Malicious PDF — malware analysis report

Static analysis result for SHA-256 35883dfaf280d95e…

MALICIOUS

PDF

31.7 KB Created: 2020-01-17 19:20:58 +03:00 Authoring application: ESP Ghostscript 815.02
MD5: a393092a898c2f0b48e9b6ac8c34e935 SHA-1: 45337837efebb2c72c9a9eb3424b7b6aee41ed00 SHA-256: 35883dfaf280d95efe62bc36ff9861714563bed2ba474e2344ff519c5173c5da
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8060

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/his-bond-servant.pdf
    • http://www.gorillawalker.com/the-kingdom-power-glory-the-overcomer-s-handbook-the-kingdom.pdf
    • http://www.gorillawalker.com/watercolour-barns-ready-to-paint.pdf
    • http://www.gorillawalker.com/hymn-of-praise-vocal-score-three-solo-voices-and-piano.pdf
    • http://www.gorillawalker.com/the-enemies-of-jupiter-the-roman-mysteries.pdf
    • http://www.gorillawalker.com/extreme-church-makeover.pdf
    • http://www.gorillawalker.com/criminal-violence-patterns-causes-and-prevention-3rd-edition.pdf
    • http://www.gorillawalker.com/the-anchor-us-naval-training-center-san-diego-company-1974.pdf
    • http://www.gorillawalker.com/global-supply-chain-quality-management-product-recalls-and-their-impact.pdf
    • http://www.gorillawalker.com/business-law-today-standard-edition.pdf
    • http://www.gorillawalker.com/hero-ego-in-search-of-self-a-jungian-reading-of.pdf
    • http://www.gorillawalker.com/a-faithful-man.pdf
    • http://www.gorillawalker.com/michelin-red-travel-guide-spain-portugal-french.pdf
    • http://www.gorillawalker.com/the-wharton-mba-case-interview-study-guide-volume-ii-wharton.pdf
    • http://www.gorillawalker.com/institutes-of-ecclesiastical-history-v1-ancient-and-modern-1871.pdf
    • http://www.gorillawalker.com/mechanisms-of-drug-action-on-the-nervous-system-cambridge-texts.pdf
    • http://www.gorillawalker.com/a-house-in-the-sky-kindle-edition.pdf
    • http://www.gorillawalker.com/iran-sarzamine-parsian-persian-edition-farsi-edition.pdf
    • http://www.gorillawalker.com/the-world-market-for-atc-equipment-jane-s-special-reports.pdf
    • http://www.gorillawalker.com/expectador-ativo-os-melhores-show-que-assisti-na-vida-portuguese.pdf
    • http://www.gorillawalker.com/gamemastery-module-crucible-of-chaos.pdf
    • http://www.gorillawalker.com/the-human-story.pdf
    • http://www.gorillawalker.com/the-transcendence-of-the-cave-routledge-revivals-sequel-to-the.pdf
    • http://www.gorillawalker.com/the-damned-utd-a-novel.pdf
    • http://www.gorillawalker.com/der-glaube-und-sein-grund-f-h-r-von-frank.pdf
    • http://www.gorillawalker.com/clinical-chemistry-multiple-choice-questions.pdf
    • http://www.gorillawalker.com/vivir-sin-depresiones-spanish-edition.pdf
    • http://www.gorillawalker.com/russia-through-women-s-eyes-autobiographies-from-tsarist-russia-russian.pdf
    • http://www.gorillawalker.com/fender-tm-custom-shop-guitar-2013-box-daily-calendar.pdf
    • http://www.gorillawalker.com/new-orleans-classic-gumbos-and-soups-classic-recipes-series.pdf
    • http://www.gorillawalker.com/handbook-of-small-animal-mri-kindle-edition.pdf
    • http://www.gorillawalker.com/agriculture-biodiversity-and-markets-livelihoods-and-agroecology-in-comparative-perspective.pdf
    • http://www.gorillawalker.com/english-for-nursing-2-course-book-with-cd-rom-vocational.pdf
    • http://www.gorillawalker.com/properties-of-property.pdf
    • http://www.gorillawalker.com/the-spirit-of-the-hunt.pdf
    • http://www.gorillawalker.com/robots-unleashed.pdf
    • http://www.gorillawalker.com/and-a-time-to-dance.pdf
    • http://www.gorillawalker.com/managing-intellectual-capital-in-libraries-beyond-the-balance-sheet-chandos.pdf
    • http://www.gorillawalker.com/whatever-it-takes-the-true-story-of-a-fan-making.pdf
    • http://www.gorillawalker.com/raf-simons.pdf
    • http://www.gorillawalker.com/michelin-re
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.