Malicious PDF — malware analysis report

Static analysis result for SHA-256 705e8a96ee63ae8a…

MALICIOUS

PDF

32.4 KB Created: 2019-05-24 00:42:44 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: ad17fcea1b66348e97fa6a6d57116774 SHA-1: 6d823799410afe6eda710481aec29525129d0a6f SHA-256: 705e8a96ee63ae8ae4a2d59813ee8938374c7f10331f5fd6cf85b02c2739f68c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be to direct users to a large collection of documents hosted on gorillawalker.com, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/junkers-ju-88-vol-1-schnellbomber-development-production-and-technical.pdf
    • http://www.gorillawalker.com/vergil-aeneid-the-2nd-edition.pdf
    • http://www.gorillawalker.com/stateless-law-evolving-boundaries-of-a-discipline-juris-diversitas-digital.pdf
    • http://www.gorillawalker.com/e3-strategic-management-cima-exam-practice-kit.pdf
    • http://www.gorillawalker.com/nigeria-echoes-of-a-century-1914-1999-volume-1.pdf
    • http://www.gorillawalker.com/revealed-zinc-alloy-graphic-sparks.pdf
    • http://www.gorillawalker.com/the-virago-book-of-the-joy-of-shopping.pdf
    • http://www.gorillawalker.com/collins-pocket-french-dictionary.pdf
    • http://www.gorillawalker.com/sexually-transmitted-infections-in-canada-recent-resurgence-threatens-national-goals.pdf
    • http://www.gorillawalker.com/tempted-it-girl-book-6.pdf
    • http://www.gorillawalker.com/jinnah-the-founder-of-pakistan-in-the-eyes-of-his.pdf
    • http://www.gorillawalker.com/the-imaginary-world-of.pdf
    • http://www.gorillawalker.com/a-celebration-for-stanley-kunitz-on-his-eightieth-birthday.pdf
    • http://www.gorillawalker.com/the-7-habits-of-highly-effective-teens-the-ultimate-teenage.pdf
    • http://www.gorillawalker.com/ebony-fever-vol-i-bwwm-erotica-doublepack.pdf
    • http://www.gorillawalker.com/the-global-trap-globalization-and-the-assault-on-prosperity-and.pdf
    • http://www.gorillawalker.com/bean-grow-with-me.pdf
    • http://www.gorillawalker.com/key-to-geometry-circles-key-to-geometry-2-bk-2.pdf
    • http://www.gorillawalker.com/love-tommy-letters-home-from-the-great-war-to-the.pdf
    • http://www.gorillawalker.com/interpretation-of-the-consumer-protection-law-of-the-people-2013.pdf
    • http://www.gorillawalker.com/when-we-were-animals-kindle-edition.pdf
    • http://www.gorillawalker.com/yearning-for-normal.pdf
    • http://www.gorillawalker.com/british-isles-folk-songs-alto-sax-take-the-lead.pdf
    • http://www.gorillawalker.com/advanced-information-systems-engineering-12th-international-conference-caise-2000-stockholm.pdf
    • http://www.gorillawalker.com/softball-catchers-drills-easy-guide-to-perfect-your-softball-catching.pdf
    • http://www.gorillawalker.com/the-byzantine-empire-world-history-lucent.pdf
    • http://www.gorillawalker.com/gospel-music-southern-style.pdf
    • http://www.gorillawalker.com/coaching-existencial-basado-en-los-principios-de-viktor-e-frankl.pdf
    • http://www.gorillawalker.com/thomas-jefferson-lessons-from-a-secret-buddha.pdf
    • http://www.gorillawalker.com/timeless-crossings-vermont-s-covered-bridges.pdf
    • http://www.gorillawalker.com/organizational-behavior-15th-by-stephen-p-robbins-international-economy-edition.pdf
    • http://www.gorillawalker.com/blood-toil-tears-and-sweat-the-dire-warning.pdf
    • http://www.gorillawalker.com/small-business-health-insurance-market.pdf
    • http://www.gorillawalker.com/gunslinger-british-universities.pdf
    • http://www.gorillawalker.com/buttafly-s-book-of-poetry.pdf
    • http://www.gorillawalker.com/warrior-chiefs-of-southern-africa-shaka-of-the-zulu-moshoeshoe.pdf
    • http://www.gorillawalker.com/the-contours-of-eurocentrism-race-history-and-political-texts.pdf
    • http://www.gorillawalker.com/native-american-animal-stories-myths-and-legends.pdf
    • http://www.gorillawalker.com/bicycling-in-new-jersey-30-tours.pdf
    • http://www.gorillawalker.com/college-football-schemes-and-techniques-offensive-field-guide-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.