Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0491c5847013a97…

MALICIOUS

PDF

43.6 KB Created: 2018-11-14 11:21:30 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: 56a77ddc6cdb1957bbe7107a8442da37 SHA-1: ccd347eb694abab52b7a9c9c77ec1513eb6226b8 SHA-256: f0491c5847013a97fc7a35a792dc9d2b226067f5e2bf8b0b70e34859700c533b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The document body appears to be malformed or heavily obfuscated, preventing a clear understanding of its direct user-facing purpose beyond the link farm. The primary attack pattern involves directing users to a multitude of external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/head-and-neuroanatomy-thieme-atlas-of-anatomy-by-michael-schuenke.pdf
    • http://www.gorillawalker.com/cool-snowboarders-x-moves.pdf
    • http://www.gorillawalker.com/adult-entertainment-lesbians-group-sex-hot-threesome-sexy-lesbian-menage.pdf
    • http://www.gorillawalker.com/industrial-design-materials-and-manufacturing-guide.pdf
    • http://www.gorillawalker.com/putin-s-opponents-russia-s-opposition-in-danger.pdf
    • http://www.gorillawalker.com/elementary-illustrations-of-the-differential-and-integral-calculus.pdf
    • http://www.gorillawalker.com/new-adventures-of-sherlock-holmes-the-speckled-band-and-the.pdf
    • http://www.gorillawalker.com/don-t-know-why-norah-jones-piano-vocal-guitar-sheet.pdf
    • http://www.gorillawalker.com/interplay-between-consciousness-and-concepts.pdf
    • http://www.gorillawalker.com/burke-s-royal-families-of-the-world-europe-and-latin.pdf
    • http://www.gorillawalker.com/net-web-services-architecture-and-implementation.pdf
    • http://www.gorillawalker.com/acne-cure-the-most-effective-strategies-to-get-rid-of.pdf
    • http://www.gorillawalker.com/ain-t-no-bull-the-veil-4-siren-publishing-classic.pdf
    • http://www.gorillawalker.com/international-law-reports-volume-4.pdf
    • http://www.gorillawalker.com/an-introduction-to-theology-in-global-perspective.pdf
    • http://www.gorillawalker.com/our-zimbabwe-an-element-of-political-economy.pdf
    • http://www.gorillawalker.com/bridging-the-generation-gap.pdf
    • http://www.gorillawalker.com/not-quite-a-husband-kindle-edition.pdf
    • http://www.gorillawalker.com/women-and-autoimmune-disease-the-mysterious-ways-your-body-betrays.pdf
    • http://www.gorillawalker.com/abraham-lincoln-early-speeches-springfield-speech-cooper-union-speech-inaugural.pdf
    • http://www.gorillawalker.com/jane-eyre-easyread-super-large-20pt-edition-vol-3-of.pdf
    • http://www.gorillawalker.com/christian-courtship-in-an-oversexed-world-a-guide-for-catholics.pdf
    • http://www.gorillawalker.com/voices-for-good-friday-worship-services-with-dramatic-monologues-based.pdf
    • http://www.gorillawalker.com/classic-british-cars-the-history-of-ten-legendary-car-companies.pdf
    • http://www.gorillawalker.com/penguins-los-pinguinos-los-pinguinos-animals-i-see-at-the.pdf
    • http://www.gorillawalker.com/a-is-for-bdsm-checklist-book-1.pdf
    • http://www.gorillawalker.com/differential-equations-with-applications-and-historical-notes-2nd-edition-international.pdf
    • http://www.gorillawalker.com/curious-complete-series.pdf
    • http://www.gorillawalker.com/college-algebra-concepts-through-functions-3rd-edition.pdf
    • http://www.gorillawalker.com/john-heliker-drawing-the-new-deal.pdf
    • http://www.gorillawalker.com/brittany-bretagne-1.pdf
    • http://www.gorillawalker.com/down-and-dirty.pdf
    • http://www.gorillawalker.com/the-bickford-mandolin-method.pdf
    • http://www.gorillawalker.com/by-jonathan-feist-essential-songwriter-craft-great-songs-become-a.pdf
    • http://www.gorillawalker.com/mastery-of-the-french-horn-technique-and-musical-expression.pdf
    • http://www.gorillawalker.com/bienvenue-french-1b-glencoe-french.pdf
    • http://www.gorillawalker.com/1992-directory-of-political-periodicals-a-guide-to-newsletters-journals.pdf
    • http://www.gorillawalker.com/the-solution-to-social-anxiety-break-free-from-the-shyness.pdf
    • http://www.gorillawalker.com/via-dolorosa-and-when-shall-we-live-paperback.pdf
    • http://www.gorillawalker.com/the-new-science-of-ageing-new-dynamics-of-ageing.pdf
    • http://www.gorillawalker.com/new-adventures-of-sherlock-holmes-the-speckled
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.