Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2dd863c983f25bf…

MALICIOUS

PDF

45.4 KB Created: 2018-11-30 20:33:46 +03:00 Authoring application: DocBook XSL Stylesheets with Apache FOP (via Apache FOP Version 2.1)
MD5: 8a7779b4ee3a93c7cceff7a876e4bc74 SHA-1: 8bbe07d7bb1cd8070d891db6792779f553cb4b9e SHA-256: e2dd863c983f25bfaef9d38e79324fd7b961f1f97effb3bef9aad8a990b6981d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO spam or link farm attack. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or manipulate search results. No scripts were extracted, limiting the ability to determine further payload delivery or execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hot-l-a-volume-1-spanish-edition.pdf
    • http://www.gorillawalker.com/on-the-far-side-of-the-mountain.pdf
    • http://www.gorillawalker.com/flight-and-return-a-memoir-of-world-war-ii.pdf
    • http://www.gorillawalker.com/emily-s-balloon.pdf
    • http://www.gorillawalker.com/the-visual-factory-building-participation-through-shared-information-see-what.pdf
    • http://www.gorillawalker.com/prescott-pioneers-the-complete-series-4-books-in-1.pdf
    • http://www.gorillawalker.com/child-centered-play-therapy.pdf
    • http://www.gorillawalker.com/mail-order-bride-from-england-to-the-rancher-s-heart.pdf
    • http://www.gorillawalker.com/sea-of-stone-fire-ice.pdf
    • http://www.gorillawalker.com/foundation-redefine-your-core-conquer-back-pain-and-move-with.pdf
    • http://www.gorillawalker.com/101-violin-tips-stuff-all-the-pros-know-and-use.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-5420-279-10-dry.pdf
    • http://www.gorillawalker.com/the-lost-chord-arrangement-for-theatre-orchestra-keyboard-conductor-score.pdf
    • http://www.gorillawalker.com/mri-workbook-for-technologists.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-4210-218-13-p.pdf
    • http://www.gorillawalker.com/from-the-grassroots-to-the-supreme-court-brown-v-board.pdf
    • http://www.gorillawalker.com/a-school-of-dolphins.pdf
    • http://www.gorillawalker.com/the-grateful-dead-and-philosophy-getting-high-minded-about-love.pdf
    • http://www.gorillawalker.com/saxon-algebra-1-2-an-incremental-development-test-forms.pdf
    • http://www.gorillawalker.com/in-search-of-truth-and-honor-reflections-of-an-undercover.pdf
    • http://www.gorillawalker.com/summer-of-night-seasons-of-horror-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/biochemistry-applied-to-malting-and-brewing.pdf
    • http://www.gorillawalker.com/photographing-families-use-natural-light-flash-posing-and-more-to.pdf
    • http://www.gorillawalker.com/military-tribunals-historical-patterns-and-lessons.pdf
    • http://www.gorillawalker.com/the-african-national-congress-sutton-pocket-histories.pdf
    • http://www.gorillawalker.com/mauve-how-one-man-invented-a-color-that-changed-the.pdf
    • http://www.gorillawalker.com/die-stukkende-snaar-leerlingboek-gr-8-9-std-6-7.pdf
    • http://www.gorillawalker.com/suore-ninja-n-1-zombie-gay-in-vaticano-italian-edition.pdf
    • http://www.gorillawalker.com/the-childcare-answer-book.pdf
    • http://www.gorillawalker.com/faith-stories-of-one-good-catholic-girl.pdf
    • http://www.gorillawalker.com/how-to-cure-a-cold-in-two-days-you-cannot.pdf
    • http://www.gorillawalker.com/34402-12-advanced-boilermaking-construction-drawings-tg.pdf
    • http://www.gorillawalker.com/fat-cat-fun-with-phonics.pdf
    • http://www.gorillawalker.com/naval-marine-engineering-practice.pdf
    • http://www.gorillawalker.com/immunintervention-durch-das-hepatitis-c-virus-core-protein-identifizierung-neuer.pdf
    • http://www.gorillawalker.com/science-a-history.pdf
    • http://www.gorillawalker.com/l-apprenti-chevalier-quel-beau-troubadour-french-edition.pdf
    • http://www.gorillawalker.com/on-the-record-over-150-of-the-most-creative-people.pdf
    • http://www.gorillawalker.com/el-matrimonio-en-derecho-romano-fuori-collana-spanish-edition.pdf
    • http://www.gorillawalker.com/aromatherapy-for-health-professionals-4e-price-aromatherapy-for-health-professionals.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.