Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1c0a605a56fd046…

MALICIOUS

PDF

45.9 KB Created: 2018-12-07 18:29:28 +03:00 Authoring application: Apache FOP Version 1.0
MD5: 62fe7115907d9adcbc82189e6fbaf7c4 SHA-1: bbba6672451e8406e4ddeb1a3c7bac4b92a2ffbf SHA-256: a1c0a605a56fd046817d44e77a7cf24599acfed82ef992e68fc36abb381cf317
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hole-in-our-soul-the-loss-of-beauty-and-meaning.pdf
    • http://www.gorillawalker.com/under-western-eyes-the-cambridge-edition-of-the-works-of.pdf
    • http://www.gorillawalker.com/lady-nitwit-la-dama-boba-spanish-golden-age-theater.pdf
    • http://www.gorillawalker.com/northern-seas-hardy-sailors.pdf
    • http://www.gorillawalker.com/what-every-inventor-ought-to-know-about-designing-engineering-and.pdf
    • http://www.gorillawalker.com/nature-photography-insider-secrets-from-the-world-s-top-digital.pdf
    • http://www.gorillawalker.com/the-ohio-dmv-driver-test-q-a-kindle-edition.pdf
    • http://www.gorillawalker.com/science-museum-energy-science-museum-book-of-amazing-facts.pdf
    • http://www.gorillawalker.com/practical-gemmology-fourth-edition-ephemera.pdf
    • http://www.gorillawalker.com/john-s-gospel-in-scots-audio-cd-pt-2.pdf
    • http://www.gorillawalker.com/landslides-processes-prediction-and-land-use.pdf
    • http://www.gorillawalker.com/mobile-electronic-commerce-foundations-development-and-applications-industrial-and-systems.pdf
    • http://www.gorillawalker.com/advances-in-unmanned-aerial-vehicles-state-of-the-art-and.pdf
    • http://www.gorillawalker.com/bankimchandra-essays-in-perspective.pdf
    • http://www.gorillawalker.com/the-art-of-lithography-facsimile.pdf
    • http://www.gorillawalker.com/the-ghost-disease-and-twelve-other-stories-of-detective-work.pdf
    • http://www.gorillawalker.com/dodgeville-capturing-hearts-kindle-edition.pdf
    • http://www.gorillawalker.com/on-the-road-with-francis-of-assisi-a-timeless-journey.pdf
    • http://www.gorillawalker.com/being-in-pictures-an-intimate-photo-memoir.pdf
    • http://www.gorillawalker.com/verliebter-roland-als-erster-theil-zu-ariosto-s-rasendem-roland.pdf
    • http://www.gorillawalker.com/las-noches-de-una-diva-cabaret-luna-llena-spanish-edition.pdf
    • http://www.gorillawalker.com/essential-tremor-the-facts-the-facts-series.pdf
    • http://www.gorillawalker.com/motorcycle-fraud-draws-insurers-attention-brief-article-an-article-from.pdf
    • http://www.gorillawalker.com/the-night-before-kindergarten-sticker-stories.pdf
    • http://www.gorillawalker.com/essential-orthopaedics-expert-consult-online-and-print-1e.pdf
    • http://www.gorillawalker.com/the-oxford-map-companion-one-hundred-sources-in-world-history.pdf
    • http://www.gorillawalker.com/programming-in-objective-c-2-0-2nd-edition-developer-s.pdf
    • http://www.gorillawalker.com/the-ultimate-homeschool-planner-yellow-edition.pdf
    • http://www.gorillawalker.com/cahsee-english-language-arts-w-cd-rom-california-cahsee-test.pdf
    • http://www.gorillawalker.com/schott-fiocco-joseph-hector-sonata-in-g-minor-treble-recorder.pdf
    • http://www.gorillawalker.com/avengers-under-siege.pdf
    • http://www.gorillawalker.com/new-nelson-spelling-workbook-yellow-a.pdf
    • http://www.gorillawalker.com/el-vendedor-mas-grande-del-mundo-spanish-edition.pdf
    • http://www.gorillawalker.com/schott-davis-alan-15-studies-treble-recorder-partition-classique-bois.pdf
    • http://www.gorillawalker.com/kabbalah-the-power-to-change-everything.pdf
    • http://www.gorillawalker.com/lecciones-cristianas-libro-del-alumno-trimestre-de-invierno-2015-2016.pdf
    • http://www.gorillawalker.com/brand-new-ancients-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/national-puzzlers-league-cryptic-crosswords-other-by-kosman-joshua-picciotto.pdf
    • http://www.gorillawalker.com/your-babycare-bible-the-most-authoritative-and-up-to-date.pdf
    • http://www.gorillawalker.com/moon-metro-montreal-unfold-the-city.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.