Malicious PDF — malware analysis report

Static analysis result for SHA-256 378c466f32ae909f…

MALICIOUS

PDF

32.9 KB Created: 2020-01-10 17:21:58 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 29ea5484206034b492d8999f9537afb5 SHA-1: bcd428bc004761f6535ee826a448ba4a6030be52 SHA-256: 378c466f32ae909f55bb52edbb9608943adc02e1d56c198006abb275dd76ccac
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a multitude of URLs hosted on www.gorillawalker.com, likely for SEO spam or to serve further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-crossing-place.pdf
    • http://www.gorillawalker.com/asvab-prep-test-biology-review-flash-cards-cram-now-asvab.pdf
    • http://www.gorillawalker.com/the-new-cast-iron-skillet-cookbook-150-fresh-ideas-for.pdf
    • http://www.gorillawalker.com/science-experiments-that-fly-and-move-fun-projects-for-curious.pdf
    • http://www.gorillawalker.com/alaska-climbing-super-topo.pdf
    • http://www.gorillawalker.com/carroll-smith-s-nuts-bolts-fasteners-and-plumbing-handbook-motorbooks.pdf
    • http://www.gorillawalker.com/gold-preise-inflation-arbeitsmaterialien-sozialistischen-studiengruppen-2-german-edition.pdf
    • http://www.gorillawalker.com/the-seduction-of-e-j.pdf
    • http://www.gorillawalker.com/the-middle-voice-mediating-conflict-successfully.pdf
    • http://www.gorillawalker.com/absolute-beginner-s-guide-to-vba.pdf
    • http://www.gorillawalker.com/the-art-of-lawn-tennis.pdf
    • http://www.gorillawalker.com/gay-rights-at-the-ballot-box.pdf
    • http://www.gorillawalker.com/the-basics-of-winning-poker.pdf
    • http://www.gorillawalker.com/butoh-dance-training-secrets-of-japanese-dance-through-the-alishina.pdf
    • http://www.gorillawalker.com/the-wadsworth-guide-to-research.pdf
    • http://www.gorillawalker.com/the-student-editor-s-guide-to-words.pdf
    • http://www.gorillawalker.com/rollei-photography-handbook-for-the-rolleiflex-and-rolleicord-cameras.pdf
    • http://www.gorillawalker.com/improvising-blues-piano.pdf
    • http://www.gorillawalker.com/an-evolving-paradigm-integrative-perspectives-on-organizational-development-change-strategic.pdf
    • http://www.gorillawalker.com/the-wounded-healer-ministry-in-contemporary-society-doubleday-image-book.pdf
    • http://www.gorillawalker.com/tick.pdf
    • http://www.gorillawalker.com/a-narrative-of-life-and-travels-in-mexico-and-british.pdf
    • http://www.gorillawalker.com/conan-volume-6-the-hand-of-nergal.pdf
    • http://www.gorillawalker.com/central-academy-of-fine-arts-oil-painting-still-life-chinese.pdf
    • http://www.gorillawalker.com/integration-processes-and-policies-in-europe-contexts-levels-and-actors.pdf
    • http://www.gorillawalker.com/day-camps-from-day-one-a-hands-on-guide-for.pdf
    • http://www.gorillawalker.com/the-literary-lorgnette-attending-opera-in-imperial-russia.pdf
    • http://www.gorillawalker.com/focused-driven.pdf
    • http://www.gorillawalker.com/church-state-and-society-in-malawi-an-analysis-of-anglican.pdf
    • http://www.gorillawalker.com/my-ipod-touch.pdf
    • http://www.gorillawalker.com/babylon-the-great-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/kick-out-the-jams-motherfuckers-punk-rock-1969-1978-french.pdf
    • http://www.gorillawalker.com/gespr.pdf
    • http://www.gorillawalker.com/ethics-in-victim-services.pdf
    • http://www.gorillawalker.com/shared-by-strangers-cuckold-erotica-hotwife-erotica-domination-submission-10.pdf
    • http://www.gorillawalker.com/halo-fall-of-reach-boot-camp.pdf
    • http://www.gorillawalker.com/doc-fizzix-mousetrap-racers-the-complete-builder-s-manual.pdf
    • http://www.gorillawalker.com/adobe-indesign-cc-on-demand.pdf
    • http://www.gorillawalker.com/models-of-the-kingdom.pdf
    • http://www.gorillawalker.com/dark-demon-the-carpathians-dark-series-book-13.pdf
    • http://www.gorillawalker.com/an-evolving-paradigm-integrative-perspectives-on-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.