Malicious PDF — malware analysis report

Static analysis result for SHA-256 8698f09516752678…

MALICIOUS

PDF

32.0 KB Created: 2020-01-17 19:20:55 +03:00 Authoring application: Apache FOP Version 1.0
MD5: ef5939ec161d921b30d87700746b2671 SHA-1: 75abe44c907dfad16506638f7520ed9f3627046a SHA-256: 8698f095167526785b368d9d1e7c20a6423a86dacfcd20587d634c9aef279632
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to numerous PDF files on the domain 'gorillawalker.com', suggesting a link farm or SEO poisoning attempt. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond the link farm. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/consider-her-ways-and-others.pdf
    • http://www.gorillawalker.com/legazpi-city-philippines.pdf
    • http://www.gorillawalker.com/brain-cancer-pipeline-review-q1-2011-download-pdf-digital.pdf
    • http://www.gorillawalker.com/rudolf-laban-the-dancer-of-the-crystal.pdf
    • http://www.gorillawalker.com/eyewitness-travel-guides-czech-and-slovak-republics-by-dorling-kindersley.pdf
    • http://www.gorillawalker.com/brain-benders-pocket-puzzles-dover-pocket-puzzles.pdf
    • http://www.gorillawalker.com/1000-forbidden-pictures.pdf
    • http://www.gorillawalker.com/slavery-and-freedom-in-savannah.pdf
    • http://www.gorillawalker.com/swing-under-the-nazis-jazz-as-a-metaphor-for-freedom.pdf
    • http://www.gorillawalker.com/rediscovering-india-indian-philosophy-library.pdf
    • http://www.gorillawalker.com/male-infertility-contemporary-clinical-approaches-andrology-art-antioxidants.pdf
    • http://www.gorillawalker.com/load-tests-to-collapse-on-two-arch-bridges-at-preston.pdf
    • http://www.gorillawalker.com/my-grandfather-s-gallery-a-family-memoir-of-art-and.pdf
    • http://www.gorillawalker.com/collected-essays-of-maurice-creasey-1912-2004-the-social-thought.pdf
    • http://www.gorillawalker.com/another-look-at-intp.pdf
    • http://www.gorillawalker.com/teach-yourself-the-basics-of-aspen-plus.pdf
    • http://www.gorillawalker.com/the-fortune-teller-s-mah-jongg.pdf
    • http://www.gorillawalker.com/graph-theory.pdf
    • http://www.gorillawalker.com/destinations-in-science-level-2.pdf
    • http://www.gorillawalker.com/rules-of-the-road-and-running-light-patterns-a-captain.pdf
    • http://www.gorillawalker.com/richard-ii-shakespeare-library-classic.pdf
    • http://www.gorillawalker.com/behavior-modification-procedure-a-sourcebook.pdf
    • http://www.gorillawalker.com/mazurkas-for-piano-series-b-published-posthumously-chopin-national-edition.pdf
    • http://www.gorillawalker.com/slash-guitar-play-along-volume-143-book-cd.pdf
    • http://www.gorillawalker.com/continuous-time-finance.pdf
    • http://www.gorillawalker.com/ready-to-use-old-fashioned-romantic-cuts-dover-clip-art.pdf
    • http://www.gorillawalker.com/introduction-to-formal-hardware-verification.pdf
    • http://www.gorillawalker.com/mastering-essential-math-skills-geometry.pdf
    • http://www.gorillawalker.com/the-last-rodeo-kindle-edition.pdf
    • http://www.gorillawalker.com/season-of-repentance-lenten-homilies-of-saint-john-of-kronstadt.pdf
    • http://www.gorillawalker.com/colorful-file-folder-games-grade-3-skill-building-center-activities.pdf
    • http://www.gorillawalker.com/diary-of-a-union-lady-1861-1865.pdf
    • http://www.gorillawalker.com/start-run-a-desktop-publishing-business.pdf
    • http://www.gorillawalker.com/cooking-cards-1398-meat-poultry-and-game.pdf
    • http://www.gorillawalker.com/golden-ass-of-apuleius.pdf
    • http://www.gorillawalker.com/mastering-chemistry-with-pearson-etext-valuepack-access-card-for-chemistry.pdf
    • http://www.gorillawalker.com/this-is-my-country-what-s-yours-a-literary-atlas.pdf
    • http://www.gorillawalker.com/galapagos-a-natural-history-guide.pdf
    • http://www.gorillawalker.com/standardized-testing-introducing-issues-with-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/michelin-italie-du-sud-rome-voyager-pratique-series-french-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.