Malicious PDF — malware analysis report

Static analysis result for SHA-256 5448823bfba81c3a…

MALICIOUS

PDF

44.1 KB Created: 2019-04-30 12:45:09 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: ee4df96b6bfb8f6178c093ba4077ff87 SHA-1: 3a41deed589dac797f7f28001e7a9570e628ad1b SHA-256: 5448823bfba81c3accb160edd0675da3489ba3ccc7030aefc14500dbf2630bdd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to distribute malware or phish users through a link farm. The dominant host for these links is www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/9mm-m9-semiautomatic-pistol-owner-s-manual.pdf
    • http://www.gorillawalker.com/suture-and-surgical-hemostasis-pageburst-e-book-on-vitalsource-retail.pdf
    • http://www.gorillawalker.com/social-and-behavioral-statistics-a-user-friendly-approach.pdf
    • http://www.gorillawalker.com/the-history-and-sociology-of-genocide-analyses-and-case-studies.pdf
    • http://www.gorillawalker.com/nonprofit-solicitation-under-the-telemarketing-sales-rule-an-article-from.pdf
    • http://www.gorillawalker.com/outsourcing-issues-for-nurse-practitioner-practices-an-article-from-nursing.pdf
    • http://www.gorillawalker.com/english-country-architecture-design-library.pdf
    • http://www.gorillawalker.com/natural-environmental-change-routledge-introductions-to-environment-environmental-science.pdf
    • http://www.gorillawalker.com/our-wives-have-gone-mad-kindle-edition.pdf
    • http://www.gorillawalker.com/celluloid-activist-the-life-and-times-of-vito-russo.pdf
    • http://www.gorillawalker.com/the-story-of-jesus-and-his-disciples-alice-in-bibleland.pdf
    • http://www.gorillawalker.com/my-song-in-the-night-vocal-score.pdf
    • http://www.gorillawalker.com/the-souls-of-yoruba-folk-black-studies-and-critical-thinking.pdf
    • http://www.gorillawalker.com/miscible-displacement-henry-l-doherty-series.pdf
    • http://www.gorillawalker.com/alfred-s-basic-adult-piano-course-lesson-book-level-3.pdf
    • http://www.gorillawalker.com/blackjack-moonlight-a-contemporary-romance-braden-magdalen-author-apr-13.pdf
    • http://www.gorillawalker.com/weiss-ratings-guide-to-property-and-casualty-insurers-spring-2006.pdf
    • http://www.gorillawalker.com/lesbian-sex-in-prison.pdf
    • http://www.gorillawalker.com/clinical-neuroanatomy-and-neuroscience-with-web-access-clinical-neuroanatomy-neu.pdf
    • http://www.gorillawalker.com/liquid-crystal-devices-physics-and-applications-artech-house-optoelectronics-library.pdf
    • http://www.gorillawalker.com/deep-blue-eternity.pdf
    • http://www.gorillawalker.com/hot-air-henry-reading-rainbow-books.pdf
    • http://www.gorillawalker.com/the-german-army-mountain-soldier-of-wwii.pdf
    • http://www.gorillawalker.com/mini-office-voodoo-kit-blue-q-mega-mini-kits.pdf
    • http://www.gorillawalker.com/psychopharmacology-for-helping-professionals-an-integral-exploration-sab-140-pharmacology.pdf
    • http://www.gorillawalker.com/autos-deportivos-sports-cars-caballos-de-fuerza-horsepower-multilingual-edition.pdf
    • http://www.gorillawalker.com/essentials-of-epidemiology-in-public-health-2nd-edition.pdf
    • http://www.gorillawalker.com/the-white-boy-shuffle-a-novel.pdf
    • http://www.gorillawalker.com/unbreakable-a-dalton-gang-novel.pdf
    • http://www.gorillawalker.com/biomagnetism-an-interdisciplinary-approach.pdf
    • http://www.gorillawalker.com/the-death-and-rebirth-of-anne-bonny-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/water-changes-my-world.pdf
    • http://www.gorillawalker.com/landscapes-of-corfu-sunflower-countryside-guides.pdf
    • http://www.gorillawalker.com/jujuy-argentina-colores-del-norte-spanish-edition.pdf
    • http://www.gorillawalker.com/stephanie-curry-s-blue-devil-prophecy-theory-seal-study-guide.pdf
    • http://www.gorillawalker.com/stephan-schiffman-s-telemarketing.pdf
    • http://www.gorillawalker.com/latitude-59-degrees-north-lady-s-vol-2.pdf
    • http://www.gorillawalker.com/implementing-tpm-the-north-american-experience-step-by-step-approach.pdf
    • http://www.gorillawalker.com/edinburgh-after-dark-ghosts-vampires-and-witches-of-the-old.pdf
    • http://www.gorillawalker.com/the-complete-english-hebrew-dictionary.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.