Malicious PDF — malware analysis report

Static analysis result for SHA-256 1ced88c72ef4db02…

MALICIOUS

PDF

44.0 KB Created: 2018-11-30 01:49:06 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 11524fc4bd714e086419d33f22220baa SHA-1: 414574997756815b3396661e1a513997e8012a6c SHA-256: 1ced88c72ef4db0278a7854c6adb07cb8fefb8fa57a49d62fc11e6f926d56329
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a vast collection of links hosted on 'gorillawalker.com'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chants-de-mihyar-le-damasc-ne.pdf
    • http://www.gorillawalker.com/introduction-to-business-statistics-a-microsoft-excel-integrated-approach.pdf
    • http://www.gorillawalker.com/11-practice-papers-maths-pack-1-multiple-choice-maths-test.pdf
    • http://www.gorillawalker.com/blues-standards-ukulele-play-along-vol-19-book-cd.pdf
    • http://www.gorillawalker.com/5th-edition-pmp-pmbok-practice-exam-w-solutions-project-risk.pdf
    • http://www.gorillawalker.com/how-to-build-a-cheap-hot-rod-motorbooks-workshop.pdf
    • http://www.gorillawalker.com/the-life-and-voyages-of-christopher-columbus-two-volumes-in.pdf
    • http://www.gorillawalker.com/vermont-a-guide-to-the-green-mountain-state.pdf
    • http://www.gorillawalker.com/combustion-third-edition.pdf
    • http://www.gorillawalker.com/das-ukulelen-songbook.pdf
    • http://www.gorillawalker.com/zen-and-the-art-of-anything-third-edition.pdf
    • http://www.gorillawalker.com/china-doesn-t-exist-comparative-observation-of-the-reality-in.pdf
    • http://www.gorillawalker.com/hanging-on-2-surreal-neal-awakenings-6-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/the-four-musketeers-the-true-story-of-d-artagnan-porthos.pdf
    • http://www.gorillawalker.com/basic-nursing-theory-and-technology.pdf
    • http://www.gorillawalker.com/omega-dragon-children-of-the-bard-book-4.pdf
    • http://www.gorillawalker.com/growing-up-how-to-be-a-disciple-who-makes-disciples.pdf
    • http://www.gorillawalker.com/knives-2015-the-world-s-greatest-knife-book.pdf
    • http://www.gorillawalker.com/why-societies-need-dissent-oliver-wendell-holmes-lectures.pdf
    • http://www.gorillawalker.com/islamism-and-islam.pdf
    • http://www.gorillawalker.com/the-solo-traveler-s-handbook-2nd-edition-by-waugh-janice.pdf
    • http://www.gorillawalker.com/travel-journal-philippines.pdf
    • http://www.gorillawalker.com/how-do-video-games-affect-society-video-games-and-society.pdf
    • http://www.gorillawalker.com/talking-new-orleans-music-crescent-city-musicians-talk-about-their.pdf
    • http://www.gorillawalker.com/the-memory-of-water-homoeopathy-and-the-battle-of-ideas.pdf
    • http://www.gorillawalker.com/disaster-nursing-and-emergency-preparedness-for-chemical-biological-and-radiological.pdf
    • http://www.gorillawalker.com/por-el-culo-pol.pdf
    • http://www.gorillawalker.com/the-monocle-guide-to-good-business.pdf
    • http://www.gorillawalker.com/zombies-2012-calendar.pdf
    • http://www.gorillawalker.com/shades-of-blue-writers-on-depression-suicide-and-feeling-blue.pdf
    • http://www.gorillawalker.com/gnosticism-and-simonianism.pdf
    • http://www.gorillawalker.com/conservacion-de-bienes-culturales-conservation-of-cultural-property-teoria-historia.pdf
    • http://www.gorillawalker.com/the-miracle-on-hawthorne-hill-a-history-of-the-medical.pdf
    • http://www.gorillawalker.com/the-building-of-the-kosmos-other-lectures-by-besant-annie.pdf
    • http://www.gorillawalker.com/elemental-geosystems-5th-fifth-edition-bychristopherson.pdf
    • http://www.gorillawalker.com/behavioral-addictions-criteria-evidence-and-treatment.pdf
    • http://www.gorillawalker.com/a-short-selection-of-poetry-russian-edition.pdf
    • http://www.gorillawalker.com/effective-management-of-foreign-exchange-a-corporate-treasurer-s-guide.pdf
    • http://www.gorillawalker.com/how-to-make-your-muscle-car-handle-performance-how-to.pdf
    • http://www.gorillawalker.com/the-orphan-a-cinderella-story-from-greece.pdf
    • http://www.gorillawalker.com/the-life-and-voyages-of-christopher-columbus-two-volumes-in
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.