Malicious PDF — malware analysis report

Static analysis result for SHA-256 514b20b415e6b2c5…

MALICIOUS

PDF

44.5 KB Created: 2018-12-14 20:05:32 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: 453f3283a4b80ed1b9956181e7345748 SHA-1: b0b5868b6e92efdae17a83a84e75928e74ac3262 SHA-256: 514b20b415e6b2c5a62cde6cc6dffca6bbc223343e361be79f83f6ef9b8c481c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This heuristic firing, PDF_SEO_LINK_FARM, indicates a potential attempt to manipulate search engine rankings or distribute content through a link farm. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gfoa-s-position-on-the-governmental-accounting-standards-board.pdf
    • http://www.gorillawalker.com/bayocean-the-oregon-town-that-fell-into-the-sea.pdf
    • http://www.gorillawalker.com/magill-s-literary-annual-2013-2-volume-set-print-purchase.pdf
    • http://www.gorillawalker.com/lonely-planet-mallorca-travel-guide-by-lonely-planet-ham-2012.pdf
    • http://www.gorillawalker.com/nova-britannia-the-english-experience-its-record-in-early-printed.pdf
    • http://www.gorillawalker.com/chinese-pediatric-massage-therapy-a-parent-s-and-practitioner-s.pdf
    • http://www.gorillawalker.com/energetic-materials-part-2-detonation-combustion-detonation-combustion-pt-2.pdf
    • http://www.gorillawalker.com/i-married-a-porn-addict-a-story-of-restoration.pdf
    • http://www.gorillawalker.com/feasting-on-the-word-year-b-vol-1-advent-through.pdf
    • http://www.gorillawalker.com/clymer-mercruiser-stern-drive-shop-manual-1998-2001-alpha-bravo.pdf
    • http://www.gorillawalker.com/wolf-ties-a-rue-darrow-novel-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/gurps-infinite-worlds-gurps-4th-edition-roleplaying.pdf
    • http://www.gorillawalker.com/rethinking-rural-literacies-transnational-perspectives.pdf
    • http://www.gorillawalker.com/i-swear.pdf
    • http://www.gorillawalker.com/the-artist-s-guide-to-grant-writing-how-to-find.pdf
    • http://www.gorillawalker.com/visions-of-the-colorado-plateau.pdf
    • http://www.gorillawalker.com/birch-s-views-of-philadelphia.pdf
    • http://www.gorillawalker.com/the-story-of-kate-small-town-girl-with-big-dreams.pdf
    • http://www.gorillawalker.com/pathfinder-module-doom-comes-to-dustpawn.pdf
    • http://www.gorillawalker.com/surgeon-s-guide-to-postsurgical-pain-management-colorectal-and-abdominal.pdf
    • http://www.gorillawalker.com/the-adventures-of-naomi-noodles-the-wonderful-amazing-splendiferous-me.pdf
    • http://www.gorillawalker.com/the-land-of-bolivar-v2-or-war-peace-and-adventure.pdf
    • http://www.gorillawalker.com/new-treatments-for-addiction-behavioral-ethical-legal-and-social-questions.pdf
    • http://www.gorillawalker.com/how-to-position-yourself-as-the-obvious-expert-turbocharge-your.pdf
    • http://www.gorillawalker.com/mysteries-in-small-towns-volume-4.pdf
    • http://www.gorillawalker.com/lord-change-my-attitude-member-book.pdf
    • http://www.gorillawalker.com/bread-machine-easy-70-delicious-recipes-that-make-the-most.pdf
    • http://www.gorillawalker.com/developing-successful-agriculture-an-australian-case-study.pdf
    • http://www.gorillawalker.com/praxis-ii-pennsylvania-grades-4-8-core-assessment-mathematics-and.pdf
    • http://www.gorillawalker.com/sallyanne-atkinson-s-brisbane-guide.pdf
    • http://www.gorillawalker.com/c-est-a-toi-level-2-french-edition.pdf
    • http://www.gorillawalker.com/soulsville-u-s-a-the-story-of-stax-records.pdf
    • http://www.gorillawalker.com/guest-workers-or-colonized-labor-mexican-labor-migration-to-the.pdf
    • http://www.gorillawalker.com/sand-in-my-mud-misadventures-on-the-water.pdf
    • http://www.gorillawalker.com/tangles.pdf
    • http://www.gorillawalker.com/macbeth-dramma-fantastico-in-quattro-atti-spanish-edition.pdf
    • http://www.gorillawalker.com/stardust-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-magnificat-a-series-of-meditations-upon-the-song-of.pdf
    • http://www.gorillawalker.com/suzuki-quint-etudes-suzuki-violin-school.pdf
    • http://www.gorillawalker.com/provide-physical-assistance-with-medication-learner-guide.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.