Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff75f5dd0924a11c…

MALICIOUS

PDF

43.4 KB Created: 2019-04-11 05:48:18 +03:00 Authoring application: Apache FOP Version 1.0
MD5: c51b6db3445af7f8ebc3a9a50a558ce7 SHA-1: d7728c119202f84e77554e9128c87da24d2840e9 SHA-256: ff75f5dd0924a11c2e4eb39bdce8c5bfa02903f7cdeb785a7e1864678c282447
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links embedded within the document, all pointing to the same domain (www.gorillawalker.com). This suggests a coordinated effort to direct users to a vast collection of linked PDFs, likely for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/joan-of-arc-s-entry-into-orleans-from-an-original.pdf
    • http://www.gorillawalker.com/a-slave-no-more-two-men-who-escaped-to-freedom.pdf
    • http://www.gorillawalker.com/allgemeine-und-angewandte-phonetik-german-edition.pdf
    • http://www.gorillawalker.com/financial-institutions-management-a-risk-management-approach-with-power-web.pdf
    • http://www.gorillawalker.com/the-essential-colin-wilson.pdf
    • http://www.gorillawalker.com/the-mirror-erotica.pdf
    • http://www.gorillawalker.com/christ-and-the-tao.pdf
    • http://www.gorillawalker.com/i-am-a-little-giraffe-large-i-am-series.pdf
    • http://www.gorillawalker.com/crop-plant-anatomy.pdf
    • http://www.gorillawalker.com/introduction-to-the-practice-of-fishery-science-revised-edition.pdf
    • http://www.gorillawalker.com/giant-pandas-untamed-world.pdf
    • http://www.gorillawalker.com/design-sprint-a-practical-guidebook-for-creating-great-digital-products.pdf
    • http://www.gorillawalker.com/ctia-consolidated-treaties-international-agreements-2010-vol-2-issued-october.pdf
    • http://www.gorillawalker.com/study-guide-for-hoffman-maloney-raabe-young-s-south-western.pdf
    • http://www.gorillawalker.com/bending-reality.pdf
    • http://www.gorillawalker.com/beyond-violence.pdf
    • http://www.gorillawalker.com/hard-vacuum-1-kindle-edition.pdf
    • http://www.gorillawalker.com/choson-nodongdang-yongu-chido-sasang-kwa-kujo-pyonhwa-rul-chungsim.pdf
    • http://www.gorillawalker.com/man-his-origin-and-destiny.pdf
    • http://www.gorillawalker.com/stunning-butterfly-photos-butterflies-close-up-photo-book-photo-album.pdf
    • http://www.gorillawalker.com/wine-lisa-wolk-2015-pocket-planner.pdf
    • http://www.gorillawalker.com/1001-questions-and-answers-on-philippine-geography-including-third-fourth.pdf
    • http://www.gorillawalker.com/postwar-trends-in-u-s-forest-products-trade-a-global.pdf
    • http://www.gorillawalker.com/indoor-air-quality-engineering.pdf
    • http://www.gorillawalker.com/asking-questions-training-extras.pdf
    • http://www.gorillawalker.com/fantastic-facts-about-pigs-illustrated-fun-learning-for-kids.pdf
    • http://www.gorillawalker.com/blood-thunder-the-unofficial-biography-of-jonah-lomu.pdf
    • http://www.gorillawalker.com/the-count-of-monte-cristo-coleccion-clasicos-para-ninos-spanish.pdf
    • http://www.gorillawalker.com/careers-in-psychology-opportunities-in-a-changing-world.pdf
    • http://www.gorillawalker.com/finite-markov-processes-and-their-applications-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/the-eric-trap.pdf
    • http://www.gorillawalker.com/the-union-that-shaped-the-confederacy-robert-toombs-and-alexander.pdf
    • http://www.gorillawalker.com/roadmap-to-5th-grade-math-north-carolina-edition-state-test.pdf
    • http://www.gorillawalker.com/fantasy-football-for-smart-people-how-fantasy-football-pros-game.pdf
    • http://www.gorillawalker.com/doppler-ultrasound-in-gynecology-progress-in-obstetric-and-gynecological-sonography.pdf
    • http://www.gorillawalker.com/australia-true-stories-of-life-down-under-travelers-tales.pdf
    • http://www.gorillawalker.com/andr-gide-pederasty-and-pedagogy.pdf
    • http://www.gorillawalker.com/social-behaviour-in-animals-with-special-reference-to-vertebrates-methuen.pdf
    • http://www.gorillawalker.com/recommendations-on-the-transport-of-dangerous-goods-manual-of-tests.pdf
    • http://www.gorillawalker.com/anna-weiss.pdf
    • http://www.gorillawalker.com/financial-institutions-management-a-risk-management-approa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.