Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d9ac869a1c11446…

MALICIOUS

PDF

31.4 KB Created: 2020-01-16 21:12:04 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: ce610e79429fc3a4feba3911e7adc3ce SHA-1: ef730ec20700d0037b16f6167d39db121d22326f SHA-256: 5d9ac869a1c11446b38422d002f7055f585737b7660c58ee94bd30fa18d4fcee
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-theory-of-externalities-public-goods-and-club-goods.pdf
    • http://www.gorillawalker.com/abandoned-prayers-the-incredible-true-story-of-murder-obsession-and.pdf
    • http://www.gorillawalker.com/fujiwara-teika-s-superior-poems-of-our-time-a-thirteenth.pdf
    • http://www.gorillawalker.com/vintage-san-francisco.pdf
    • http://www.gorillawalker.com/boris-godunov-coronation-scene-kalmus-edition.pdf
    • http://www.gorillawalker.com/franko-s-aruba-reef-creatures-identification-guide.pdf
    • http://www.gorillawalker.com/the-fine-art-of-driving-customers-away.pdf
    • http://www.gorillawalker.com/the-american-cane-mill-a-history-of-the-machines-the.pdf
    • http://www.gorillawalker.com/orphan-journey-home.pdf
    • http://www.gorillawalker.com/marvelous-geometry-narrative-and-metafiction-in-modern-fairy-tale-series.pdf
    • http://www.gorillawalker.com/twice-the-work-of-free-labor-the-political-economy-of.pdf
    • http://www.gorillawalker.com/wicked-and-weird-the-true-tale-of-buck-65.pdf
    • http://www.gorillawalker.com/the-twilight-saga-complete-collection.pdf
    • http://www.gorillawalker.com/angel-tapestry-blue-extra-large-bible-cover-featuring-angelic-embroidery.pdf
    • http://www.gorillawalker.com/locke-the-routledge-philosophers.pdf
    • http://www.gorillawalker.com/gospel-shaped-worship-handbook.pdf
    • http://www.gorillawalker.com/good-girl-lost-a-journey-of-redemption-kindle-edition.pdf
    • http://www.gorillawalker.com/appalachian-trail-hanover-to-mount-carlo-new-hampshire-national-geographic.pdf
    • http://www.gorillawalker.com/garfield-makes-it-big.pdf
    • http://www.gorillawalker.com/rumpelstiltskin-classic-fairy-tale-collection.pdf
    • http://www.gorillawalker.com/essays-on-assemblage-studies-in-modern-art.pdf
    • http://www.gorillawalker.com/the-leningrad-dutch-an-active-repertoire-against-1-d4-1.pdf
    • http://www.gorillawalker.com/new-york-times-crossword-puzzle-dictionary-2nd-ed-puzzle-reference.pdf
    • http://www.gorillawalker.com/from-mr-sin-to-mr-big-a-history-of-australian.pdf
    • http://www.gorillawalker.com/max-ophuls-in-the-hollywood-studios.pdf
    • http://www.gorillawalker.com/forged-destiny-shadows-of-shadows.pdf
    • http://www.gorillawalker.com/great-german-american-feasts.pdf
    • http://www.gorillawalker.com/alice-in-wonderland-take-part.pdf
    • http://www.gorillawalker.com/at-home-with-madame-chic-becoming-a-connoisseur-of-daily.pdf
    • http://www.gorillawalker.com/a-selection-of-cases-on-trial-practice-at-common-law.pdf
    • http://www.gorillawalker.com/the-belonging-duet.pdf
    • http://www.gorillawalker.com/my-friends-address-book.pdf
    • http://www.gorillawalker.com/the-pumpkin-gospel.pdf
    • http://www.gorillawalker.com/a-guide-to-the-gardens-of-kyoto.pdf
    • http://www.gorillawalker.com/coalescent-a-novel-destiny-s-children-bk-1.pdf
    • http://www.gorillawalker.com/vascular-access-principles-and-practice.pdf
    • http://www.gorillawalker.com/labour-of-obedience.pdf
    • http://www.gorillawalker.com/understanding-thermodynamics-dover-books-on-physics.pdf
    • http://www.gorillawalker.com/world-war-3-0-microsoft-and-its-enemies.pdf
    • http://www.gorillawalker.com/the-art-of-doing-good-charity-in-late-ming-china.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.