Malicious PDF — malware analysis report

Static analysis result for SHA-256 4baa6d4600fdd2d5…

MALICIOUS

PDF

40.9 KB Created: 2019-04-04 14:54:50 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: c4c74bf68ae4690231ebb2c76b519b0e SHA-1: a9cce83675ba27f84a4ebf8fdf7408260da0604d SHA-256: 4baa6d4600fdd2d5810cfca981ab9ea9df9b41296c2e5b6800df245c7edc32ea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to other PDFs on the same domain suggests a coordinated effort to host or redirect to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/american-literature-texas-treasures.pdf
    • http://www.gorillawalker.com/cheese-a-global-history-reaktion-books-edible.pdf
    • http://www.gorillawalker.com/escape-dead-end-kindle-edition.pdf
    • http://www.gorillawalker.com/amos-n-andy-not-a-cd-audiotape-cassette-radio-programs.pdf
    • http://www.gorillawalker.com/math-connects-homework-and-problem-solving-workbook-course-1-math.pdf
    • http://www.gorillawalker.com/secrets-to-lose-toxic-belly-fat-heal-your-sick-metabolism.pdf
    • http://www.gorillawalker.com/rosalind-major-lit-char-oop-bloom-s-major-literary-characters.pdf
    • http://www.gorillawalker.com/searching-for-spirituality-in-higher-education.pdf
    • http://www.gorillawalker.com/sonette-an-orpheus-german-edition.pdf
    • http://www.gorillawalker.com/goal-line.pdf
    • http://www.gorillawalker.com/coyote-healing-miracles-in-native-medicine.pdf
    • http://www.gorillawalker.com/where-s-karl.pdf
    • http://www.gorillawalker.com/revenge-thriller-a-crazed-cult-leader-destroys-bill-s-life.pdf
    • http://www.gorillawalker.com/the-art-of-pelaez.pdf
    • http://www.gorillawalker.com/churchill-and-empire-a-portrait-of-an-imperialist-kindle-edition.pdf
    • http://www.gorillawalker.com/winterzart-german-edition.pdf
    • http://www.gorillawalker.com/the-gardner-museum-cafe-cookbook.pdf
    • http://www.gorillawalker.com/an-introduction-to-leopardi-s-canti-troubador-italian-studies.pdf
    • http://www.gorillawalker.com/coaches-guide-to-sport-psychology-bymartens.pdf
    • http://www.gorillawalker.com/blood-drive-anna-strong-vampire-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/manipulating-the-ether-the-power-of-broadcast-radio-in-thirties.pdf
    • http://www.gorillawalker.com/care-for-a-puppy-a-robbie-reader-how-to-convince.pdf
    • http://www.gorillawalker.com/calligraphy-a-book-of-contemporary-inspiration.pdf
    • http://www.gorillawalker.com/l-amico-fritz-act-iii-canzone-o-pallida-che-un.pdf
    • http://www.gorillawalker.com/the-seventh-sinner-a-jacqueline-kirby-mystery-jacqueline-kirby-mysteries.pdf
    • http://www.gorillawalker.com/adhd-book-living-right-now.pdf
    • http://www.gorillawalker.com/the-teachings-of-the-ocean-kindle-edition.pdf
    • http://www.gorillawalker.com/american-medical-association-guide-to-preventing-and-treating-heart-disease.pdf
    • http://www.gorillawalker.com/tall.pdf
    • http://www.gorillawalker.com/atlas-wyznan-w-polsce-polish-edition.pdf
    • http://www.gorillawalker.com/faustina-the-apostle-of-divine-mercy.pdf
    • http://www.gorillawalker.com/cancer-de-piel-protecci.pdf
    • http://www.gorillawalker.com/futbol-futbol-entrenamiento-deportivo-spanish-edition.pdf
    • http://www.gorillawalker.com/a-friendship-the-letters-of-dan-rowan-and-john-d.pdf
    • http://www.gorillawalker.com/liaisons-p-rilleuses-au-costa-rica-l-int-grale-french.pdf
    • http://www.gorillawalker.com/john-colter-his-years-in-the-rockies.pdf
    • http://www.gorillawalker.com/cal-98-california.pdf
    • http://www.gorillawalker.com/homeworld-blues-triworlds-revolution-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/in-hollow-houses-dark-matter-book-1.pdf
    • http://www.gorillawalker.com/elementary-linear-algebra-with-supplemental-applications.pdf
    • http://www.gorillawalker.com/rosalind-major-lit-char-oop-bloom-s-major-literary-chara
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.