Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f23658d6e718b69…

MALICIOUS

PDF

44.5 KB Created: 2019-02-13 20:17:32 +03:00 Authoring application: - (via Apache FOP Version 0.93)
MD5: ff553f581e2dd69bdcd02bc2f04440f2 SHA-1: 01d3c8828ae5eebc1ac2c1664d543e0137b2284a SHA-256: 6f23658d6e718b694f7dd26ce17b6ccb40536a4080adfb642c9ea050d23a5308
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malware. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hustons.pdf
    • http://www.gorillawalker.com/by-chris-mcintyre-botswana-the-bradt-safari-guide-okavango-delta.pdf
    • http://www.gorillawalker.com/1000-km-in-27-hrs.pdf
    • http://www.gorillawalker.com/teacher-146-s-guide-for-the-workplace-workforce-building-success.pdf
    • http://www.gorillawalker.com/bella-mia-fiamma-scena-and-resta-o-cara-aria-k528.pdf
    • http://www.gorillawalker.com/handbook-of-mineral-dressing-ores-and-industrial-minerals-wiley-engineering.pdf
    • http://www.gorillawalker.com/neural-information-processing-14th-international-confernce-iconip-2007-kitakyushu-japan.pdf
    • http://www.gorillawalker.com/human-rights-in-international-law-legal-and-policy-issues.pdf
    • http://www.gorillawalker.com/children-s-comprehension-problems-in-oral-and-written-language-a.pdf
    • http://www.gorillawalker.com/moth-wing-tea.pdf
    • http://www.gorillawalker.com/introduction-to-probability-models-kindle-edition.pdf
    • http://www.gorillawalker.com/shadowscapes-tarot-spanish-edition-paperback.pdf
    • http://www.gorillawalker.com/the-art-of-black-and-white-photography-techniques-for-creating.pdf
    • http://www.gorillawalker.com/how-to-land-a-top-paying-logistics-specialist-job-your.pdf
    • http://www.gorillawalker.com/stormy.pdf
    • http://www.gorillawalker.com/aristotle-s-categories-and-de-interpretatione.pdf
    • http://www.gorillawalker.com/telling-the-time-laminated-posters.pdf
    • http://www.gorillawalker.com/nelson-mandela-leading-lives.pdf
    • http://www.gorillawalker.com/replacing-shingles-a-homeowner-s-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/our-enduring-values-revisited-librarianship-in-an-ever-changing-world.pdf
    • http://www.gorillawalker.com/abc-air-traffic-control.pdf
    • http://www.gorillawalker.com/jason-earth-kindle-edition.pdf
    • http://www.gorillawalker.com/the-man-who-was-murdered-twice-the-life-trial-and.pdf
    • http://www.gorillawalker.com/sun-tzu-el-arte-de-la-guerra.pdf
    • http://www.gorillawalker.com/el-hombre-sin-cabeza-spanish-edition.pdf
    • http://www.gorillawalker.com/naui-textbook-for-entry-level-scuba-diver-openwater-1-scuba.pdf
    • http://www.gorillawalker.com/impacts-in-precambrian-shields.pdf
    • http://www.gorillawalker.com/logo-construction.pdf
    • http://www.gorillawalker.com/sign-talk-of-the-cheyenne-indians.pdf
    • http://www.gorillawalker.com/21st-century-adventures-of-huckleberry-finn-mystery-at-rolling-dunes.pdf
    • http://www.gorillawalker.com/the-philosophy-of-hilary-putnam-library-of-living-philosophers.pdf
    • http://www.gorillawalker.com/the-guiding-symptoms-of-our-materia-medica-volume-9.pdf
    • http://www.gorillawalker.com/cognitive-therapy-of-schizophrenia-by-david-g-kingdon-md-feb.pdf
    • http://www.gorillawalker.com/modern-greek.pdf
    • http://www.gorillawalker.com/south-africa-highlights-bradt-highlights-south-africa.pdf
    • http://www.gorillawalker.com/cynthia-payne-s-book-of-home-entertainment.pdf
    • http://www.gorillawalker.com/the-way-of-the-warrior-trader-the-financial-risk-taker.pdf
    • http://www.gorillawalker.com/the-unreal-life-of-sergey-nabokov-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/influential-papers-from-the-1920s-international-journal-of-psychoanalysis-key.pdf
    • http://www.gorillawalker.com/aquarium-plants-mini-encyclopedia-series-for-aquarium-hobbyists.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.