Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f572685e6df0a5f…

MALICIOUS

PDF

47.3 KB Created: 2018-12-15 08:53:37 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: ce7468e1ae36295f7735ad2ca5e07c9d SHA-1: e50fb69c29dc527dfe549571416e167008c2d593 SHA-256: 4f572685e6df0a5f9c343267d463aa2853eaa008c3c8618e7f11af153647ee19
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to various PDF documents hosted on the same domain, indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-olympics-facts-figures-fun.pdf
    • http://www.gorillawalker.com/abacus-mind-math-level-1-workbook-2-of-2-excel.pdf
    • http://www.gorillawalker.com/the-forensic-casebook-the-science-of-crime-scene-investigation.pdf
    • http://www.gorillawalker.com/lsat-prep-tests-68-72-games-solutions-mytestanswers-lsat-solutions.pdf
    • http://www.gorillawalker.com/journey-of-hope-memoirs-of-a-mexican-girl-an-autobiography.pdf
    • http://www.gorillawalker.com/chanting-a-beginners-guide-to-using-meditation-chanting-mantras-to.pdf
    • http://www.gorillawalker.com/litigation-strategies-for-intellectual-property-cases-leading-lawyers-on-adapting.pdf
    • http://www.gorillawalker.com/introduction-to-operations-and-supply-chain-management-4th-edition.pdf
    • http://www.gorillawalker.com/spiritual-mentoring-guiding-people-through-spiritual-exercises-to-life-decisions.pdf
    • http://www.gorillawalker.com/an-embarrassment-of-riches-photographs.pdf
    • http://www.gorillawalker.com/liverpool-oratorio-vocal-score-faber-edition.pdf
    • http://www.gorillawalker.com/beverley-nichols-cat-calendar-1980.pdf
    • http://www.gorillawalker.com/human-rights-and-the-south-african-legal-order-princeton-legacy.pdf
    • http://www.gorillawalker.com/the-pocket-recipe-guide-museum-of-the-american-cocktail.pdf
    • http://www.gorillawalker.com/mexico-panama.pdf
    • http://www.gorillawalker.com/a-lapsed-anarchist-s-approach-to-building-a-great-business.pdf
    • http://www.gorillawalker.com/capturing-music-the-story-of-notation.pdf
    • http://www.gorillawalker.com/strange-stories-amazing-facts-stories-that-are-bizarre-unusual-odd.pdf
    • http://www.gorillawalker.com/hunntoukaiyouseidaichouenntaikennki-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/nelles-central-asia-travel-map-with-turkmenistan-uzbekistan-tajikistan-kyrgyzstan.pdf
    • http://www.gorillawalker.com/real-women-hunt-moose-and-men-family-friendly-version.pdf
    • http://www.gorillawalker.com/blood-bugs-and-plants-essentials-of-forensic-science.pdf
    • http://www.gorillawalker.com/naturparadies-julische-alpen-40-wanderungen-43-bergtouren-25-klettersteige-german.pdf
    • http://www.gorillawalker.com/theanyspacewhatever.pdf
    • http://www.gorillawalker.com/recruiting-retaining-and-motivating-the-federal-workforce.pdf
    • http://www.gorillawalker.com/a-crash-course-in-forces-and-motion-with-max-axiom.pdf
    • http://www.gorillawalker.com/wild-about-chili.pdf
    • http://www.gorillawalker.com/discrete-inverse-and-state-estimation-problems-with-geophysical-fluid-applications.pdf
    • http://www.gorillawalker.com/bespoke-home-bates-masi-architects.pdf
    • http://www.gorillawalker.com/modelling-wwii-figures-osprey-modelling-manual-series-9.pdf
    • http://www.gorillawalker.com/keeping-the-harvest-home-storage-of-vegetables-fruits.pdf
    • http://www.gorillawalker.com/veterinary-drug-formulary.pdf
    • http://www.gorillawalker.com/coming-unglued-a-mother-s-journey-into-hell.pdf
    • http://www.gorillawalker.com/when-race-becomes-real-black-and-white-writers-confront-their.pdf
    • http://www.gorillawalker.com/radio-propagation-measurement-and-channel-modelling.pdf
    • http://www.gorillawalker.com/marrow-kindle-edition.pdf
    • http://www.gorillawalker.com/david-busch-s-point-and-shoot-compact-field-guide.pdf
    • http://www.gorillawalker.com/cocina-tradicional-argentina-traditional-cuisine-of-argentina-spanish-edition.pdf
    • http://www.gorillawalker.com/principles-of-fuel-cells.pdf
    • http://www.gorillawalker.com/oranges-soap-jabon-de-naranjas-zeri-fables-spanish-edition.pdf
    • http://www.gorillawalker.com/journe
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.