Malicious PDF — malware analysis report

Static analysis result for SHA-256 2baa01343ee0a3f9…

MALICIOUS

PDF

32.7 KB Created: 2020-01-17 19:19:52 +03:00 Authoring application: - (via GNU Ghostscript 6.53)
MD5: 8fa5141a20db3f3287d48dd62e621500 SHA-1: bbcb815d66401003d7e3fb7618b2541e406fec7a SHA-256: 2baa01343ee0a3f9b6df74786184b4196ec3cfa401b505ce1ddacd206e921bb8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, constituting a link farm. This is indicative of a SEO poisoning or traffic redirection scheme, likely intended to lead users to malicious websites or phishing pages. The ML classifier also flagged this PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kit-play-scenes-paper-dolls-american-girl.pdf
    • http://www.gorillawalker.com/daily-devotions-for-lent-2015-living-gospel.pdf
    • http://www.gorillawalker.com/lost-souls-of-the-river-kwai.pdf
    • http://www.gorillawalker.com/puzzled-indemnity-a-puzzle-lady-mystery.pdf
    • http://www.gorillawalker.com/command-line-kung-fu-bash-scripting-tricks-linux-shell-programming.pdf
    • http://www.gorillawalker.com/the-breath-art-of-meditation.pdf
    • http://www.gorillawalker.com/from-jay-z-to-jesus-reaching-and-teaching-young-adults.pdf
    • http://www.gorillawalker.com/unofficial-niall-horan-trivia-slumber-party-quiz-game-super-pack.pdf
    • http://www.gorillawalker.com/candy-licker-by-noire-paperback.pdf
    • http://www.gorillawalker.com/how-to-read-schematics-paperback.pdf
    • http://www.gorillawalker.com/analysis-of-tentative-seismic-design-provisions-for-buildings-nbs-technical.pdf
    • http://www.gorillawalker.com/active-assessment-for-active-science-a-guide-for-elementary-school.pdf
    • http://www.gorillawalker.com/the-10-greatest-accidental-inventions-10-franklin-watts.pdf
    • http://www.gorillawalker.com/military-planes-flying-machines.pdf
    • http://www.gorillawalker.com/inventions-thematic-unit-thematic-units.pdf
    • http://www.gorillawalker.com/the-pragmatic-philosophy-of-c-s-peirce.pdf
    • http://www.gorillawalker.com/minerals-and-gemstones-expert-guides.pdf
    • http://www.gorillawalker.com/aids-to-undergraduate-medicine.pdf
    • http://www.gorillawalker.com/time-management-for-lawyers.pdf
    • http://www.gorillawalker.com/killing-them-softly-cogan-s-trade-movie-tie-in-edition.pdf
    • http://www.gorillawalker.com/the-everything-kids-astronomy-book-blast-into-outer-space-with.pdf
    • http://www.gorillawalker.com/dark-of-the-forest-through-the-black-gates-tentacles-paranormal.pdf
    • http://www.gorillawalker.com/the-prince-of-tennis-1-spanish-edition.pdf
    • http://www.gorillawalker.com/history-of-wwi-gallipoli-the-middle-east-from-the-dardanelles.pdf
    • http://www.gorillawalker.com/identifying-and-treating-blockages-to-healing-new-approaches-to-therapy.pdf
    • http://www.gorillawalker.com/the-shadow-of-the-volcano-shadows-from-the-past-book.pdf
    • http://www.gorillawalker.com/historia-antigua-de-mejico-la-publica-con-varias-notas-y.pdf
    • http://www.gorillawalker.com/electrical-engineering-an-introduction-the-oxford-series-in-electrical-and.pdf
    • http://www.gorillawalker.com/the-aspiration-prayer-of-mahamudra.pdf
    • http://www.gorillawalker.com/pieces-of-the-personality-puzzle-readings-in-theory-and-research.pdf
    • http://www.gorillawalker.com/the-bible-old-and-new-testaments-king-james-version-kindle.pdf
    • http://www.gorillawalker.com/clinical-negligence-a-practitioner-s-handbook.pdf
    • http://www.gorillawalker.com/how-well-does-your-child-write-a-step-by-step.pdf
    • http://www.gorillawalker.com/jaguars-world-s-strongest-cats-dangerous-cats.pdf
    • http://www.gorillawalker.com/survival-communications-in-new-york-capital-district-east.pdf
    • http://www.gorillawalker.com/the-central-division-above-the-rim.pdf
    • http://www.gorillawalker.com/foundations-of-infinitesimal-stochastic-analysis.pdf
    • http://www.gorillawalker.com/the-stress-management-workbook-a-teach-yourself-guide-teach-yourself.pdf
    • http://www.gorillawalker.com/a-commentary-on-the-depiction-of-prophet-muhammad-shama-il.pdf
    • http://www.gorillawalker.com/geometry-for-enjoyment-and-challenge.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.