Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b8c27a67522d8c1…

MALICIOUS

PDF

43.7 KB Created: 2019-03-17 04:18:07 +03:00 Authoring application: Apache FOP Version 1.0
MD5: 9f25bbc4f938f1da762cc4618c83abd0 SHA-1: ccf642a8315b6f2742f8c589cdd4515f1f4ef3f4 SHA-256: 6b8c27a67522d8c1476bd26eb13162b76c9c35332f1d26e981a7b861e12c9834
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cultureshock-australia.pdf
    • http://www.gorillawalker.com/ecclesiastes-song-of-solomon-thru-the-bible.pdf
    • http://www.gorillawalker.com/the-tibetan-book-of-the-great-liberation.pdf
    • http://www.gorillawalker.com/the-practice-and-science-of-drawing-of-speed-harold-on.pdf
    • http://www.gorillawalker.com/the-roper-logan-tierney-model-of-nursing-based-on-activities.pdf
    • http://www.gorillawalker.com/juicing-juicing-recipes-for-weight-loss-400-detox-cleanse-and.pdf
    • http://www.gorillawalker.com/adam-smith-als-rechtstheoretiker-german-edition.pdf
    • http://www.gorillawalker.com/organization-theory-from-chester-barnard-to-the-present-and-beyond.pdf
    • http://www.gorillawalker.com/introduction-to-the-design-of-transconductor-capacitor-filters-the-springer.pdf
    • http://www.gorillawalker.com/basketball-gods-the-transformation-of-the-enlightened-jock.pdf
    • http://www.gorillawalker.com/barbados-adventure-guide-adventure-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/geometrical-dynamics-of-complex-systems-a-unified-modelling-approach-to.pdf
    • http://www.gorillawalker.com/the-application-of-the-rule-of-exhaustion-of-local-remedies.pdf
    • http://www.gorillawalker.com/citizenship-and-the-nation-state-in-greece-and-turkey.pdf
    • http://www.gorillawalker.com/orchids-for-dummies.pdf
    • http://www.gorillawalker.com/introduction-to-the-theory-of-sets-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/la-cucaracha-martina-un-cuento-folklorico-del-caribe-spanish-language.pdf
    • http://www.gorillawalker.com/the-essential-charles-darwin-collection-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/positive-energy-10-extraordinary-prescriptions-for-transforming-fatigue-stress-and.pdf
    • http://www.gorillawalker.com/what-if-i-had-been-the-hero-investigating-women-s.pdf
    • http://www.gorillawalker.com/submarine-picture-book-educational-children-s-books-collection-level-2.pdf
    • http://www.gorillawalker.com/compendio-de-medicina-interna-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/inside-the-mouse-work-and-play-at-disney-world-post.pdf
    • http://www.gorillawalker.com/florencia-y-toscana-florence-and-tuscany-spanish-edition.pdf
    • http://www.gorillawalker.com/guide-to-buying-riding-a-longboard-kindle-edition.pdf
    • http://www.gorillawalker.com/doing-a-literature-review-releasing-the-social-science-research-imagination.pdf
    • http://www.gorillawalker.com/banff-macduff-and-turriff-explorer-maps.pdf
    • http://www.gorillawalker.com/starting-out-in-futures-trading.pdf
    • http://www.gorillawalker.com/a-new-kind-of-magic.pdf
    • http://www.gorillawalker.com/discovering-the-riches-of-the-word-religious-reading-in-late.pdf
    • http://www.gorillawalker.com/marley-s-diary-a-spiritual-look-at-life-from-a.pdf
    • http://www.gorillawalker.com/family-kindle-edition.pdf
    • http://www.gorillawalker.com/polyurethane-sealants-technology-applications.pdf
    • http://www.gorillawalker.com/sources-and-control-of-air-pollution.pdf
    • http://www.gorillawalker.com/gunsmith-cats-revised-edition-volume-4-gunsmith-cats-dark-horse.pdf
    • http://www.gorillawalker.com/bob-marley-songs-of-freedom-piano-voiceguitar.pdf
    • http://www.gorillawalker.com/america-in-vietnam-a-documentary-history.pdf
    • http://www.gorillawalker.com/the-military-history-of-wisconsin-a-record-of-the-civil.pdf
    • http://www.gorillawalker.com/anatomia-del-alma-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.