Malicious PDF — malware analysis report

Static analysis result for SHA-256 1bbb8e4e36960ff7…

MALICIOUS

PDF

34.5 KB Created: 2020-01-10 17:21:04 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: 6076e3034dcc0b20a155414a6ead04d7 SHA-1: 349e7d706f3f6b3b5934984bcf42ec900ad98908 SHA-256: 1bbb8e4e36960ff73dec34ce6edc2e483392b8d1aba706a2252dedede909adb5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the distribution of a large number of links, likely for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fox-and-fluff.pdf
    • http://www.gorillawalker.com/safe-microscopic-techniques-for-amateurs-slide-mounting.pdf
    • http://www.gorillawalker.com/the-artist-blueprint-plan-craft-a-successful-art-business.pdf
    • http://www.gorillawalker.com/cfa-level-1-question-bank.pdf
    • http://www.gorillawalker.com/the-pcos-workbook-your-guide-to-complete-physical-and-emotional.pdf
    • http://www.gorillawalker.com/new-baby-care-a-practical-guide-to-the-first-three.pdf
    • http://www.gorillawalker.com/malaysia-singapore-eyewitness-travel-guide-eyewitness-travel-guides-paperback-common.pdf
    • http://www.gorillawalker.com/johnny-grav-the-visioneer-in-twilight-rising-the-origin-of.pdf
    • http://www.gorillawalker.com/jane-austen-fashion-fashion-and-needlework-in-the-works-of.pdf
    • http://www.gorillawalker.com/analytical-pyrolysis-of-synthetic-organic-polymers-volume-25-techniques-and.pdf
    • http://www.gorillawalker.com/fingerpicking-latin-favorites.pdf
    • http://www.gorillawalker.com/principles-of-biochemistry.pdf
    • http://www.gorillawalker.com/katz-of-hinterland.pdf
    • http://www.gorillawalker.com/tics-and-tourette-syndrome-a-handbook-for-parents-and-professionals.pdf
    • http://www.gorillawalker.com/waltz-no-6-db-major-op-64-no-1-sheet.pdf
    • http://www.gorillawalker.com/david-busch-s-canon-eos-70d-guide-to-digital-slr.pdf
    • http://www.gorillawalker.com/drover-s-secret-life-hank-the-cowdog-quality.pdf
    • http://www.gorillawalker.com/deviant-bodies-critical-perspectives-on-difference-in-science-and-popular.pdf
    • http://www.gorillawalker.com/heart-of-compassion-the-vocation-of-woman-today.pdf
    • http://www.gorillawalker.com/the-boy-who-defied-his-karma.pdf
    • http://www.gorillawalker.com/understanding-risk-management-and-compliance-what-is-different-after-monday.pdf
    • http://www.gorillawalker.com/the-kidney-and-hypertension-in-pregnancy.pdf
    • http://www.gorillawalker.com/high-temperature-superconductivity-2.pdf
    • http://www.gorillawalker.com/research-design-qualitative-quantitative-and-mixed-methods-approaches-2nd-edition.pdf
    • http://www.gorillawalker.com/so-much-reform-so-little-change-the-persistence-of-failure.pdf
    • http://www.gorillawalker.com/living-architecture-green-roofs-and-walls.pdf
    • http://www.gorillawalker.com/scrumban-essays-on-kanban-systems-for-lean-software-development-modus.pdf
    • http://www.gorillawalker.com/le-parfait-secretaire-french-edition.pdf
    • http://www.gorillawalker.com/high-sensitivity-probes-for-silicon-vlsi-internal-node-testing.pdf
    • http://www.gorillawalker.com/heartprints.pdf
    • http://www.gorillawalker.com/monterey-peninsula.pdf
    • http://www.gorillawalker.com/we-re-there-boston.pdf
    • http://www.gorillawalker.com/same-game-new-rules-23-timeless-principles-for-selling-and.pdf
    • http://www.gorillawalker.com/lonely-planet-nova-scotia-new-brunswick-prince-edward-island-travel.pdf
    • http://www.gorillawalker.com/the-diamond-sutra-the-infinite-life-sutra-kindle-edition.pdf
    • http://www.gorillawalker.com/perfectly-paleo-baked-treats-and-dessert-cookbook-indulgent-paleo-cooking.pdf
    • http://www.gorillawalker.com/whisper-to-the-blood-kate-shugak-series-16.pdf
    • http://www.gorillawalker.com/focus-on-nursing-pharmacology-5e-and-lippincott-s-interactive-tutorials.pdf
    • http://www.gorillawalker.com/sculptors-and-sculpture-of-caria-and-the-dodecanese.pdf
    • http://www.gorillawalker.com/against-racism-unpublished-essays-papers-addresses-1887-1961.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.