Malicious PDF — malware analysis report

Static analysis result for SHA-256 3fdc1ab6c08dd1f2…

MALICIOUS

PDF

43.6 KB Created: 2018-11-15 18:31:48 +03:00 Authoring application: ESP Ghostscript 815.02 First seen: 2019-01-12
MD5: 166db28c2f20d38adc2a6b555dc6469b SHA-1: 8c1b289c64acf4d5b90e83011e6a650daa3e3f77 SHA-256: 3fdc1ab6c08dd1f23e3cc4bb6af36af755b7e3a597cae2c54115544235cb0af5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The ML classifier strongly indicates this PDF is malicious. It contains an embedded URI pointing to an external PDF file, suggesting a social engineering lure to download further malicious content. The document body is heavily obfuscated and does not provide clear textual clues, but the presence of the external URI is a high-confidence indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/burning-truth-white-pine-book-4.pdf In PDF document text
    • http://www.gorillawalker.com/writing-with-skill-level-1-instructor-text-the-complete-writer.pdfIn PDF document text
    • http://www.gorillawalker.com/nursing-now-today-s-issues-tomorrow-s-trends.pdfIn PDF document text
    • http://www.gorillawalker.com/who-needs-a-desert-a-desert-ecosystem-ecosystem-series.pdfIn PDF document text
    • http://www.gorillawalker.com/football-the-rules-of-the-game.pdfIn PDF document text
    • http://www.gorillawalker.com/el-sabueso-de-los-baskerville-para-estudiantes-de-espa-ol.pdfIn PDF document text
    • http://www.gorillawalker.com/grouting-and-deep-mixing-2012-geotechnical-special-publication-no-228.pdfIn PDF document text
    • http://www.gorillawalker.com/the-case-for-latvia-disinformation-campaigns-against-a-small-nation.pdfIn PDF document text
    • http://www.gorillawalker.com/handwriting-skills-copybook-2-development-of-handwriting-skills.pdfIn PDF document text
    • http://www.gorillawalker.com/the-memory-jogger-ts-16949-2002-for-automotive-organizations.pdfIn PDF document text
    • http://www.gorillawalker.com/mastering-indesign-cs3-for-print-design-and-production.pdfIn PDF document text
    • http://www.gorillawalker.com/ireland-a-novel-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/insight-guide-great-britain-the-glory-and-unmatchable-diversity-of.pdfIn PDF document text
    • http://www.gorillawalker.com/healing-conversations-what-to-say-when-you-don-t-know.pdfIn PDF document text
    • http://www.gorillawalker.com/vlsi-technology-fundamentals-and-applications-springer-series-in-electronics-and.pdfIn PDF document text
    • http://www.gorillawalker.com/in-the-blink-of-an-eye-hardcover.pdfIn PDF document text
    • http://www.gorillawalker.com/u-got-2-believe.pdfIn PDF document text
    • http://www.gorillawalker.com/historia-del-uruguay.pdfIn PDF document text
    • http://www.gorillawalker.com/experiencing-european-integration-individual-transnationalism-and-public-orientations-towards-european.pdfIn PDF document text
    • http://www.gorillawalker.com/figures-of-ill-repute-representing-prostitution-in-nineteenth-century-france.pdfIn PDF document text
    • http://www.gorillawalker.com/computational-techniques-for-fluid-dynamics-vol-1-fundamental-and-general.pdfIn PDF document text
    • http://www.gorillawalker.com/city-breaks-in-paris-city-breaks-travel-series.pdfIn PDF document text
    • http://www.gorillawalker.com/enjoying-the-port-hills.pdfIn PDF document text
    • http://www.gorillawalker.com/finite-mathematics-5th-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/welcome-to-the-world-of-squirrels.pdfIn PDF document text
    • http://www.gorillawalker.com/making-institutional-repositories-work.pdfIn PDF document text
    • http://www.gorillawalker.com/la-rep-blica-de-el-salvador-en-la-2a-conferencia.pdfIn PDF document text
    • http://www.gorillawalker.com/thou-shall-prosper-ten-commandments-for-making-money-unabridged-audible.pdfIn PDF document text
    • http://www.gorillawalker.com/grandmother.pdfIn PDF document text
    • http://www.gorillawalker.com/basic-modern-algebra-with-applications.pdfIn PDF document text
    • http://www.gorillawalker.com/powder-river-season-two-a-radio-dramatization.pdfIn PDF document text
    • http://www.gorillawalker.com/researching-and-writing-a-portable-guide.pdfIn PDF document text
    • http://www.gorillawalker.com/national-guide-atlas-of-the-kingdom-of-saudi-arabia.pdfIn PDF document text
    • http://www.gorillawalker.com/between-dog-and-wolf.pdfIn PDF document text
    • http://www.gorillawalker.com/guided-information-technology-activities-text-data-disk-using-microsoft-works.pdfIn PDF document text
    • http://www.gorillawalker.com/dinosaur-more-a-first-book-of-dinosaur-facts.pdfIn PDF document text
    • http://www.gorillawalker.com/goosebumps-horrorland-3-monster-blood-for-breakfast-audio.pdfIn PDF document text
    • http://www.gorillawalker.com/complex-archetype-symbol-in-the-psychology-of-c-g-jung.pdfIn PDF document text
    • http://www.gorillawalker.com/the-curse-of-the-pharaoh-1-agatha-girl-of-mystery.pdfIn PDF document text
    • http://www.gorillawalker.com/diapered-by-the-governess-erotic-historical-age-play.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text