Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b4f80703fb13e57…

MALICIOUS

PDF

33.7 KB Created: 2020-01-17 19:19:46 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: fc9949dc250390a13c98654a3269bf18 SHA-1: 45a2f2bdc9660a84237a03ca7a275837b6da3d25 SHA-256: 4b4f80703fb13e57a166277dad51223e135301354e2b458d0e95b6a7581d91ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/no-limits-beyond-genius.pdf
    • http://www.gorillawalker.com/close-your-eyes-hold-hands-vintage-contemporaries.pdf
    • http://www.gorillawalker.com/whisper-falls.pdf
    • http://www.gorillawalker.com/prinsetta.pdf
    • http://www.gorillawalker.com/apsley-house-the-wellington-collection-english-heritage-guidebooks.pdf
    • http://www.gorillawalker.com/a-portfolio-management-approach-to-strategic-airline-planning-an-exploratory.pdf
    • http://www.gorillawalker.com/textbook-of-gastroenterology-2-vol-set.pdf
    • http://www.gorillawalker.com/best-of-the-best-from-virginia-ii-selected-recipes-from.pdf
    • http://www.gorillawalker.com/ftce-social-science-6-12-practice-questions-ftce-practice-tests.pdf
    • http://www.gorillawalker.com/nelson-handwriting-workbook-3-x10.pdf
    • http://www.gorillawalker.com/jacob-israel-vs-esau-edom-roots-of-the-middle-east.pdf
    • http://www.gorillawalker.com/a-new-day-on-earth-the-first-five-workshops-the.pdf
    • http://www.gorillawalker.com/wicca-the-essential-guide-for-beginners-learn-wiccan-beliefs-rituals.pdf
    • http://www.gorillawalker.com/bertrand-tavernier-french-film-directors-mup.pdf
    • http://www.gorillawalker.com/by-denny-gulick-encounters-with-chaos-and-fractals-second-edition.pdf
    • http://www.gorillawalker.com/warp-lane-young-heroes-book-3-some-far-shore.pdf
    • http://www.gorillawalker.com/1-001-gre-practice-questions-for-dummies-free-online-practice.pdf
    • http://www.gorillawalker.com/water-power-development-high-head-power-plants-vol-ii-a.pdf
    • http://www.gorillawalker.com/women-behind-bars.pdf
    • http://www.gorillawalker.com/subspace-encounter.pdf
    • http://www.gorillawalker.com/raising-hell-demonic-gay-erotica.pdf
    • http://www.gorillawalker.com/on-the-runway-barbie-rub-on-pattern-book.pdf
    • http://www.gorillawalker.com/dylan-thomas-the-complete-screenplays.pdf
    • http://www.gorillawalker.com/a-j-raffles-the-gentleman-thief-series-the-amateur-cracksman.pdf
    • http://www.gorillawalker.com/breast-cancer-treatment-by-focused-microwave-thermotherapy.pdf
    • http://www.gorillawalker.com/the-vitamin-d-solution-a-3-step-strategy-to-cure.pdf
    • http://www.gorillawalker.com/glass-philip-violin-concerto-1987-violin-and-piano-chester-music.pdf
    • http://www.gorillawalker.com/materializing-art-history-materializing-culture.pdf
    • http://www.gorillawalker.com/poetry-and-reform-periodical-verse-from-the-english-democratic-press.pdf
    • http://www.gorillawalker.com/packaging-in-saudi-arabia-to-2015-market-sizing-and-forecasts.pdf
    • http://www.gorillawalker.com/posthumanism-a-critical-analysis.pdf
    • http://www.gorillawalker.com/the-novice-insomniac.pdf
    • http://www.gorillawalker.com/heart-home-healthy-cooking-african-american-style.pdf
    • http://www.gorillawalker.com/contributions-to-the-physiology-of-the-nervous-system-of-the.pdf
    • http://www.gorillawalker.com/merchant-ivory-interviews-conversations-with-filmmakers-series.pdf
    • http://www.gorillawalker.com/man-in-the-middle-kindle-edition.pdf
    • http://www.gorillawalker.com/the-camouflaged-church.pdf
    • http://www.gorillawalker.com/finding-mercy-in-the-dark.pdf
    • http://www.gorillawalker.com/audel-machine-shop-tools-and-operations.pdf
    • http://www.gorillawalker.com/flame-of-recca-volume-10-manga.pdf
    • http://www.gorillawalker.com/best-of-the-best-from-virginia-ii
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.