Malicious PDF — malware analysis report

Static analysis result for SHA-256 551cbff7c6fb61b1…

MALICIOUS

PDF

42.5 KB Created: 2018-11-23 21:03:24 +03:00 Authoring application: PScript5.dll Version 5.2 (via ePapyrus PSI 8.51)
MD5: 86cee0e7fc9a9d48fbe1521d16618e26 SHA-1: ace2cad91bc796b80cb3d83528c530eac22da567 SHA-256: 551cbff7c6fb61b1033ce3d2195119240b3bbee6ea2b2106334cecacad14d1fb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to host a mass of external links, likely for SEO manipulation or to distribute malicious content indirectly. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/advanced-civil-litigation-professional-negligence-in-practice-blackstone-bar-manual.pdf
    • http://www.gorillawalker.com/just-and-unjust-peace-an-ethic-of-political-reconciliation-studies.pdf
    • http://www.gorillawalker.com/charlie-parker-for-bass-20-heads-sax-solos-arranged-for.pdf
    • http://www.gorillawalker.com/the-wrath-of-heaven-on-earth-an-exposition-on-revelation.pdf
    • http://www.gorillawalker.com/solos-for-the-alto-recorder-player-alto-recorder-and-piano.pdf
    • http://www.gorillawalker.com/herpes-sufferers-get-h-e-l-p.pdf
    • http://www.gorillawalker.com/calle-londres-spanish-edition.pdf
    • http://www.gorillawalker.com/jackson-tm-heavy-metal-guitars-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-soul-raising-kids-on-the-spectrum.pdf
    • http://www.gorillawalker.com/wine-and-food-handbook-aide-memoire-du-sommelier.pdf
    • http://www.gorillawalker.com/optical-signal-processing.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-new-cook-book-12th-edition-custom.pdf
    • http://www.gorillawalker.com/interpreting-the-self-autobiography-in-the-arabic-literary-tradition.pdf
    • http://www.gorillawalker.com/coping-with-population-growth-the-environment-challenge.pdf
    • http://www.gorillawalker.com/denver-demon-two-secrets-of-sin.pdf
    • http://www.gorillawalker.com/history-of-printed-scraps.pdf
    • http://www.gorillawalker.com/el-cine-taurino-de-lumi-re-a-manolete-ediciones-sol.pdf
    • http://www.gorillawalker.com/edinburgh-streetfinder-atlas.pdf
    • http://www.gorillawalker.com/i-love-you-more-than-you-do-1-japanese-edition.pdf
    • http://www.gorillawalker.com/coming-of-age-volume-2-endless-conflict.pdf
    • http://www.gorillawalker.com/by-adolf-goetzberger-photovoltaic-solar-energy-generation.pdf
    • http://www.gorillawalker.com/the-complete-english-maori-dictionary.pdf
    • http://www.gorillawalker.com/notturno-senza-stelle-il-filo-azzurro-italian-edition.pdf
    • http://www.gorillawalker.com/how-to-think-like-a-great-graphic-designer-kindle-edition.pdf
    • http://www.gorillawalker.com/the-skyrim-scrolls-vol-ii-man-and-beasts.pdf
    • http://www.gorillawalker.com/flying-monkeys-drunk-monkeys-6-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/mastering-arabic-2.pdf
    • http://www.gorillawalker.com/the-truth-about-trucking.pdf
    • http://www.gorillawalker.com/52-country-projects-for-the-weekend-woodworker-home-craftsman-series.pdf
    • http://www.gorillawalker.com/margaret-fulton-s-book-of-wholefood-cooking.pdf
    • http://www.gorillawalker.com/managing-problem-behaviours-a-guide-for-parents-and-preschools.pdf
    • http://www.gorillawalker.com/gardens-wall-calendar-small-2015-flower-calendar-garden-calendar-by.pdf
    • http://www.gorillawalker.com/deflagration-and-detonation-flame-arresters.pdf
    • http://www.gorillawalker.com/afloat-again-adrift-three-voyages-on-the-waters-of-north.pdf
    • http://www.gorillawalker.com/the-origins-of-argentina-s-revolution-of-the-right-helen.pdf
    • http://www.gorillawalker.com/gallows-thief-a-novel.pdf
    • http://www.gorillawalker.com/microsoft-project-2010.pdf
    • http://www.gorillawalker.com/30-doblones-de-oro-spanish-edition.pdf
    • http://www.gorillawalker.com/cedar-homes-ideas-for-log-timber-frame-designs-schiffer-design.pdf
    • http://www.gorillawalker.com/division-through-144-12-math.pdf
    • http://www.gorillawalker.com/calle-londres-spanish-ed
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.