Malicious PDF — malware analysis report

Static analysis result for SHA-256 51ca6bdffb149b12…

MALICIOUS

PDF

41.3 KB Created: 2019-04-07 18:02:30 +03:00 Authoring application: Apache FOP Version 1.0
MD5: a3ea750ee5efba422a1c381ef3008750 SHA-1: 9625849f11e7514eb609fc620fb023df909354b6 SHA-256: 51ca6bdffb149b12e477215c8caf583db6b912505d7cf6ab1c6c2ff1ab57d05c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a mass external link farm, with 32 links pointing to URLs hosted on www.gorillawalker.com. The ML classifier also strongly indicated maliciousness. The primary attack pattern appears to be SEO spam or a phishing lure, directing users to a large number of seemingly unrelated PDF documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/at-the-sea-s-edge-an-introduction-to-coastal-oceanography.pdf
    • http://www.gorillawalker.com/no-finish-line.pdf
    • http://www.gorillawalker.com/bared-desires-the-naked-truth-book-one-volume-1.pdf
    • http://www.gorillawalker.com/tempted-by-the-brat-forbidden-taboo-fantasies-the-fertile-brat.pdf
    • http://www.gorillawalker.com/alexander-graham-bell-raintree-perspectives-science-biographies.pdf
    • http://www.gorillawalker.com/the-yeast-connection-and-women-s-health.pdf
    • http://www.gorillawalker.com/monografia-del-departamento-de-potosi-bolivia-por-el-centro-de.pdf
    • http://www.gorillawalker.com/olivia-la-reina-del-circo-olivia-saves-the-circus-spanish.pdf
    • http://www.gorillawalker.com/learning-assessment-techniques-a-handbook-for-college-faculty.pdf
    • http://www.gorillawalker.com/principles-of-lowcountry-vernacular-design-a-supplement-to-the-neighborhood.pdf
    • http://www.gorillawalker.com/international-studies-in-china-an-annotated-bibliography.pdf
    • http://www.gorillawalker.com/a-certain-scientific-railgun-vol-7.pdf
    • http://www.gorillawalker.com/substance-abuse-counseling-an-individualized-approach.pdf
    • http://www.gorillawalker.com/how-to-write-a-resume-and-get-a-job-esperanza.pdf
    • http://www.gorillawalker.com/delighting-in-the-trinity-an-introduction-to-the-christian-faith.pdf
    • http://www.gorillawalker.com/simple-gospel-simply-grace-how-your-christian-life-is-really.pdf
    • http://www.gorillawalker.com/the-berkshires.pdf
    • http://www.gorillawalker.com/time-zones-3-work-book.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-criminology-and-criminal-justice-the-wiley-series.pdf
    • http://www.gorillawalker.com/the-making-of-urban-america-a-history-of-city-planning.pdf
    • http://www.gorillawalker.com/the-bob-dylan-scrapbook-1956-1966.pdf
    • http://www.gorillawalker.com/step-bear-paranormal-taboo-werebear-shifter-erotic-romance.pdf
    • http://www.gorillawalker.com/the-complete-guide-about-solar-energy-a-practical-beginners-guide.pdf
    • http://www.gorillawalker.com/die-sex-safari-afrikas-riesenschw-nze-german-edition.pdf
    • http://www.gorillawalker.com/cp18324-progressive-young-beginner-guitar-method-book-three-book-cd.pdf
    • http://www.gorillawalker.com/outcome-assessment-in-advanced-practice-nursing-third-edition.pdf
    • http://www.gorillawalker.com/martha-speaks-sniffing-for-clues-collection.pdf
    • http://www.gorillawalker.com/jeanette-pasin-sloan.pdf
    • http://www.gorillawalker.com/why-you-re-not-published-and-how-to-change-that.pdf
    • http://www.gorillawalker.com/artery-bypass.pdf
    • http://www.gorillawalker.com/core-concepts-of-information-technology-auditing.pdf
    • http://www.gorillawalker.com/union-forever-the-lost-regiment-2.pdf
    • http://www.gorillawalker.com/secret-invasion-black-panther.pdf
    • http://www.gorillawalker.com/how-to-breathe-breathing-exercises-pranayama-for-relaxation-how-to.pdf
    • http://www.gorillawalker.com/introductory-clinical-pharmacology-text-only.pdf
    • http://www.gorillawalker.com/wine-log-a-journal-and-companion.pdf
    • http://www.gorillawalker.com/talking-heads-fear-of-music-33-1-3.pdf
    • http://www.gorillawalker.com/trauma-nursing-secrets-1e.pdf
    • http://www.gorillawalker.com/twin-souls-the-nevermore-series-book-1-a-free-vampire.pdf
    • http://www.gorillawalker.com/legally-stoned-14-mind-altering-substances-you-can-obtain-and.pdf
    • http://www.gorillawalker.com/the-yeast-connection-and-women-s-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.