Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1595a276d70d212…

MALICIOUS

PDF

32.0 KB Created: 2019-12-13 01:56:40 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: 0001d4cb78d0e99994b0240451413c80 SHA-1: 6f2f263239b8cc10a4af690f598b4abecf9d6866 SHA-256: b1595a276d70d21297f578ab59bc85340ca6a3c12b63b904b51714bbd5513cda
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links all point to PDF files on the same domain, suggesting a link farm designed to manipulate search engine rankings or distribute content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/biology-virtual-labs-glenco-science.pdf
    • http://www.gorillawalker.com/trumpet-stars-set-1-book-cd-pack.pdf
    • http://www.gorillawalker.com/eritrea-business-law-handbook.pdf
    • http://www.gorillawalker.com/official-cliff-richard-slim-calendar-2012.pdf
    • http://www.gorillawalker.com/think-of-england.pdf
    • http://www.gorillawalker.com/miasma-pollution-and-purification-in-early-greek-religion-clarendon-paperbacks.pdf
    • http://www.gorillawalker.com/o-mundo-encantado-do-amor-portuguese-edition.pdf
    • http://www.gorillawalker.com/pastoral.pdf
    • http://www.gorillawalker.com/passionate-ink-a-guide-to-writing-erotic-romance.pdf
    • http://www.gorillawalker.com/the-complete-home-inspection-kit.pdf
    • http://www.gorillawalker.com/hungarian-cookbook.pdf
    • http://www.gorillawalker.com/dictionary-for-theological-interpretation-of-the-bible.pdf
    • http://www.gorillawalker.com/last-night.pdf
    • http://www.gorillawalker.com/performance-coaching-for-dummies.pdf
    • http://www.gorillawalker.com/grafolog-a-psicol-gica-psicolog-a-spanish-edition.pdf
    • http://www.gorillawalker.com/organizational-communication-foundations-challenges-and-misunderstandings-3rd-edition.pdf
    • http://www.gorillawalker.com/bauhausleuchten-kandemlicht-die-zusammenarbeit-des-bauhauses-mit-der-leipziger-firma.pdf
    • http://www.gorillawalker.com/wee-sing-around-the-world.pdf
    • http://www.gorillawalker.com/moon-monterey-carmel-including-santa-cruz-big-sur-moon-handbooks.pdf
    • http://www.gorillawalker.com/300-years-of-kitchen-collectibles-identification-value-guide.pdf
    • http://www.gorillawalker.com/light-infantry-tactics-for-small-teams.pdf
    • http://www.gorillawalker.com/without-a-trace-the-jennie-mcgrady-mysteries-book-5.pdf
    • http://www.gorillawalker.com/nail-masters-success-stories-from-industry-experts.pdf
    • http://www.gorillawalker.com/german-vocabulary-barron-s-vocabulary-series.pdf
    • http://www.gorillawalker.com/egypt-civilization-in-the-sands.pdf
    • http://www.gorillawalker.com/basic-concepts-in-physics-from-the-cosmos-to-quarks-undergraduate.pdf
    • http://www.gorillawalker.com/film-favorites-oboe.pdf
    • http://www.gorillawalker.com/day-no-pigs-would-die.pdf
    • http://www.gorillawalker.com/the-bumpy-ride-victorian-voyeurism-menage-erotica.pdf
    • http://www.gorillawalker.com/the-politically-correct-book-of-holiday-songs-for-recorder.pdf
    • http://www.gorillawalker.com/butterworths-insolvency-law-handbook-paperback.pdf
    • http://www.gorillawalker.com/nonstandard-asymptotic-analysis-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/bomb-queen-gang-bang-tp-bomb-queen-unnumbered.pdf
    • http://www.gorillawalker.com/children-of-the-river.pdf
    • http://www.gorillawalker.com/juegos-para-estimular-la-lectura-en-los-ninos-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-be-a-more-effective-church-leader-a-special.pdf
    • http://www.gorillawalker.com/the-last-princess-a-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/war-in-the-pacific-documenting-world-war-ii.pdf
    • http://www.gorillawalker.com/water-treatment-principles-and-practices-of-water-supply-operations-water.pdf
    • http://www.gorillawalker.com/around-the-world-in-eighty-days-modern-library-classics.pdf
    • http://www.gorillawalker.com/bauhausleuchten-kandemlicht-die-zusammenarbeit-des-bauhauses-mit-der-leipziger-f
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.