Malicious PDF — malware analysis report

Static analysis result for SHA-256 a244aef47f997323…

MALICIOUS

PDF

43.3 KB Created: 2018-11-14 08:27:41 +03:00 Authoring application: Apache FOP Version 2.1
MD5: 7c214d1dc66dfcaffd5e3b507c0ed023 SHA-1: 8e78e3e95ca614972c34809d5836ad92d841bf44 SHA-256: a244aef47f997323afc259fe46f924ce71929fb74223e1e6f71ee141b7f3921a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external links to PDF files hosted on 'gorillawalker.com', suggesting a link farm or content distribution tactic. While no scripts were extracted, the sheer volume of outbound links points towards a non-standard, potentially malicious use of the PDF document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cpag-s-income-related-benefits-1994-the-legislation.pdf
    • http://www.gorillawalker.com/optimizing-talent-workbook-building-an-unbeatable-talent-brand.pdf
    • http://www.gorillawalker.com/la-cenicienta-nivel-1-aprende-ingles-con-cuentos-de-hadas.pdf
    • http://www.gorillawalker.com/chakras-for-beginners-an-amazing-7-step-guide-for-absolute.pdf
    • http://www.gorillawalker.com/our-friendship-with-multiple-sclerosis.pdf
    • http://www.gorillawalker.com/epstein-s-bankruptcy-and-related-law-in-a-nutshell-8th.pdf
    • http://www.gorillawalker.com/the-chronicle-of-malus-darkblade-vol-1-warhammer-anthology-paperback.pdf
    • http://www.gorillawalker.com/sacagawea-journey-into-the-west-graphic-biographies.pdf
    • http://www.gorillawalker.com/hobbyist-electroplating-made-easy-electroplating-fundamentals-on-dvd-w-book.pdf
    • http://www.gorillawalker.com/total-lockdown-kindle-edition.pdf
    • http://www.gorillawalker.com/john-wilson-to-william-wordsworth-1802-a-new-text-critical.pdf
    • http://www.gorillawalker.com/expertddx-ultrasound-published-by-amirsys-expertddx-tm.pdf
    • http://www.gorillawalker.com/risk-management-for-financial-planners-tools-techniques.pdf
    • http://www.gorillawalker.com/library-media-center-problems-case-studies.pdf
    • http://www.gorillawalker.com/montreal-at-the-crossroads-super-highways-turcot-and-environment.pdf
    • http://www.gorillawalker.com/war-women-and-children-in-ancient-rome-routledge-revivals.pdf
    • http://www.gorillawalker.com/1-fiji-tonga-travel-reference-map-scale-varies.pdf
    • http://www.gorillawalker.com/challenger-at-sea.pdf
    • http://www.gorillawalker.com/yiddish-rhyming-dictionary-yidisher-gramen-leksikon-yiddish-edition.pdf
    • http://www.gorillawalker.com/the-vietnam-war-an-assessment-by-south-vietnam-s-generals.pdf
    • http://www.gorillawalker.com/a-da-act-iii-scena-e-duetto-ciel-mio-padre.pdf
    • http://www.gorillawalker.com/warcraft-the-roleplaying-game.pdf
    • http://www.gorillawalker.com/semantics-culture-and-cognition-universal-human-concepts-in-culture-specific.pdf
    • http://www.gorillawalker.com/daughters-unto-devils.pdf
    • http://www.gorillawalker.com/the-furniture-bible-everything-you-need-to-know-to-identify.pdf
    • http://www.gorillawalker.com/abraham-lincoln-vampire-hunter-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/manufacturing-of-natural-fibre-reinforced-polymer-composites.pdf
    • http://www.gorillawalker.com/learning-the-city-knowledge-and-translocal-assemblage.pdf
    • http://www.gorillawalker.com/cowboy-s-womb-a-baby-for-the-farm.pdf
    • http://www.gorillawalker.com/legal-research-in-scotland-guides-to-legal-research.pdf
    • http://www.gorillawalker.com/de-haske-music-classical-solos-15-easy-solos-for-contest.pdf
    • http://www.gorillawalker.com/living-outside-the-box-tv-free-families-share-their-secrets.pdf
    • http://www.gorillawalker.com/bizarre-phenomena-and-unexplained-mysteries-the-supernatural.pdf
    • http://www.gorillawalker.com/mel-bay-presents-art-of-tremolo.pdf
    • http://www.gorillawalker.com/changing-health-care-for-an-aging-society-planning-for-the.pdf
    • http://www.gorillawalker.com/three-days-in-august-a-u-s-army-special-forces.pdf
    • http://www.gorillawalker.com/official-wimbledon-tennis-coaching-video-part-1.pdf
    • http://www.gorillawalker.com/standard-lesson-commentary-2005-2006-king-james-version-international-sunday.pdf
    • http://www.gorillawalker.com/human-trafficking-around-the-world-hidden-in-plain-sight.pdf
    • http://www.gorillawalker.com/modern-mysteries-of-the-moon-what-we-still-don-t.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.