com/alzheimer-s-disease-a-forgotten-life-watts-library.pdf
    • http://www.gorillawalker.com/the-new-negotiating-edge-the-behavioral-approach-for-results-and.pdf
    • http://www.gorillawalker.com/low-phase-noise-microwave-oscillator-design-artech-house-antennas-and.pdf
    • http://www.gorillawalker.com/hucow-dairy-farm-bundle-the-complete-hucow-dairy-farm-series.pdf
    • http://www.gorillawalker.com/investments-analysis-and-management-12th-edition.pdf
    • http://www.gorillawalker.com/the-disability-and-carers-handbook-the-guide-to-your-rights.pdf
    • http://www.gorillawalker.com/the-mini-fast-diet-burn-fat-faster-than-ever-with.pdf
    • http://www.gorillawalker.com/winning-big-in-colorado-small-claims-court-how-to-sue.pdf
    • http://www.gorillawalker.com/the-earth-from-the-air-365-days.pdf
    • http://www.gorillawalker.com/joy-of-cooking-christmas-cookies.pdf
    • http://www.gorillawalker.com/the-soul-of-the-marionette-a-short-inquiry-into-human.pdf
    • http://www.gorillawalker.com/provincial-inca-archaeological-and-ethnohistorical-assessment-of-the-impact-of.pdf
    • http://www.gorillawalker.com/kai-me-rah-ray-der-a-dystopian-sci-fi-novella.pdf
    • http://www.gorillawalker.com/circus-maximus-german-edition.pdf
    • http://www.gorillawalker.com/the-ethical-slut-a-practical-guide-to-polyamory-open-relationships.pdf
    • http://www.gorillawalker.com/franchising-als-internationalisierungsmethode-im-einzelhandel-german-edition.pdf
    • http://www.gorillawalker.com/proyectos-de-inversi-n-evaluaci-n-y-formulaci-n-spanish.pdf
    • http://www.gorillawalker.com/magician-s-arsenal-professional-tricks-of-the-trade.pdf
    • http://www.gorillawalker.com/highland-quest.pdf
    • http://www.gorillawalker.com/birthdays-holidays-and-celebrations.pdf
    • http://www.gorillawalker.com/1919-the-year-of-racial-violence-how-african-americans-fought.pdf
    • http://www.gorillawalker.com/the-coming-oil-crisis.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.