Malicious PDF — malware analysis report

Static analysis result for SHA-256 153d9df2771c677e…

MALICIOUS

PDF

42.9 KB Created: 2018-12-14 20:33:47 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: bdd49c05e8c8c76747675fe17ec2bb5e SHA-1: 8b33c72dc8441872cf91eae25c940059ca829fb4 SHA-256: 153d9df2771c677ecbc60803976a66315ecc0135f97ee9480b815bf339524ccb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. These links point to various PDF files hosted on 'gorillawalker.com'. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the distribution of a large number of links, potentially for SEO manipulation or to serve as a lure for further malicious downloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-mind-s-ear-exercises-for-improving-the-musical-imagination.pdf
    • http://www.gorillawalker.com/desde-la-ventana-enfoque-femenino-de-la-literatura-espanola-espasa.pdf
    • http://www.gorillawalker.com/from-heaven-lake-travels-through-sinkiang-and-tibet-from-heaven.pdf
    • http://www.gorillawalker.com/effective-prayer.pdf
    • http://www.gorillawalker.com/horace-satire-1-9-the-boor.pdf
    • http://www.gorillawalker.com/the-pen-and-ink-book-materials-and-techniques-for-today.pdf
    • http://www.gorillawalker.com/todo-argentina-los-100-mejores-lugares-spanish-edition.pdf
    • http://www.gorillawalker.com/pathfinder-module-the-witchwar-legacy.pdf
    • http://www.gorillawalker.com/cats-big-small-beyond-projects-the-cf-sculpture-series-book.pdf
    • http://www.gorillawalker.com/sexting-a-woman-s-guide-to-sexting-sexting-for-women.pdf
    • http://www.gorillawalker.com/alternate-generals-iii.pdf
    • http://www.gorillawalker.com/captivating-cats-counted-cross-stitch-book-63.pdf
    • http://www.gorillawalker.com/medical-terminology-online-for-medical-terminology-anatomy-for-icd-10.pdf
    • http://www.gorillawalker.com/minecraft-flash-and-bones-and-the-wild-west-frontier-the.pdf
    • http://www.gorillawalker.com/johnny-delgado-private-detective.pdf
    • http://www.gorillawalker.com/the-microcosm-within-evolution-and-extinction-in-the-hologenome.pdf
    • http://www.gorillawalker.com/richmond-swaledale-through-time-kindle-edition.pdf
    • http://www.gorillawalker.com/the-wealth-of-ideas-why-we-need-free-trade-in.pdf
    • http://www.gorillawalker.com/landscape-irrigation-design-and-management.pdf
    • http://www.gorillawalker.com/why-i-m-like-this-true-stories-p-s.pdf
    • http://www.gorillawalker.com/commentary-on-ovid-epistulae-ex-ponto-book-i-oxford-classical.pdf
    • http://www.gorillawalker.com/by-cherie-rebar-understanding-nursing-research-using-research-in-evidence.pdf
    • http://www.gorillawalker.com/neues-leben-op-278-keyboard-conductor-score-qty-2-a6612.pdf
    • http://www.gorillawalker.com/teen-cinders-kindle-edition.pdf
    • http://www.gorillawalker.com/panama-and-the-canal-in-picture-and-prose-a-complete.pdf
    • http://www.gorillawalker.com/albatros-d-x.pdf
    • http://www.gorillawalker.com/application-of-vegetation-science-to-grassland-husbandry-handbook-of-vegetation.pdf
    • http://www.gorillawalker.com/psychology-research-summaries.pdf
    • http://www.gorillawalker.com/the-most-delicious-libyan-recipes-1-top-10-step-by.pdf
    • http://www.gorillawalker.com/in-the-spirit-of-cannes-from-a-to-z.pdf
    • http://www.gorillawalker.com/ibm-and-the-holocaust-the-strategic-alliance-between-nazi-germany.pdf
    • http://www.gorillawalker.com/the-boar-of-erymanthus-the-legend-of-herakles-book-5.pdf
    • http://www.gorillawalker.com/call-me-elizabeth-wife-mother-escort.pdf
    • http://www.gorillawalker.com/against-all-tyranny-essays-on-anarchism-in-brazil-kate-sharpley.pdf
    • http://www.gorillawalker.com/frank-lloyd-wright-oak-park-studio-skylight-100-piece-puzzle.pdf
    • http://www.gorillawalker.com/liturgy-and-hymns-for-the-use-of-the-protestant-church.pdf
    • http://www.gorillawalker.com/accounting-executive-passbooks-career-examination-ser.pdf
    • http://www.gorillawalker.com/ready-to-use-human-biology-health-activities-for-grades-5.pdf
    • http://www.gorillawalker.com/jeremiah-a-commentary.pdf
    • http://www.gorillawalker.com/emory-s-gift-a-novel.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.