Malicious PDF — malware analysis report

Static analysis result for SHA-256 cc8d0c465574e56e…

MALICIOUS

PDF

42.0 KB Created: 2018-12-15 20:55:01 +03:00 Authoring application: - (via Apache FOP Version 0.93)
MD5: 1a2c3973d722a76f4f9c9eefd0834702 SHA-1: a19582a06b7bb42b52aad0185c419192d86145b0 SHA-256: cc8d0c465574e56e44ce695068558d04729dd924f16a4e1fd62b3b120d737cc9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to host malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/poquoson-families-volume-vi-the-patrick-evans-and-lawsons-families.pdf
    • http://www.gorillawalker.com/siren-song-blood-singer.pdf
    • http://www.gorillawalker.com/freedom-s-ransom-freedom-series.pdf
    • http://www.gorillawalker.com/advances-in-radar-techniques-ieee-electromagnetic-waves-series.pdf
    • http://www.gorillawalker.com/discovering-french-nouveau-take-home-tutor-cd-rom-30-pack.pdf
    • http://www.gorillawalker.com/mesmerism-in-india-and-its-practical-application-in-surgery-and.pdf
    • http://www.gorillawalker.com/princeless-book-2-get-over-yourself-no-2.pdf
    • http://www.gorillawalker.com/euro-road-map-hungary-czech-republic-slovak-republic-poland.pdf
    • http://www.gorillawalker.com/adventures-with-jesus-2nd-quarter-2015-sunday-school.pdf
    • http://www.gorillawalker.com/atlas-of-internal-medicine.pdf
    • http://www.gorillawalker.com/sports-writing-books-for-writers.pdf
    • http://www.gorillawalker.com/play-learn-archery.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-belgium-and-luxembourg.pdf
    • http://www.gorillawalker.com/under-his-sheets-under-his-book-eleven-an-alpha-billionaire.pdf
    • http://www.gorillawalker.com/on-cooking-update-plus-myculinarylab-with-pearson-etext-access-card.pdf
    • http://www.gorillawalker.com/101-things-to-make-and-do-rainbow-magic.pdf
    • http://www.gorillawalker.com/footpaths-for-fitness-northamptonshire.pdf
    • http://www.gorillawalker.com/bullying-in-schools-what-you-need-to-know-kindle-edition.pdf
    • http://www.gorillawalker.com/i-m-in-love-with-a-thug-2.pdf
    • http://www.gorillawalker.com/canada-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/latvians-in-michigan-discovering-the-peoples-of-michigan.pdf
    • http://www.gorillawalker.com/elton-in-the-southern-highlands-of-tanganyika-being-extracts-from.pdf
    • http://www.gorillawalker.com/confident-music-performance.pdf
    • http://www.gorillawalker.com/a-busy-cook-s-guide-to-spices-how-to-introduce.pdf
    • http://www.gorillawalker.com/iron-pots-wooden-spoons-africa-s-gifts-to-new-world.pdf
    • http://www.gorillawalker.com/armenia-guide-to-the-country.pdf
    • http://www.gorillawalker.com/falling-for-ava-british-billionaires.pdf
    • http://www.gorillawalker.com/corporate-finance-principles-and-practice-2d-university-casebooks-university-casebook.pdf
    • http://www.gorillawalker.com/c-g-jung.pdf
    • http://www.gorillawalker.com/wake-of-the-invercauld-shipwrecked-in-the-sub-antarctic-a.pdf
    • http://www.gorillawalker.com/the-sutra-of-the-forty-two-sections-the-diamond-sutra.pdf
    • http://www.gorillawalker.com/the-extent-of-marketization-of-economic-systems-in-china.pdf
    • http://www.gorillawalker.com/new-mexico-wine-an-enchanting-history.pdf
    • http://www.gorillawalker.com/toward-a-democratic-china-the-intellectual-autobiography-of-yan-jiaqi.pdf
    • http://www.gorillawalker.com/area-500-featuring-the-smoothy-big-mac-greased-lightening-and.pdf
    • http://www.gorillawalker.com/dimensioning-of-glass-structures-iste.pdf
    • http://www.gorillawalker.com/icons-of-style-cult-sneakers.pdf
    • http://www.gorillawalker.com/a-complete-guide-to-acupressure.pdf
    • http://www.gorillawalker.com/sidesplitters-intergalactic-150-cosmic-jokes-about-space.pdf
    • http://www.gorillawalker.com/duke-ellington-king-of-jazz.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.