Malicious PDF — malware analysis report

Static analysis result for SHA-256 46b5e3d7f1f79e24…

MALICIOUS

PDF

41.9 KB Created: 2019-02-13 20:36:47 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.07)
MD5: f372e41e73138d8826be67d7fe287e0a SHA-1: 0a78b614239a59a87b7831b6dedaf78d62230e08 SHA-256: 46b5e3d7f1f79e24d9ae25fedc4f5bba1c29f8f301d69fc5c12c5ddb08233e89
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a high volume of potentially malicious documents. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/study-and-master-life-sciences-grade-12-learner-s-book.pdf
    • http://www.gorillawalker.com/handbook-for-teacher-educators-transfer-translate-or-transform.pdf
    • http://www.gorillawalker.com/the-team-that-stopped-moving.pdf
    • http://www.gorillawalker.com/orchid-of-the-bayou-a-deaf-woman-faces-blindness.pdf
    • http://www.gorillawalker.com/clouds-and-rain.pdf
    • http://www.gorillawalker.com/the-new-hypnotherapy-handbook-hypnosis-and-mind-body-healing.pdf
    • http://www.gorillawalker.com/nclex-pn-flashcard-book-premium-edition-with-cd-nursing-test.pdf
    • http://www.gorillawalker.com/the-liberated-imagination-thinking-christianly-about-the-arts.pdf
    • http://www.gorillawalker.com/berlin-game-book-1-of-the-bernard-samson-game-set.pdf
    • http://www.gorillawalker.com/nafta-and-free-trade-in-the-americas-in-a-nutshell.pdf
    • http://www.gorillawalker.com/residential-design-using-autocad-2008.pdf
    • http://www.gorillawalker.com/the-trivium-in-college-composition-and-reading.pdf
    • http://www.gorillawalker.com/god-s-armorbearer-1-2-the-daily-journey.pdf
    • http://www.gorillawalker.com/future-of-work.pdf
    • http://www.gorillawalker.com/sex-ratios-concepts-and-research-methods.pdf
    • http://www.gorillawalker.com/adventures-of-a-girl-in-space-008.pdf
    • http://www.gorillawalker.com/afterimage-of-the-revolution-cumann-na-ngaedheal-and-irish-politics.pdf
    • http://www.gorillawalker.com/sap-sales-distribution-certification-guide.pdf
    • http://www.gorillawalker.com/atopic-dermatitis-psoriasis-treatment-korean-edition.pdf
    • http://www.gorillawalker.com/mechanics-an-intensive-course.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-ladyboys-kindle-edition.pdf
    • http://www.gorillawalker.com/rethinking-european-jewish-history-littman-library-of-jewish-civilization.pdf
    • http://www.gorillawalker.com/design-new-england-magazine-kitchen-bath-january-february-2012.pdf
    • http://www.gorillawalker.com/women-activism-and-social-change-stretching-boundaries-routledge-research-in.pdf
    • http://www.gorillawalker.com/pearl-harbor-1941.pdf
    • http://www.gorillawalker.com/circular-v-280.pdf
    • http://www.gorillawalker.com/emma-and-sara-learn-about-harvest-time.pdf
    • http://www.gorillawalker.com/best-of-both-worlds-canada-allows-its-immigrants-to-have.pdf
    • http://www.gorillawalker.com/taming-ryder-souls-of-the-knight-book-2.pdf
    • http://www.gorillawalker.com/the-wahls-protocol-a-radical-new-way-to-treat-all.pdf
    • http://www.gorillawalker.com/abc-of-medical-law.pdf
    • http://www.gorillawalker.com/michelin-green-guide-corse-corsica-in-french-french-edition.pdf
    • http://www.gorillawalker.com/niv-standard-lesson-commentary-2010-2011.pdf
    • http://www.gorillawalker.com/language-and-communication-disorders-in-children-5th-edition.pdf
    • http://www.gorillawalker.com/the-making-of-urban-japan-cities-and-planning-from-edo.pdf
    • http://www.gorillawalker.com/painting-portraits-and-figures-in-watercolor-painting-portraits-figures-i.pdf
    • http://www.gorillawalker.com/smell-of-sawdust-the.pdf
    • http://www.gorillawalker.com/2000-census-of-population-and-housing-texas-population-and-housing.pdf
    • http://www.gorillawalker.com/communication-arts-illustration-annual.pdf
    • http://www.gorillawalker.com/recorder-express-soprano-recorder-method-for-classroom-or-individual-use.pdf
    • http://www.gorillawalker.com/orchid-of-the-bayou-a-deaf-woman-faces-blindness
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.