Malicious PDF — malware analysis report

Static analysis result for SHA-256 dff2022162588cbc…

MALICIOUS

PDF

42.1 KB Created: 2019-03-17 09:52:08 +03:00 Authoring application: ZonBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: 030d0774f9fb5af91dc339865424b1b2 SHA-1: 805830eaacd1d82436bbce819b79b1c52a85e2e3 SHA-256: dff2022162588cbcfee6e75bc798ea51e02443730c8c6fed82981e0b987a3b5e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified it as a link farm containing 32 external PDF links, primarily hosted on www.gorillawalker.com. The document body contains numerous embedded URLs, suggesting a primary function of redirecting users to a large number of other PDF documents, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/touch-of-heaven-mills-boon-kimani-kimani-romance.pdf
    • http://www.gorillawalker.com/a-gathering-of-spies-kindle-edition.pdf
    • http://www.gorillawalker.com/florence-map-city-plan-i-city-map-german-edition.pdf
    • http://www.gorillawalker.com/productivity-and-cyclicality-in-semiconductors-trends-implications-and-questions-report.pdf
    • http://www.gorillawalker.com/how-to-scout-football.pdf
    • http://www.gorillawalker.com/15-documents-and-speeches-that-built-america-unique-classics-declaration.pdf
    • http://www.gorillawalker.com/churchill-kindle-edition.pdf
    • http://www.gorillawalker.com/philosophical-perspectives-on-sex-and-love.pdf
    • http://www.gorillawalker.com/mind-maps-for-business-2nd-edn-using-the-ultimate-thinking.pdf
    • http://www.gorillawalker.com/the-eric-dolphy-collection-artist-transcriptions-woodwinds.pdf
    • http://www.gorillawalker.com/fresh-healthy-cooking-and-living-from-lake-austin-spa-resort.pdf
    • http://www.gorillawalker.com/the-cowboy-rock-star-somewhere-texas-book-1-volume-1.pdf
    • http://www.gorillawalker.com/healing-herbs-from-your-kitchen-a-willowbark-tea-book.pdf
    • http://www.gorillawalker.com/digital-media-worlds-the-new-economy-of-media.pdf
    • http://www.gorillawalker.com/recorder-sonata-in-b-minor-recorder-part.pdf
    • http://www.gorillawalker.com/10-seconds-per-question-toeic-test-english-grammar-2011-isbn.pdf
    • http://www.gorillawalker.com/a-place-called-milagro-de-la-paz.pdf
    • http://www.gorillawalker.com/theology-for-skeptics.pdf
    • http://www.gorillawalker.com/the-dumb-white-husband-s-guide-to-babies.pdf
    • http://www.gorillawalker.com/the-gospel-for-the-people-sixty-short-sermons.pdf
    • http://www.gorillawalker.com/teaching-on-poverty-rock.pdf
    • http://www.gorillawalker.com/lippincott-s-online-course-for-abrams-clinical-drug-therapy-abrams.pdf
    • http://www.gorillawalker.com/how-to-hug-a-porcupine-kindle-edition.pdf
    • http://www.gorillawalker.com/be-the-one-to-execute-your-trust.pdf
    • http://www.gorillawalker.com/the-heirloom-house-how-ebay-and-i-decorated-and-furnished.pdf
    • http://www.gorillawalker.com/betty-wales-sophomore.pdf
    • http://www.gorillawalker.com/how-to-talk-so-men-will-listen.pdf
    • http://www.gorillawalker.com/full-exam-guides-adhd-diagnosis-in-preschoolers-mental-health-an.pdf
    • http://www.gorillawalker.com/archana-book.pdf
    • http://www.gorillawalker.com/the-born-frees-writing-with-the-girls-of-gugulethu.pdf
    • http://www.gorillawalker.com/the-collected-critical-heritage-i-thomas-carlyle-the-critical-heritage.pdf
    • http://www.gorillawalker.com/the-law-of-real-property.pdf
    • http://www.gorillawalker.com/the-one-state-solution-a-breakthrough-for-peace-in-the.pdf
    • http://www.gorillawalker.com/industrial-wastewater-source-control-an-inspection-guide.pdf
    • http://www.gorillawalker.com/strange-new-worlds-star-trek.pdf
    • http://www.gorillawalker.com/mercy-sparx-0-1-comic-book-bundle-kindle-edition.pdf
    • http://www.gorillawalker.com/in-the-midst-of-a-storm-a-pride-and-prejudice.pdf
    • http://www.gorillawalker.com/how-to-survive-and-thrive-on-food-stamps-how-to.pdf
    • http://www.gorillawalker.com/abc-sing-along.pdf
    • http://www.gorillawalker.com/blackjack-tome-2.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.