Malicious PDF — malware analysis report

Static analysis result for SHA-256 0c8e728dc97ec373…

MALICIOUS

PDF

43.6 KB Created: 2018-11-26 08:33:50 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 81470e1531340f79657bda1267269b92 SHA-1: f8f32e2295821b83884129d1e739f320e51bde3f SHA-256: 0c8e728dc97ec373891954667606d0ed1d4fbf70fe677d780377e33bf9e26b4a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm designed to direct users to a large volume of content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/economic-and-medicinal-plant-research-volume-6.pdf
    • http://www.gorillawalker.com/mail-order-bride-widowed-and-expecting-historical-western-romance-clean.pdf
    • http://www.gorillawalker.com/betsy-zane-the-rose-of-fort-henry.pdf
    • http://www.gorillawalker.com/boston-eastern-massachusetts-streetfinder.pdf
    • http://www.gorillawalker.com/the-origin-persistence-and-failings-of-hiv-aids-theory.pdf
    • http://www.gorillawalker.com/calendar-2015-flowers-in-the-darkness-kindle-edition.pdf
    • http://www.gorillawalker.com/residential-segregation-in-comparative-perspective-making-sense-of-contextual-diversity.pdf
    • http://www.gorillawalker.com/looking-inside-the-brain-the-power-of-neuroimaging.pdf
    • http://www.gorillawalker.com/origins-of-modern-arabic-fiction-three-continents-press.pdf
    • http://www.gorillawalker.com/the-african-american-heart-surgery-pioneer-the-genius-of-vivien.pdf
    • http://www.gorillawalker.com/the-art-of-redemption.pdf
    • http://www.gorillawalker.com/public-appearances-private-realities-the-psychology-of-self-monitoring-series.pdf
    • http://www.gorillawalker.com/the-life-of-god-as-told-by-himself.pdf
    • http://www.gorillawalker.com/microwave-cooking-library-one-dish-meals.pdf
    • http://www.gorillawalker.com/the-american-plan.pdf
    • http://www.gorillawalker.com/home-health-handbook-3-ring-binder-allergies-skin-cancer-infectious.pdf
    • http://www.gorillawalker.com/great-mandolin-lessons-learn-from-nine-master-players-pour-mandoline.pdf
    • http://www.gorillawalker.com/all-kinds-of-feelings-simplified-chinese.pdf
    • http://www.gorillawalker.com/the-technique-of-psychoanalytic-psychotherapy-theoretical-framework-understanding-the-patients.pdf
    • http://www.gorillawalker.com/inheriting-the-crown-in-jewish-law-the-struggle-for-rabbinic.pdf
    • http://www.gorillawalker.com/guitar-grimoire-chord-scale-compatibility.pdf
    • http://www.gorillawalker.com/exam-facts-leeds-green-associate-exam-study-guide-leeds-green.pdf
    • http://www.gorillawalker.com/rocking-a-secret-corrigan-co-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/bulletin-of-the-virginia-polytechnic-institutte-physics-of-the-solar.pdf
    • http://www.gorillawalker.com/office-discipline-modern-erotic-library.pdf
    • http://www.gorillawalker.com/lippincott-manual-of-nursing-practice-procedures-pda-online-version-powered.pdf
    • http://www.gorillawalker.com/gay-lives-homosexual-autobiography-from-john-addington-symonds-to-paul.pdf
    • http://www.gorillawalker.com/shake-your-head-darling.pdf
    • http://www.gorillawalker.com/seasons-of-sand-sahara-one-man-s-quest-to-save.pdf
    • http://www.gorillawalker.com/introducci-n-a-las-ciencias-sociales-tercera-edici-n-spanish.pdf
    • http://www.gorillawalker.com/space-views-from-hubble-2016-calendar.pdf
    • http://www.gorillawalker.com/genes-and-signals.pdf
    • http://www.gorillawalker.com/core-concepts-set-3.pdf
    • http://www.gorillawalker.com/1948-and-after-aspects-of-israeli-fiction.pdf
    • http://www.gorillawalker.com/conqueror-of-the-seas-the-story-of-magellan-primary-source.pdf
    • http://www.gorillawalker.com/pens-es-pr-sent-par-jean-guitton.pdf
    • http://www.gorillawalker.com/bytes-and-backbeats-repurposing-music-in-the-digital-age-tracking.pdf
    • http://www.gorillawalker.com/understanding-and-applying-the-bible-revised-and-expanded.pdf
    • http://www.gorillawalker.com/la-literatura-de-los-mayas.pdf
    • http://www.gorillawalker.com/garland-including-loud-and-photo.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.