Malicious PDF — malware analysis report

Static analysis result for SHA-256 67a37da48dc7f2d8…

MALICIOUS

PDF

33.1 KB Created: 2019-05-24 00:42:41 +03:00 Authoring application: - (via Apache FOP Version 0.93)
MD5: 41fed455c2d9dc6e4d755f3d0d254c04 SHA-1: 857a035dee84baebc987ff36e5f6bce6bb3d6575 SHA-256: 67a37da48dc7f2d852fb9788f99d069fc45126b1e8d868e63ef48cb2d82f8962
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the primary purpose is to manipulate search engine rankings or to act as a gateway to distribute other malicious content. No scripts were extracted, and the document body was unreadable, limiting further analysis of intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/priest-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/the-huntsmen-mischievous-fairy-tales-4-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/the-true-meaning-of-easter.pdf
    • http://www.gorillawalker.com/ecce-romani-language-activity-book-i-a.pdf
    • http://www.gorillawalker.com/when-peace-is-not-enough-how-the-israeli-peace-camp.pdf
    • http://www.gorillawalker.com/plagues-and-politics-the-story-of-the-united-states-public.pdf
    • http://www.gorillawalker.com/pooh-and-the-philosophers-in-which-it-is-shown-that.pdf
    • http://www.gorillawalker.com/betsy-and-the-emperor.pdf
    • http://www.gorillawalker.com/fragrant-heavens-the-spiritual-dimension.pdf
    • http://www.gorillawalker.com/colorectal-cancer-fast-facts-series.pdf
    • http://www.gorillawalker.com/gianni-schicchi-opera-in-one-act-ricordi-opera-vocal-score.pdf
    • http://www.gorillawalker.com/the-naked-brewer-fearless-homebrewing-tips-tricks-rule-breaking-recipes.pdf
    • http://www.gorillawalker.com/bridge-engineering-2nd-edition-free-electronic-courseware-chinese-edition.pdf
    • http://www.gorillawalker.com/nfpa-s-pocket-electrical-references.pdf
    • http://www.gorillawalker.com/merrick-anne-rice.pdf
    • http://www.gorillawalker.com/addiction-free-pain-management-professional-guide.pdf
    • http://www.gorillawalker.com/alarm-management-for-process-control.pdf
    • http://www.gorillawalker.com/the-handbook-of-metabonomics-and-metabolomics-kindle-edition.pdf
    • http://www.gorillawalker.com/detox-for-the-soul-liver-healthy-and-juice-your-way.pdf
    • http://www.gorillawalker.com/fire-fighters-a-new-true-book.pdf
    • http://www.gorillawalker.com/steven-spielberg-father-of-the-man-his-incredible-life-tumultuous.pdf
    • http://www.gorillawalker.com/the-cable-the-wire-that-changed-the-world.pdf
    • http://www.gorillawalker.com/the-billionaire-and-me-a-bbw-bwwm-romantic-erotic-series.pdf
    • http://www.gorillawalker.com/overnight-breakfast-casserole-recipes-delicious-stress-free-breakfast-and-brunch.pdf
    • http://www.gorillawalker.com/technic-of-the-cello-vol-2.pdf
    • http://www.gorillawalker.com/end-to-end-network-security-defense-in-depth.pdf
    • http://www.gorillawalker.com/gus-grissom-the-lost-astronaut-indiana-biography-series.pdf
    • http://www.gorillawalker.com/nuclear-matrix-volume-162ab-structural-and-functional-organization-repr-of.pdf
    • http://www.gorillawalker.com/fields-of-broken-steel.pdf
    • http://www.gorillawalker.com/beneath-the-roses.pdf
    • http://www.gorillawalker.com/die-eroberung-der-strasse-von-monet-bis-grosz-german-edition.pdf
    • http://www.gorillawalker.com/while-the-wife-s-away-brat-will-play-2-teasing.pdf
    • http://www.gorillawalker.com/hvac-inspection-notes-up-to-code.pdf
    • http://www.gorillawalker.com/medical-terminology-for-health-professions-with-studyware-cd-rom-flexible.pdf
    • http://www.gorillawalker.com/renaissance-of-wonder-the-fantasy-worlds-of-j-r-r.pdf
    • http://www.gorillawalker.com/current-therapy-in-equine-medicine-pageburst-e-book-on-vitalsource.pdf
    • http://www.gorillawalker.com/egyptian-gods-and-myths-shire-egyptology.pdf
    • http://www.gorillawalker.com/well-logging-in-nontechnical-language.pdf
    • http://www.gorillawalker.com/building-systems-for-interior-designers.pdf
    • http://www.gorillawalker.com/my-first-fiddle-picking-songs-book-cd-set.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.