Malicious PDF — malware analysis report

Static analysis result for SHA-256 d89d6bcb43eb2385…

MALICIOUS

PDF

46.0 KB Created: 2019-03-17 06:56:45 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: bbfccdb516125e4ea62f55203aef63e6 SHA-1: b70b30ce7520985c202449001e0b764a0c1c87dd SHA-256: d89d6bcb43eb2385e67b5a375ec054851f7003784baab2f34b9ebacf090d3716
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and unreadable, but the presence of numerous links to PDFs on www.gorillawalker.com suggests a link farm or content distribution tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/maoriland-new-zealand-literature-1872-1914.pdf
    • http://www.gorillawalker.com/lucky-kunst-the-rise-and-fall-of-young-british-art.pdf
    • http://www.gorillawalker.com/imperial-debris-on-ruins-and-ruination.pdf
    • http://www.gorillawalker.com/the-hellenistic-kingdoms-portrait-coins-and-history.pdf
    • http://www.gorillawalker.com/travel-alone-and-love-it-a-flight-attendant-s-guide.pdf
    • http://www.gorillawalker.com/the-intention-project-soul-messages-to-magically-transform-your-life.pdf
    • http://www.gorillawalker.com/aviation-century-the-early-years.pdf
    • http://www.gorillawalker.com/yehonala-la-concubina-que-se-convirtio-en-la-ultima-y.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-trigonometry-a-unit-circle-approach.pdf
    • http://www.gorillawalker.com/principles-of-cmos-vlsi-design-a-systems-perspective-2nd-edition.pdf
    • http://www.gorillawalker.com/lake-sustainability-wit-transactions-on-state-of-the-art-in.pdf
    • http://www.gorillawalker.com/a-text-book-of-inorganic-chemistry.pdf
    • http://www.gorillawalker.com/breaking-through-darkness-a-personal-story.pdf
    • http://www.gorillawalker.com/ritual-song-a-hymnal-and-service-book-for-roman-catholics.pdf
    • http://www.gorillawalker.com/handbook-of-magnetic-materials-volume-15.pdf
    • http://www.gorillawalker.com/arming-asia-technonationalism-and-its-impact-on-local-defense-industries.pdf
    • http://www.gorillawalker.com/el-abc-de-las-instalaciones-electricas-industriales-the-abc-of.pdf
    • http://www.gorillawalker.com/jefferson-and-the-rights-of-man.pdf
    • http://www.gorillawalker.com/violence-renounced-studies-in-peace-and-scripture.pdf
    • http://www.gorillawalker.com/adopted-for-life-the-priority-of-adoption-for-christian-families.pdf
    • http://www.gorillawalker.com/corporate-governance-for-public-company-directors.pdf
    • http://www.gorillawalker.com/cisco-callmanager-fundamentals-2nd-edition.pdf
    • http://www.gorillawalker.com/the-practical-encyclopedia-of-drawing-pencils-pens-and-pastels-observing.pdf
    • http://www.gorillawalker.com/sacred-sound-and-social-change-liturgical-music-in-jewish-and.pdf
    • http://www.gorillawalker.com/report-of-the-parole-board-house-of-commons-papers.pdf
    • http://www.gorillawalker.com/suzuki-piano-school-volume-6-book-cd-suzuki-method-core.pdf
    • http://www.gorillawalker.com/blue-ridge-parkway-guide-volume-1-rockfish-gap-to-grandfather.pdf
    • http://www.gorillawalker.com/boomerang-travels-in-the-new-third-world.pdf
    • http://www.gorillawalker.com/a-taste-of-georgia.pdf
    • http://www.gorillawalker.com/bond-s-top-100-franchises-2016.pdf
    • http://www.gorillawalker.com/abortion-services-and-military-medical-facilities-kindle-edition.pdf
    • http://www.gorillawalker.com/500-alphabets-in-cross-stitch.pdf
    • http://www.gorillawalker.com/transportation-logistics-dictionary-transport-press-title.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-disseminated-sclerosis-an-investigation-by-the-association-for.pdf
    • http://www.gorillawalker.com/barcelona-cuentanos-de-ti-barcelona-tell-us-about-you-spanish.pdf
    • http://www.gorillawalker.com/the-aleutian-kayak-origins-construction-and-use-of-the-traditional.pdf
    • http://www.gorillawalker.com/political-anthropology-an-introduction.pdf
    • http://www.gorillawalker.com/the-bat-a-mystery-drama-in-three-acts.pdf
    • http://www.gorillawalker.com/strategies-that-work-comprehension-practice-grade-5.pdf
    • http://www.gorillawalker.com/a-life-of-one-s-own.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.