Malicious PDF — malware analysis report

Static analysis result for SHA-256 f62f74131783047c…

MALICIOUS

PDF

41.7 KB Created: 2019-03-18 02:04:14 +03:00 Authoring application: DITA Open Toolkit (via Apache FOP Version 1.0)
MD5: 2789374ddab6817c866c6b93838b7150 SHA-1: 260712a5ccd9e4e3c37d81bc8923cd71a4c8dda8 SHA-256: f62f74131783047c943d10df672fcb9434197ba47624c482187bb25587e50e7d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. The document body, though heavily obfuscated, contains numerous URLs pointing to external PDF files, suggesting a link farm or distribution mechanism. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-ego-and-the-id-first-edition-text.pdf
    • http://www.gorillawalker.com/questions-answers-about-sleep-apnea-100-questions-answers.pdf
    • http://www.gorillawalker.com/25-plus-proven-ways-to-make-money-in-your-home.pdf
    • http://www.gorillawalker.com/the-secrets-of-your-birthday.pdf
    • http://www.gorillawalker.com/finding-the-way-a-tao-for-down-to-earth-people.pdf
    • http://www.gorillawalker.com/constitutional-law-and-politics-struggles-for-power-and-governmental-accountability.pdf
    • http://www.gorillawalker.com/the-humana-festival-the-history-of-new-plays-at-actors.pdf
    • http://www.gorillawalker.com/letts-make-it-easy-complete-editions-151-english-age-8.pdf
    • http://www.gorillawalker.com/david-huele-david-en-panales-david-smells-a-diaper-david.pdf
    • http://www.gorillawalker.com/flavors-of-india-authentic-indian-recipes.pdf
    • http://www.gorillawalker.com/singer-s-musical-theatre-anthology-volume-6-baritone-bass.pdf
    • http://www.gorillawalker.com/holt-american-anthem-missouri-american-anthem-modern-american-history-test.pdf
    • http://www.gorillawalker.com/concerto-for-tuba-and-orchestra-tuba-with-piano-reduction-guitar.pdf
    • http://www.gorillawalker.com/a-motorboater-s-guide-to-lake-winnipesaukee-exploring-the-lake.pdf
    • http://www.gorillawalker.com/just-daniel-kindle-edition.pdf
    • http://www.gorillawalker.com/a-time-to-attack-the-looming-iranian-nuclear-threat.pdf
    • http://www.gorillawalker.com/jose-can-you-see-latinos-on-and-off-broadway.pdf
    • http://www.gorillawalker.com/introduction-to-biophysics.pdf
    • http://www.gorillawalker.com/the-star-beast.pdf
    • http://www.gorillawalker.com/bright-freedom-s-song-a-story-of-the-underground-railroad.pdf
    • http://www.gorillawalker.com/charleston-conference-proceedings-2006.pdf
    • http://www.gorillawalker.com/poems-of-september-past.pdf
    • http://www.gorillawalker.com/case-for-bliss.pdf
    • http://www.gorillawalker.com/hotel-piohob4s-palace-spanish-edition.pdf
    • http://www.gorillawalker.com/malin-slater-and-hodges-public-sector-employment-2d-american-casebook.pdf
    • http://www.gorillawalker.com/rooted-reflections-on-the-gardens-in-scripture.pdf
    • http://www.gorillawalker.com/design-management-for-sustainability-architectural-engineering-and-design-management.pdf
    • http://www.gorillawalker.com/painfully-shy-how-to-overcome-social-anxiety-and-reclaim-your.pdf
    • http://www.gorillawalker.com/open-water-swimming-a-complete-guide-for-distance-swimmers-and.pdf
    • http://www.gorillawalker.com/a-legacy-of-secrets-mass-market-paperback.pdf
    • http://www.gorillawalker.com/introduction-to-biopsychology-global-edition.pdf
    • http://www.gorillawalker.com/knochenmetastasen-radiologische-diagnostik-therapie-und-nachsorge-german-edition.pdf
    • http://www.gorillawalker.com/fitness-and-health-walking-and-running.pdf
    • http://www.gorillawalker.com/radical-hospitality.pdf
    • http://www.gorillawalker.com/thermodynamik-grundlagen-und-technische-anwendungen-band-1-einstoffsysteme-springer-lehrbuch.pdf
    • http://www.gorillawalker.com/guide-to-rhodesia-for-the-use-of-tourists-and-settlers.pdf
    • http://www.gorillawalker.com/lieutenant-your-cap-s-on-backward-a-warm-story-of.pdf
    • http://www.gorillawalker.com/behind-a-thousand-names-talks-on-the-nirvana-upanishad.pdf
    • http://www.gorillawalker.com/coriolanus-donmar-warehouse-modern-plays.pdf
    • http://www.gorillawalker.com/workbook-for-brumbach-clade-s-industrial-maintenance-2nd.pdf
    • http://www.gorillawalker.com/david-huele-david-en-panales-david-smells-a-diaper-david.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.