Malicious PDF — malware analysis report

Static analysis result for SHA-256 20754e8206a470f3…

MALICIOUS

PDF

39.6 KB Created: 2018-11-26 20:06:37 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: bd6212871e0896a12f6726a43dd5519c SHA-1: 14b48485c092ade6a9483728fbc8297b026bdf65 SHA-256: 20754e8206a470f31177b7f71badef72db645311ea050b950cfe64573d3f52f4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high confidence score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sleepy-boy.pdf
    • http://www.gorillawalker.com/john-patrick-s-video-poker-the-complete-guide-to-playing.pdf
    • http://www.gorillawalker.com/questioning-gender-a-sociological-exploration.pdf
    • http://www.gorillawalker.com/absolutely-normal-chaos.pdf
    • http://www.gorillawalker.com/art-nouveau-2014-calendar.pdf
    • http://www.gorillawalker.com/le-frisson-de-l-meute-violences-urbaines-et-banlieues-essais.pdf
    • http://www.gorillawalker.com/how-to-homeschool-a-practical-approach.pdf
    • http://www.gorillawalker.com/mathematical-modelling-of-weld-phenomena-3-matsci.pdf
    • http://www.gorillawalker.com/the-sam-abell-library-the-photography-of-places.pdf
    • http://www.gorillawalker.com/grow-it-heal-it-natural-and-effective-herbal-remedies-from.pdf
    • http://www.gorillawalker.com/pacific-coast-highway-hotels-2013.pdf
    • http://www.gorillawalker.com/piracy-on-the-high-seas-at-issue-series.pdf
    • http://www.gorillawalker.com/art-of-darkness-a-poetics-of-gothic.pdf
    • http://www.gorillawalker.com/brandstand-strategies-for-retail-brand-building.pdf
    • http://www.gorillawalker.com/coding-and-information-theory.pdf
    • http://www.gorillawalker.com/morvern-callar.pdf
    • http://www.gorillawalker.com/copy-copy-copy-how-to-do-smarter-marketing-by-using.pdf
    • http://www.gorillawalker.com/international-insurance-law-and-regulation.pdf
    • http://www.gorillawalker.com/noah-s-ark-little-lamb.pdf
    • http://www.gorillawalker.com/william-hutt-a-theatre-portrait.pdf
    • http://www.gorillawalker.com/the-disciplined-life-the-mark-of-christian-maturity.pdf
    • http://www.gorillawalker.com/smallville-the-official-companion-season-7-by-byrne-craig-2008.pdf
    • http://www.gorillawalker.com/blood-collector-new-edition-the-blood-born-tales-book-1.pdf
    • http://www.gorillawalker.com/fashion-kitty-versus-the-fashion-queen.pdf
    • http://www.gorillawalker.com/running-for-beginners-step-by-step-guide-for-better-running.pdf
    • http://www.gorillawalker.com/kitty-corner-callie.pdf
    • http://www.gorillawalker.com/fodor-s-caribbean-2002-the-guide-for-all-budgets-updated.pdf
    • http://www.gorillawalker.com/pumps-for-chemical-processing.pdf
    • http://www.gorillawalker.com/ohio-medicaid-expands-medication-assisted-addiction-treatment-policies-open-minds.pdf
    • http://www.gorillawalker.com/michael-schumacher.pdf
    • http://www.gorillawalker.com/the-world-s-best-nude-beaches-and-resorts.pdf
    • http://www.gorillawalker.com/bop-more-box-office-poison.pdf
    • http://www.gorillawalker.com/depressive-disorders-compact-research-diseases-and-disorders.pdf
    • http://www.gorillawalker.com/horticultural-therapy-a-guide-for-all-seasons.pdf
    • http://www.gorillawalker.com/circles-of-silence.pdf
    • http://www.gorillawalker.com/arms-and-legs-fingers-and-toes-my-world-bobbie-kalman.pdf
    • http://www.gorillawalker.com/linear-systems-and-operators-in-hilbert-space-dover-books-on.pdf
    • http://www.gorillawalker.com/lecture-notes-on-newtonian-mechanics-lessons-from-modern-concepts-undergraduate.pdf
    • http://www.gorillawalker.com/clymer-honda-gl-1500-gold-wing-1993-1995.pdf
    • http://www.gorillawalker.com/hiding-from-the-fortune-hunters-the-barbara-cartland-pink-collection.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.