Malicious PDF — malware analysis report

Static analysis result for SHA-256 c931cb8b6e323a56…

MALICIOUS

PDF

33.3 KB Created: 2019-12-18 16:53:29 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: fdcbb9ae0a55571cf719515f025f5536 SHA-1: 3a971c572ab9b61899c33374c1bd25cc4b5a0208 SHA-256: c931cb8b6e323a5649fcd24d4b1623611e51d583a2eeee8cddcacc52f25f9764
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to documents on the same domain, indicative of a link farm. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a lure to a site with a high volume of content, potentially for distributing other malware or phishing. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/zeus-volume-1-set-zeus-2-part-set-a-study.pdf
    • http://www.gorillawalker.com/polyphemus.pdf
    • http://www.gorillawalker.com/dynamic-structural-and-thermodynamic-properties-of-fast-ion-conducting-copper.pdf
    • http://www.gorillawalker.com/vested-in-grace-marriage-and-priesthood-in-the-christian-east.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-theory-and-problems-of-reinforced-concrete.pdf
    • http://www.gorillawalker.com/schools-and-schooling-in-the-digital-age-a-critical-analysis.pdf
    • http://www.gorillawalker.com/songs-of-the-cotton-grass-for-soprano-and-oboe-or.pdf
    • http://www.gorillawalker.com/god-finds-religion.pdf
    • http://www.gorillawalker.com/secondary-specials-re-islam.pdf
    • http://www.gorillawalker.com/rainforest-destruction-save-our-earth.pdf
    • http://www.gorillawalker.com/the-mahabharatha-a-child-s-view-volume-2.pdf
    • http://www.gorillawalker.com/principles-of-oral-diagnosis.pdf
    • http://www.gorillawalker.com/i-figli-del-pozzo-di-carne-victorian-solstice-episodio-3.pdf
    • http://www.gorillawalker.com/the-paper-doorway-funny-verse-and-nothing-worse.pdf
    • http://www.gorillawalker.com/handbook-of-second-and-foreign-language-writing-handbooks-of-applied.pdf
    • http://www.gorillawalker.com/getting-started-with-adafruit-trinket-15-projects-with-the-low.pdf
    • http://www.gorillawalker.com/merrill-s-atlas-of-radiographic-positions-and-radiologic-procedures-volume.pdf
    • http://www.gorillawalker.com/communities-magazine-66-spring-1985-directory-1985-kindle-edition.pdf
    • http://www.gorillawalker.com/henri-lefebvre-and-the-spanish-urban-experience-reading-from-the.pdf
    • http://www.gorillawalker.com/business-separation-transactions-spin-offs-subsidiary-ipos-and-tracking-stock.pdf
    • http://www.gorillawalker.com/done-in-a-day-whistler-the-10-premier-hikes.pdf
    • http://www.gorillawalker.com/tie-me-one-night-with-sole-regret-series-book-5.pdf
    • http://www.gorillawalker.com/trek-an-american-woman-two-small-children-and-survival-in.pdf
    • http://www.gorillawalker.com/ship-handling.pdf
    • http://www.gorillawalker.com/a-companion-to-donald-davidson.pdf
    • http://www.gorillawalker.com/don-juan-in-high-school-lord-byron-updated.pdf
    • http://www.gorillawalker.com/physics-a-first-course-vol-1.pdf
    • http://www.gorillawalker.com/sick-in-bed-the-creamy-wet-nurses-book-5.pdf
    • http://www.gorillawalker.com/elements-of-speechwriting-and-public-speaking.pdf
    • http://www.gorillawalker.com/twilight-music-from-the-motion-picture-score-for-big-note.pdf
    • http://www.gorillawalker.com/o-connor-s-texas-rules-civil-trials-2013.pdf
    • http://www.gorillawalker.com/health-program-planning-and-evaluation-a-practical-systematic-approach-for.pdf
    • http://www.gorillawalker.com/by-claire-belton-pusheen-the-cat-2015-wall-calendar-wal.pdf
    • http://www.gorillawalker.com/food-additive-user-s-handbook.pdf
    • http://www.gorillawalker.com/pharmako-dynamis-stimulating-plants-potions-herbcraft.pdf
    • http://www.gorillawalker.com/social-and-political-riddles-in-hinduism-kindle-edition.pdf
    • http://www.gorillawalker.com/female-ejaculation-and-the-g-spot-not-your-mother-s.pdf
    • http://www.gorillawalker.com/interaction-of-color-revised-edition.pdf
    • http://www.gorillawalker.com/medical-pocket-dictionary-w-rterbuch-medizin-und-pflege-deutsch-englisch.pdf
    • http://www.gorillawalker.com/101-healing-breakthroughs.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.