Malicious PDF — malware analysis report

Static analysis result for SHA-256 9971e9af0a33b934…

MALICIOUS

PDF

42.8 KB Created: 2019-03-17 07:48:15 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: 3c451d5b6b316530e9f81cda6073d599 SHA-1: 3370193f2ed84f622886568778e428bae4d714e9 SHA-256: 9971e9af0a33b934fe75df042812ebc3cd8656d53012cdc22dc37b4e58a8c034
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content indirectly. The 'PDF_SEO_LINK_FARM' heuristic specifically identifies this behavior. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or potentially host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-michael-s-okun-md-parkinson-s-treatment-10-secrets.pdf
    • http://www.gorillawalker.com/mein-shakespeare-the-quality-of-mercy-german-edition.pdf
    • http://www.gorillawalker.com/a-treatise-of-the-system-of-the-world-by-sir.pdf
    • http://www.gorillawalker.com/2012-philadelphia-flyers-12x12-wall-calendar.pdf
    • http://www.gorillawalker.com/financial-accounting-tools-for-business-decision-making-solutions-manual.pdf
    • http://www.gorillawalker.com/the-majestic-folo-1926-10-popular-style-duets-for-tenor.pdf
    • http://www.gorillawalker.com/monsters-myth-or-fact-scholastic-discover-more-reader-level-2.pdf
    • http://www.gorillawalker.com/stability-of-functional-equations-in-banach-algebras.pdf
    • http://www.gorillawalker.com/high-voltage-direct-current-transmission-i-e-e-power-engineering.pdf
    • http://www.gorillawalker.com/slave-the-aaron-travis-erotic-library-book-2.pdf
    • http://www.gorillawalker.com/allergy-free-recipes-and-practical-advice-for-your-health-special.pdf
    • http://www.gorillawalker.com/where-do-you-think-you-re-going-christopher-columbus-users.pdf
    • http://www.gorillawalker.com/the-norm-chronicles-stories-and-numbers-about-danger.pdf
    • http://www.gorillawalker.com/agro-biodiversity-conservation-a-study-of-indian-central-himalaya.pdf
    • http://www.gorillawalker.com/kill-shakespeare-volume-1.pdf
    • http://www.gorillawalker.com/nastragull-pirates-kindle-edition.pdf
    • http://www.gorillawalker.com/furansu-kindai-sonetto-ko-hensoku-no-bigaku-chuo-daigaku-gakujutsu.pdf
    • http://www.gorillawalker.com/the-art-of-graveing-and-etching-da-capo-press-series.pdf
    • http://www.gorillawalker.com/isms-understanding-fashion.pdf
    • http://www.gorillawalker.com/atul-s-curries-of-the-world-by-atul-kochhar-on.pdf
    • http://www.gorillawalker.com/connor-mcdavid-hockey-superstars.pdf
    • http://www.gorillawalker.com/pseudepigraphy-and-ethical-argument-in-the-pastoral-epistles-hermeneutische-untersuchungen.pdf
    • http://www.gorillawalker.com/we-love-to-sew-bedrooms-23-projects-cool-stuff-for.pdf
    • http://www.gorillawalker.com/bud-not-buddy-teacher-s-manual.pdf
    • http://www.gorillawalker.com/fisher-s-contact-dermatitis.pdf
    • http://www.gorillawalker.com/chinese-classical-poems-with-english-translations-and-comments-chinese-and.pdf
    • http://www.gorillawalker.com/yoga-to-the-rescue-remedies-for-real-girls-61-card.pdf
    • http://www.gorillawalker.com/the-story-of-wine.pdf
    • http://www.gorillawalker.com/subcortical-functions-in-language-and-memory.pdf
    • http://www.gorillawalker.com/you-ll-never-blue-ball-in-this-town-again-one.pdf
    • http://www.gorillawalker.com/reading-acquisition.pdf
    • http://www.gorillawalker.com/silencing-cinema-film-censorship-around-the-world-global-cinema.pdf
    • http://www.gorillawalker.com/the-empress-has-no-clothes-conquering-self-doubt-to-embrace.pdf
    • http://www.gorillawalker.com/kamla-trinidad-and-tobago-s-first-woman-prime-minister.pdf
    • http://www.gorillawalker.com/michelin-green-guide-sicily-green-guide-michelin.pdf
    • http://www.gorillawalker.com/windows-on-a-different-world.pdf
    • http://www.gorillawalker.com/building-the-bonds-of-attachment-awakening-love-in-deeply-troubled.pdf
    • http://www.gorillawalker.com/the-sound-of-music-vol-10-piano-duet-play-along.pdf
    • http://www.gorillawalker.com/starting-right-a-basic-guide-to-museum-planning.pdf
    • http://www.gorillawalker.com/letts-wild-about-151-maths-arithmetic-age-7-9-letts.pdf
    • http://www.gorillawalker.com/stability-of-functional-equations-in-banach-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.