Malicious PDF — malware analysis report

Static analysis result for SHA-256 121fc1daf03e89a8…

MALICIOUS

PDF

42.1 KB Created: 2018-12-15 08:34:52 +03:00 Authoring application: Pscript.dll Version 5.0 (via AFPL Ghostscript 8.50)
MD5: 9dca4cbaaf5aa44fc8b5b5050a9abb6b SHA-1: 161f7790d837c918f55ee0ff717cb7d9e3af5e0c SHA-256: 121fc1daf03e89a834a538a754658e5107aed6730d72d6f77ea63da28bae73ed
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were explicitly extracted, the nature of the embedded links suggests an attempt to direct users to a potentially malicious website or to manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quality-control-and-industrial-statistics-third-edition.pdf
    • http://www.gorillawalker.com/anatomy-of-torts-the-core-definitions-rules-and-arguments-in.pdf
    • http://www.gorillawalker.com/concerto-for-2-violins-twv-52-c2-full-score-a6764.pdf
    • http://www.gorillawalker.com/the-french-polity.pdf
    • http://www.gorillawalker.com/world-religions-eastern-traditions-3rd-edition.pdf
    • http://www.gorillawalker.com/cases-materials-and-text-on-legal-problems-of-international-economic.pdf
    • http://www.gorillawalker.com/essentials-of-public-health-communication-essential-public-health.pdf
    • http://www.gorillawalker.com/around-the-clock-parenting-the-delayed-adhd-child-vhs-tape.pdf
    • http://www.gorillawalker.com/weight-measure-up-math.pdf
    • http://www.gorillawalker.com/what-to-drink-with-what-you-eat-the-definitive-guide.pdf
    • http://www.gorillawalker.com/human-exceptionality-school-community-and-family.pdf
    • http://www.gorillawalker.com/the-cruel-ever-after-jane-lawless-mysteries-series-book-18.pdf
    • http://www.gorillawalker.com/practical-management-for-charge-nurses.pdf
    • http://www.gorillawalker.com/wild-dogs-under-my-skirt.pdf
    • http://www.gorillawalker.com/genomic-medicine-from-personalized-healthcare-to-public-health-woodhead-publishing.pdf
    • http://www.gorillawalker.com/do-over-rescue-monday-reinvent-your-work-and-never-get.pdf
    • http://www.gorillawalker.com/f-is-for-farm-baby-touch-and-feel.pdf
    • http://www.gorillawalker.com/remington-the-complete-prints.pdf
    • http://www.gorillawalker.com/tales-told-in-holland.pdf
    • http://www.gorillawalker.com/supervising-child-protective-services-caseworkers.pdf
    • http://www.gorillawalker.com/acne-giving-up-roaccutane-choosing-health-healthy-skin-care-secrets.pdf
    • http://www.gorillawalker.com/tomatoes-and-tomato-products-nutritional-medicinal-and-therapeutic-properties.pdf
    • http://www.gorillawalker.com/places-persons.pdf
    • http://www.gorillawalker.com/renaissance-the-power-of-the-gospel-however-dark-the-times.pdf
    • http://www.gorillawalker.com/dealing-with-disaster-in-japan-responses-to-the-flight-jl123.pdf
    • http://www.gorillawalker.com/manual-of-wigmaking.pdf
    • http://www.gorillawalker.com/r-gimen-de-responsabilidad-por-deudas-privativas-d-spanish-edition.pdf
    • http://www.gorillawalker.com/the-classroom-management-book.pdf
    • http://www.gorillawalker.com/circular-v-1173-b.pdf
    • http://www.gorillawalker.com/destiny-step-into-your-purpose.pdf
    • http://www.gorillawalker.com/pak-chong-hui-ui-sasang-kwa-haengdong-korean-edition.pdf
    • http://www.gorillawalker.com/education-law-principles-policies-practice.pdf
    • http://www.gorillawalker.com/the-gift-of-dyslexia-why-some-of-the-smartest-people.pdf
    • http://www.gorillawalker.com/new-english-canaan-text-notes.pdf
    • http://www.gorillawalker.com/exit-strategy-thinking-outside-the-box.pdf
    • http://www.gorillawalker.com/remember-dippy.pdf
    • http://www.gorillawalker.com/energy-for-rural-development-renewable-resources-and-alternative-technologies-for.pdf
    • http://www.gorillawalker.com/the-faithless-a-political-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/the-love-junk.pdf
    • http://www.gorillawalker.com/chest-imaging-case-atlas.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.