Malicious PDF — malware analysis report

Static analysis result for SHA-256 a398d0301056c209…

MALICIOUS

PDF

32.8 KB Created: 2020-01-17 19:19:05 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: 4da6b80bd51c74de4b66fbee60c6946a SHA-1: be6d5bf4d87662f032621f7ebdcc63b2527ba072 SHA-256: a398d0301056c209a33014694644a2d022b315b66a0714145b8329c5fe3be44f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, directing users to numerous external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/defenders-of-the-breach.pdf
    • http://www.gorillawalker.com/black-and-white-photography-3-bwwm-alpha-male-multiple-partners.pdf
    • http://www.gorillawalker.com/what-on-earth-is-going-on-signs-of-the-times.pdf
    • http://www.gorillawalker.com/die-lilien-reihe-band-2-die-nacht-der-lilie-german.pdf
    • http://www.gorillawalker.com/under-heaven-kindle-edition.pdf
    • http://www.gorillawalker.com/maserati-sports-racing-and-gt-cars-from-1926-a-foulis.pdf
    • http://www.gorillawalker.com/organizational-generativity-the-appreciate-inquiry-summit-and-a-scholarship-of.pdf
    • http://www.gorillawalker.com/summer-camp-tease-kindle-edition.pdf
    • http://www.gorillawalker.com/principal-a-personal-history.pdf
    • http://www.gorillawalker.com/the-writers-journey-mythic-structure-for-writers-2nd-edition.pdf
    • http://www.gorillawalker.com/los-ngeles-del-destino-humano-vol-2-spanish-edition-los.pdf
    • http://www.gorillawalker.com/slave-to-desire.pdf
    • http://www.gorillawalker.com/culture-and-values-a-survey-of-the-humanities-alternate-edition.pdf
    • http://www.gorillawalker.com/winning-low-limit-hold-em.pdf
    • http://www.gorillawalker.com/finding-george-orwell-in-burma.pdf
    • http://www.gorillawalker.com/anthropocosmic-theatre-rite-in-the-dynamics-of-theatre-contemporary-theatre.pdf
    • http://www.gorillawalker.com/cad-cam-auf-dem-weg-zu-einer-branchen-bergreifenden-integration.pdf
    • http://www.gorillawalker.com/lifespan-developmental-psychology-dantes-dsst-test-study-guide-pass-your.pdf
    • http://www.gorillawalker.com/on-innovation.pdf
    • http://www.gorillawalker.com/my-story-of-fredericksburg-the-writings-of-joshua-lawrence-chamberlain.pdf
    • http://www.gorillawalker.com/ziggy-s-little-book-of-friendship-little-books.pdf
    • http://www.gorillawalker.com/arbitrating-the-uninsured-motorist-case-auto-cases-crash-course-an.pdf
    • http://www.gorillawalker.com/what-love-is-a-young-woman-s-salvation-relies-on.pdf
    • http://www.gorillawalker.com/adele-21.pdf
    • http://www.gorillawalker.com/joseph-keene-chadwick-interventions-and-continuities-in-irish-and-gay.pdf
    • http://www.gorillawalker.com/urology-overactive-bladder-diagnosis-and-treatment-audio-digest-foundation-urology.pdf
    • http://www.gorillawalker.com/i-love-you-sun-i-love-you-moon.pdf
    • http://www.gorillawalker.com/cartagena-travel-guide-ulysses-due-south-cartagena.pdf
    • http://www.gorillawalker.com/the-ultimate-beauty-guide-head-to-toe-homemade-beauty-tips.pdf
    • http://www.gorillawalker.com/methods-of-cancer-diagnosis-therapy-and-prognosis-brain-cancer-methods.pdf
    • http://www.gorillawalker.com/ayub-khan-and-military-rule-in-pakistan-1958-1969.pdf
    • http://www.gorillawalker.com/wild-kruger-a-visual-celebration-of-africa-s-premier-national.pdf
    • http://www.gorillawalker.com/a-juicer-s-practical-approach-to-common-autoimmune-conditions-a.pdf
    • http://www.gorillawalker.com/russian-blue-cats-as-pets-personality-care-habitat-feeding-shedding.pdf
    • http://www.gorillawalker.com/wandering-star-a-zodiac-novel.pdf
    • http://www.gorillawalker.com/designpop.pdf
    • http://www.gorillawalker.com/borderline-personality-disorder-bymondimore.pdf
    • http://www.gorillawalker.com/introduction-to-transonic-aerodynamics-fluid-mechanics-and-its-applications.pdf
    • http://www.gorillawalker.com/elephants-majestic-creatures-of-the-wild.pdf
    • http://www.gorillawalker.com/play-and-grow-cutting-and-pasting-paper-play-grow-workbooks.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.