Malicious PDF — malware analysis report

Static analysis result for SHA-256 0e29a752783b451e…

MALICIOUS

PDF

45.6 KB Created: 2018-11-26 20:06:46 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: 407e2647ce113e754a17afcbaea6d999 SHA-1: 8296204b10821ce2294908d519d05f253039f0ff SHA-256: 0e29a752783b451e6e72b4247a4cb11c7efffc7206ea1b6f11301bf48d13fb48
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links points to a malicious intent to drive traffic to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bush-war-the-road-to-cuito-cuanavale.pdf
    • http://www.gorillawalker.com/george-clarke-s-home-bible-cellars-and-basements.pdf
    • http://www.gorillawalker.com/precalculus-functions-and-graphics.pdf
    • http://www.gorillawalker.com/pathophysiology-pretest-self-assessment-and-review-pretest-self-assessment-and.pdf
    • http://www.gorillawalker.com/analysing-seasonal-health-data-statistics-for-biology-and-health.pdf
    • http://www.gorillawalker.com/child-and-adolescent-psychiatric-clinics-of-north-america-dissociative-identity.pdf
    • http://www.gorillawalker.com/the-littlest-levine-passover.pdf
    • http://www.gorillawalker.com/alexander-calder-animal-sketching.pdf
    • http://www.gorillawalker.com/controlling-the-difficult-adolescent-the-rest-program-the-real-economy.pdf
    • http://www.gorillawalker.com/networking-quick-start-guide-routing-switching-wireless-and-application-services.pdf
    • http://www.gorillawalker.com/the-adolescent-psychotherapy-treatment-planner.pdf
    • http://www.gorillawalker.com/the-dirt-on-pigpen.pdf
    • http://www.gorillawalker.com/alphabeasties-and-other-amazing-types.pdf
    • http://www.gorillawalker.com/how-to-make-ice-cream-an-illustrated-step-by-step.pdf
    • http://www.gorillawalker.com/mensajeros-del-alba-spanish-edition.pdf
    • http://www.gorillawalker.com/mississippi-facts-and-symbols-states-and-their-symbols.pdf
    • http://www.gorillawalker.com/mark-s-sketchbook-of-christ.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-assault-weapons.pdf
    • http://www.gorillawalker.com/a-christmas-kiss.pdf
    • http://www.gorillawalker.com/the-analysis-of-defense-the-ego-the-mechanisms-of-defense.pdf
    • http://www.gorillawalker.com/captured-by-the-barbarian-cilla-part-1-captured-by-the.pdf
    • http://www.gorillawalker.com/history-and-souvenir-of-st-paul-s-reformed-church-bismarck.pdf
    • http://www.gorillawalker.com/northwest-smartgarden-regional-guides.pdf
    • http://www.gorillawalker.com/essential-songs-more-of-the-1950s-hal-leonard-essential-songs.pdf
    • http://www.gorillawalker.com/naturalist-in-the-river-the-life-and-early-writings-of.pdf
    • http://www.gorillawalker.com/help-me-stop-snoring-or-someone-you-love-kindle-edition.pdf
    • http://www.gorillawalker.com/the-antichrist-the-most-evil-man-that-ever-lived-kindle.pdf
    • http://www.gorillawalker.com/beginning-and-intermediate-algebra-an-integrated-approach-6th-edition-by.pdf
    • http://www.gorillawalker.com/little-critter-the-fall-festival-my-first-i-can-read.pdf
    • http://www.gorillawalker.com/beijinger-in-new-york.pdf
    • http://www.gorillawalker.com/zingo-sight-words-grades-pre-k-1.pdf
    • http://www.gorillawalker.com/the-texas-renegade-returns-mills-boon-desire-texas-cattleman-s.pdf
    • http://www.gorillawalker.com/the-fall-of-troy-conductor-score-eighth-note-publications.pdf
    • http://www.gorillawalker.com/texture-of-the-nervous-system-of-man-and-the-vertebrates.pdf
    • http://www.gorillawalker.com/stop-smoking-daddy-a-12-step-program-to-living-a.pdf
    • http://www.gorillawalker.com/fundamentos-de-fisiologia-de-la-actividad-fisica-y-el-deporte.pdf
    • http://www.gorillawalker.com/how-to-hack-wifi-or-a-protected-wireless-network.pdf
    • http://www.gorillawalker.com/rhineland-palatinate-saarland-hessen-frankfurt-kf-de-05.pdf
    • http://www.gorillawalker.com/math-made-easy-combinations-and-permutations.pdf
    • http://www.gorillawalker.com/waxing-and-care-of-cross-country-skis.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.