Malicious PDF — malware analysis report

Static analysis result for SHA-256 67cbafdf9b74c510…

MALICIOUS

PDF

46.5 KB Created: 2019-02-14 08:13:00 +03:00 Authoring application: - (via Apache FOP Version 0.93)
MD5: 3e3acc40d5d0e0bfab39a2a02b8bbfa4 SHA-1: 8de0b7c0f13ca0c6ee5285637659c6f8c9d48b5a SHA-256: 67cbafdf9b74c5105d458100d56bbff48f1bf4c9829ee40b71d28314fca0e2bf
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This heuristic firing suggests a link farm, which is often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pretense-contemporary-romance.pdf
    • http://www.gorillawalker.com/the-last-dragonslayer-the-chronicles-of-kazam-book-1-kindle.pdf
    • http://www.gorillawalker.com/agile-project-management-the-agile-pmo-leading-the-effective-value.pdf
    • http://www.gorillawalker.com/in-her-closet-the-lust-diaries-book-one-volume-1.pdf
    • http://www.gorillawalker.com/juicing-for-weight-loss-a-beginners-guide-including-juicing-recipes.pdf
    • http://www.gorillawalker.com/the-ancient-maya.pdf
    • http://www.gorillawalker.com/biosemiotics-information-codes-and-signs-in-living-systems.pdf
    • http://www.gorillawalker.com/explore-more-fun-learning-facts-about-black-holes-illustrated-fun.pdf
    • http://www.gorillawalker.com/the-complete-language-of-flowers-a-treasury-of-verse-and.pdf
    • http://www.gorillawalker.com/daughters-of-anowa-african-women-and-patriarchy.pdf
    • http://www.gorillawalker.com/harvey-s-horrible-snake-disaster.pdf
    • http://www.gorillawalker.com/guardian-angel-ellora-s-cave.pdf
    • http://www.gorillawalker.com/4-tone-poems-after-arnold-b-cklin-op-128-viola.pdf
    • http://www.gorillawalker.com/building-a-chippewa-indian-birchbark-canoe.pdf
    • http://www.gorillawalker.com/the-earth-around-us-maintaining-a-livable-planet.pdf
    • http://www.gorillawalker.com/access-to-history-for-the-ib-diploma-origins-and-development.pdf
    • http://www.gorillawalker.com/1980-report-of-the-joint-national-committee-on-detection-evaluation.pdf
    • http://www.gorillawalker.com/sr-71-blackbird-stories-tales-and-legends.pdf
    • http://www.gorillawalker.com/self-regulation-in-cyberspace-information-technology-and-law-series.pdf
    • http://www.gorillawalker.com/the-protein-protocols-handbook-springer-protocols-handbooks.pdf
    • http://www.gorillawalker.com/robust-ethics-the-metaphysics-and-epistemology-of-godless-normative-realism.pdf
    • http://www.gorillawalker.com/gods-of-play-baroque-festive-performance-as-rhetorical-discours-suny.pdf
    • http://www.gorillawalker.com/let-s-listen-nursery-rhymes-for-listening-and-learning-with.pdf
    • http://www.gorillawalker.com/golfer-s-inspiration-365-bible-passages-from-king-james-and.pdf
    • http://www.gorillawalker.com/dans-la-main-droite-de-dieu-psychanalyse-du-fanatisme-french.pdf
    • http://www.gorillawalker.com/the-wandering-scholars-ann-arbor-paperbacks.pdf
    • http://www.gorillawalker.com/a-christmas-carol-of-the-living-dead-kindle-edition.pdf
    • http://www.gorillawalker.com/san-diego-with-map-insight-pocket-guide-san-diego.pdf
    • http://www.gorillawalker.com/sacred-woman-a-guide-to-healing-the-feminine-body-mind.pdf
    • http://www.gorillawalker.com/weapons-of-our-warfare-field-manual-for-soldiers-of-the.pdf
    • http://www.gorillawalker.com/the-apostolic-gnosis-and-the-gematria-of-the-greek-scriptures.pdf
    • http://www.gorillawalker.com/the-purloined-ponies-cowboy-bob-adventures-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/north-shore-chicago-houses-of-the-lakefront-suburbs-1890-1940.pdf
    • http://www.gorillawalker.com/outclass-the-competition-male-care-matters-men-s-personal-grooming.pdf
    • http://www.gorillawalker.com/from-the-sheds-rugby-league-from-the-inside.pdf
    • http://www.gorillawalker.com/sami-s-sleepaway-summer.pdf
    • http://www.gorillawalker.com/worlds-together-worlds-apart-a-history-of-the-world-from.pdf
    • http://www.gorillawalker.com/kribit-the-red-toad-from-maryland.pdf
    • http://www.gorillawalker.com/esclarmonde-suite-for-orchestra-full-score-a1699.pdf
    • http://www.gorillawalker.com/the-storm.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.