Malicious PDF — malware analysis report

Static analysis result for SHA-256 09e8a0f1903321cf…

MALICIOUS

PDF

42.1 KB Created: 2018-12-14 20:05:48 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 11793f09263f827b6ac82fad50882d32 SHA-1: 2489ab670c9d34de68aa1838ec0bf07c08c4fba3 SHA-256: 09e8a0f1903321cfc16e24fc09a62bd5286fe247318f595170c328334c7fe413
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample was identified as malicious by an ML classifier and exhibits a critical heuristic for a PDF link farm. It contains 32 external PDF links, all pointing to the same domain, suggesting an attempt at SEO manipulation or a distribution point for further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of intent beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/enjoyment-of-music-ninth-edition-shorter-version.pdf
    • http://www.gorillawalker.com/black-beak-s-revenge-the-black-beak-pirate-saga-book.pdf
    • http://www.gorillawalker.com/the-elements-of-eloquence-secrets-of-the-perfect-turn-of.pdf
    • http://www.gorillawalker.com/easy-smoothies-juices-simply-delicious-recipes-for-goodness-in-a.pdf
    • http://www.gorillawalker.com/propaganda-gothic-chronicle-no-21-spring-1994-paperback.pdf
    • http://www.gorillawalker.com/el-gorrion-de-la-lengua-cortada-the-tongue-cut-sparrow.pdf
    • http://www.gorillawalker.com/ancient-puebloan-southwest-case-studies-in-early-societies.pdf
    • http://www.gorillawalker.com/dark-journey-star-wars-the-new-jedi-order-10.pdf
    • http://www.gorillawalker.com/oral-and-implant-surgery-principles-and-procedures.pdf
    • http://www.gorillawalker.com/progenitor.pdf
    • http://www.gorillawalker.com/numbers-baby-basics.pdf
    • http://www.gorillawalker.com/hidden-history-of-lincoln-park.pdf
    • http://www.gorillawalker.com/savoir-fare-london-stylish-and-affordable-dining-savoir-fare-guides.pdf
    • http://www.gorillawalker.com/women-s-glasnost-vs-naglost-stopping-russian-backlash.pdf
    • http://www.gorillawalker.com/solutions-advanced-student-s-book.pdf
    • http://www.gorillawalker.com/moveable-assets-kindle-edition.pdf
    • http://www.gorillawalker.com/the-decline-of-the-german-mandarins-the-german-academic-community.pdf
    • http://www.gorillawalker.com/love-like-falling.pdf
    • http://www.gorillawalker.com/country-music-hall-of-fame-photos-stories-and-28-songs.pdf
    • http://www.gorillawalker.com/zinester-s-guide-to-portland-a-low-no-budget-guide.pdf
    • http://www.gorillawalker.com/highland-thunder-isle-of-mull-series-book-2-unabridged-audible.pdf
    • http://www.gorillawalker.com/the-gauntlet.pdf
    • http://www.gorillawalker.com/over-salad-and-hot-bread-what-an-old-friend-taught.pdf
    • http://www.gorillawalker.com/young-earth-creationists-of-the-world-unite-intelligent-design-an.pdf
    • http://www.gorillawalker.com/the-nonviolent-coming-of-god.pdf
    • http://www.gorillawalker.com/people-of-faith-slavery-and-african-catholics-in-eighteenth-century.pdf
    • http://www.gorillawalker.com/adventure-time-banana-guard-academy-vol-1.pdf
    • http://www.gorillawalker.com/symphony-no-7.pdf
    • http://www.gorillawalker.com/up-from-slavery-norton-critical-editions.pdf
    • http://www.gorillawalker.com/captain-america-by-jack-kirby-vol-1-madbomb.pdf
    • http://www.gorillawalker.com/first-motorcycles-the-illustrated-history-of-the-motorcycle-no-1.pdf
    • http://www.gorillawalker.com/lord-returns-to-reign-the-sab-sheet-music-sheet-music.pdf
    • http://www.gorillawalker.com/toothless-the-adult-gourmet-soft-food-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/hong-kong-city-map-by-hema-english-spanish-french-italian.pdf
    • http://www.gorillawalker.com/bearing-witness-to-epiphany-persons-things-and-the-nature-of.pdf
    • http://www.gorillawalker.com/james-through-the-centuries.pdf
    • http://www.gorillawalker.com/iggy-loomis-superkid-in-training.pdf
    • http://www.gorillawalker.com/supporting-communication-for-adults-with-acute-and-chronic-aphasia-augmentative.pdf
    • http://www.gorillawalker.com/timbuktu.pdf
    • http://www.gorillawalker.com/workplace-plus-level-2-student-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.