Malicious PDF — malware analysis report

Static analysis result for SHA-256 236e3ecd57a1a35c…

MALICIOUS

PDF

33.5 KB Created: 2020-01-10 17:21:17 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: d3f4e5cee39adab7c264ec3b5db343ce SHA-1: d21207c2eb328c6805b6635c03629db697a86144 SHA-256: 236e3ecd57a1a35c014279db63a35f1b84d72e4d72ca9e53f1d0e741e6d0fe2f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/code-of-federal-regulations-title-12-parts-600-899-bank.pdf
    • http://www.gorillawalker.com/tricotons-pour-nos-bouts-de-choux-mod-les-de-tricot.pdf
    • http://www.gorillawalker.com/normandy-and-brittany-guide-to-the-seaside-resorts-and-places.pdf
    • http://www.gorillawalker.com/tasty-chicken-recipes-excellent-grilled-chicken-recipes-all-things-chicken.pdf
    • http://www.gorillawalker.com/myth-religion-and-society.pdf
    • http://www.gorillawalker.com/the-few-fight-for-the-skies-images-of-war.pdf
    • http://www.gorillawalker.com/working-in-photography-how-to-obtain-the-right-qualifications-training.pdf
    • http://www.gorillawalker.com/habits-of-sin.pdf
    • http://www.gorillawalker.com/cuentos-latinoamericanos-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-tell-the-difference-a-guide-to-evaluating-children.pdf
    • http://www.gorillawalker.com/microprocessor-architecture-programming-and-applications-with-the-8085-5th-edition.pdf
    • http://www.gorillawalker.com/a-hacker-never-has-a-bad-lie-true-golf-stories.pdf
    • http://www.gorillawalker.com/middle-east-with-central-asia-and-north-africa.pdf
    • http://www.gorillawalker.com/50-rules-kids-won-t-learn-in-school-real-world.pdf
    • http://www.gorillawalker.com/the-arrest-of-ships-in-private-international-law-oxford-private.pdf
    • http://www.gorillawalker.com/concepts-of-disability-income-insurance-kindle-edition.pdf
    • http://www.gorillawalker.com/the-elements-of-expression-putting-thoughts-into-words-revised-and.pdf
    • http://www.gorillawalker.com/civil-affairs-in-unconventional-warfare.pdf
    • http://www.gorillawalker.com/anvil-tax-guide-an-ex-irs-auditor-s-tips-to.pdf
    • http://www.gorillawalker.com/critical-aesthetics-and-postmodernism.pdf
    • http://www.gorillawalker.com/top-gear-where-s-stig-import-publisher-bbc-books.pdf
    • http://www.gorillawalker.com/football-traumatology-new-trends.pdf
    • http://www.gorillawalker.com/asymmetric-sailing.pdf
    • http://www.gorillawalker.com/twenty-more-problem-solving-skills-for-mathcounts-competitions.pdf
    • http://www.gorillawalker.com/alquimia-fria-dry-martini-historias-leyendas-y-recetas-originales-spanish.pdf
    • http://www.gorillawalker.com/fossils-a-guide-to-prehistoric-life.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-365-vegetarian-meals.pdf
    • http://www.gorillawalker.com/the-remembered-present-a-biological-theory-of-consciousness.pdf
    • http://www.gorillawalker.com/eliza-visits-martha-s-vineyard.pdf
    • http://www.gorillawalker.com/the-river-bank-and-other-stories-from-the-wind-in.pdf
    • http://www.gorillawalker.com/gung-lik-kune-kung-fu-manual.pdf
    • http://www.gorillawalker.com/suicide-prevention-in-the-schools-guidelines-for-middle-and-high.pdf
    • http://www.gorillawalker.com/the-anytime-bible.pdf
    • http://www.gorillawalker.com/golden-filly-collection-1.pdf
    • http://www.gorillawalker.com/unequal-affections-a-pride-and-prejudice-retelling-kindle-edition.pdf
    • http://www.gorillawalker.com/african-swine-fever-virus-virology-monographs.pdf
    • http://www.gorillawalker.com/airbrushing-basics.pdf
    • http://www.gorillawalker.com/encyclopedia-of-freemasonry-m-z.pdf
    • http://www.gorillawalker.com/one-hundred-demons.pdf
    • http://www.gorillawalker.com/lady-of-the-highlands.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.