Malicious PDF — malware analysis report

Static analysis result for SHA-256 48a66adaea95a8b7…

MALICIOUS

PDF

41.4 KB Created: 2018-11-14 08:20:50 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: ecc36c56d4b713dd1fbcf6181e077212 SHA-1: 99f99e02ead176561364ce00fb76ef71fa40bbfb SHA-256: 48a66adaea95a8b74e589922623412506120a6947597bebca47a4fb9a1c22181
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/trains-of-thought-paris-to-omaha-beach-memories-of-a.pdf
    • http://www.gorillawalker.com/fundamentals-of-satellite-communication.pdf
    • http://www.gorillawalker.com/media-law-in-ireland.pdf
    • http://www.gorillawalker.com/variadisimas-ensaladas-chef-express-spanish-edition.pdf
    • http://www.gorillawalker.com/interracial-fantasy-a-xxx-erotic-romance.pdf
    • http://www.gorillawalker.com/diary-comics.pdf
    • http://www.gorillawalker.com/oh-the-moon.pdf
    • http://www.gorillawalker.com/a-walk-in-the-wild-exploring-a-wildlife-refuge-an.pdf
    • http://www.gorillawalker.com/chet-baker-as-though-i-had-wings.pdf
    • http://www.gorillawalker.com/how-to-draw-zentangles-basic-designs-pencil-drawing-step-by.pdf
    • http://www.gorillawalker.com/advanced-airbreathing-propulsion-orbit.pdf
    • http://www.gorillawalker.com/muffy-vander-bear-with-family-and-friends-2000-calendar-muffy.pdf
    • http://www.gorillawalker.com/geang-der-parzen-op-89-vocal-score-german-edition-paperback.pdf
    • http://www.gorillawalker.com/steck-vaughn-en-parajes-voltea-y-aprende-emergent-leveled-reader.pdf
    • http://www.gorillawalker.com/castle-point-in-the-great-war-your-towns-and-cities.pdf
    • http://www.gorillawalker.com/practical-cellular-and-pcs-design.pdf
    • http://www.gorillawalker.com/frommer-s-chicago-2008-frommer-s-complete-guides.pdf
    • http://www.gorillawalker.com/c-est-a-toi-level-3-electronique-interactive-textbook.pdf
    • http://www.gorillawalker.com/now-go-home-and-practice-book-1-baritone-bc-interactive.pdf
    • http://www.gorillawalker.com/feminist-practice-in-the-21st-century-nan-van-den-bergh.pdf
    • http://www.gorillawalker.com/ap-us-history-in-depth-course-outline-and-study-guide.pdf
    • http://www.gorillawalker.com/geist-aus-friedrich-jacobs-werken-german-edition.pdf
    • http://www.gorillawalker.com/three-piano-pieces-the-seasons-november-december-valse-de-salon.pdf
    • http://www.gorillawalker.com/russian-edition.pdf
    • http://www.gorillawalker.com/instructor-s-resource-guide-calculus.pdf
    • http://www.gorillawalker.com/front-yard-backyard-idea-book.pdf
    • http://www.gorillawalker.com/vitaminas-y-minerales.pdf
    • http://www.gorillawalker.com/houghton-mifflin-english-workbook-plus-consumable-level-8.pdf
    • http://www.gorillawalker.com/marketing-to-the-mind-right-brain-strategies-for-advertising-and.pdf
    • http://www.gorillawalker.com/coastal-stabilization-innovative-concepts.pdf
    • http://www.gorillawalker.com/cupcakes-muffins-fairy-cakes-and-more-baking-secrets-kindle-edition.pdf
    • http://www.gorillawalker.com/physician-s-guide-to-end-of-life-care.pdf
    • http://www.gorillawalker.com/roger-ii-of-sicily-a-ruler-between-east-and-west.pdf
    • http://www.gorillawalker.com/project-of-crisis-manfredo-tafuri-and-contemporary-architecture-writing-architecture.pdf
    • http://www.gorillawalker.com/semantic-breakthrough-in-drug-discovery-synthesis-lectures-on-the-semantic.pdf
    • http://www.gorillawalker.com/steck-vaughn-ged-skill-books-student-edition-10-pack-mathematics.pdf
    • http://www.gorillawalker.com/college-algebra-graphing-and-data-analysis-instructor-s-solutions-manual.pdf
    • http://www.gorillawalker.com/workbook-for-milady-standard-nail-technology-7th-edition.pdf
    • http://www.gorillawalker.com/impressionism-21-piano-pieces-around-debussy-schott-piano-classics.pdf
    • http://www.gorillawalker.com/2008-worldwide-sound-recording-studios-industry-report-download-pdf-digital.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.