Malicious PDF — malware analysis report

Static analysis result for SHA-256 463a1dd0538085fa…

MALICIOUS

PDF

43.6 KB Created: 2018-11-23 21:03:38 +03:00 Authoring application: - (via GNU Ghostscript 6.53)
MD5: dd2602e81a2ee561d36a999d47cf1f04 SHA-1: 5ef673c603bdad92d97e235da30e11da68da82c1 SHA-256: 463a1dd0538085fa73ffe8094f9050ff1aa19d83b1751c868f078b64f8ddbaaf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/leisure-services-management-with-web-resources.pdf
    • http://www.gorillawalker.com/case-of-large-cerebral-tumour-without-optic-neuritis-and-with.pdf
    • http://www.gorillawalker.com/home-remedies-herbal-and-homeopathic-treatments-for-use-at-home.pdf
    • http://www.gorillawalker.com/heart-of-the-original.pdf
    • http://www.gorillawalker.com/you-ve-got-ketchup-on-your-muumuu-an-a-to.pdf
    • http://www.gorillawalker.com/captain-john-s-fishing-tackle-price-guide.pdf
    • http://www.gorillawalker.com/james-ensor-the-complete-prints.pdf
    • http://www.gorillawalker.com/293-art-nouveau-designs-and-ornaments-dover-electronic-clip-art.pdf
    • http://www.gorillawalker.com/daughters-of-lyra-science-fiction-romance-anthology-kindle-edition.pdf
    • http://www.gorillawalker.com/l-osvald-l-elefant-musical-oswald-the-musical-elephant-el.pdf
    • http://www.gorillawalker.com/collection-of-top-30-best-healthy-delicious-and-recommended-australian.pdf
    • http://www.gorillawalker.com/lasik-techniques-pearls-and-pitfalls.pdf
    • http://www.gorillawalker.com/the-adventurous-heart-figures-and-capriccios.pdf
    • http://www.gorillawalker.com/chemical-and-biological-warfare-agents-gulf-war-illnesses-series-chemical.pdf
    • http://www.gorillawalker.com/memory-s-gate-time-thriller-trilogy.pdf
    • http://www.gorillawalker.com/deadly-legacy.pdf
    • http://www.gorillawalker.com/baseball-dreams-fishing-magic-one-man-s-trip-through-this.pdf
    • http://www.gorillawalker.com/zen-master-class-a-course-in-zen-wisdom-from-tradtional.pdf
    • http://www.gorillawalker.com/visions-v-4-a-treasury-of-sakya-teachings.pdf
    • http://www.gorillawalker.com/homo-sapiens-a-problematic-species-an-essay-in-philosophical-anthropology.pdf
    • http://www.gorillawalker.com/visions-of-the-multiverse.pdf
    • http://www.gorillawalker.com/timothy-turtle-to-the-rescue-life-lessons-for-little-people.pdf
    • http://www.gorillawalker.com/i-loved-jesus-in-the-night-teresa-of-calcutta-a.pdf
    • http://www.gorillawalker.com/spectacular-wineries-of-california-s-central-coast-a-captivating-tour.pdf
    • http://www.gorillawalker.com/public-choice-concepts-and-applications-in-law-american-casebook-series.pdf
    • http://www.gorillawalker.com/alcatraz-to-zanzibar-famous-places-from-a-to-z-super.pdf
    • http://www.gorillawalker.com/rand-mcnally-denver-regional-area-streetfinder-2001-usa-streetfinder-atlas.pdf
    • http://www.gorillawalker.com/analytic-geometry-with-introductory-chapter-on-the-calculus-1st-edition.pdf
    • http://www.gorillawalker.com/arts-crafts-of-the-islamic-lands-principles-materials-practice.pdf
    • http://www.gorillawalker.com/her-name-in-the-sky.pdf
    • http://www.gorillawalker.com/bloods-price-kindle-edition.pdf
    • http://www.gorillawalker.com/by-alan-battista-light-tackle-kayak-trolling-the-chesapeake-bay.pdf
    • http://www.gorillawalker.com/alfredsson-justicepending-indigen-pa.pdf
    • http://www.gorillawalker.com/billion-dollar-cowboy-cowboys-brides.pdf
    • http://www.gorillawalker.com/lectures-on-antitrust-economics-cairoli-lectures.pdf
    • http://www.gorillawalker.com/handbook-of-workplace-diversity.pdf
    • http://www.gorillawalker.com/latin-american-identity-and-constructions-of-difference-institute-for-adminstrative.pdf
    • http://www.gorillawalker.com/shakespeare-s-richard-ii-cliffs-notes.pdf
    • http://www.gorillawalker.com/operation-whet-the-pussy-looking-for-book-1.pdf
    • http://www.gorillawalker.com/panentheism-the-other-god-of-the-philosophers-from-plato-to.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.