Malicious PDF — malware analysis report

Static analysis result for SHA-256 624cf93298ec93d2…

MALICIOUS

PDF

42.1 KB Created: 2019-04-07 18:03:32 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 5ffb3e4bb7a2d833b0707964656de3f4 SHA-1: dcfb747f3fa9b2cfd08511d05af208ef389b6886 SHA-256: 624cf93298ec93d275c239320eade9f1f3d5fe5ec38a26200184a90ff6b7c9c4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs are likely used to manipulate search engine rankings or to serve as a distribution point for further malicious content, aligning with a spearphishing attachment attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quirks-of-the-quantum-mind.pdf
    • http://www.gorillawalker.com/yes-to-life-memoirs-of-corliss-lamont.pdf
    • http://www.gorillawalker.com/quantification-illustrations-from-the-creator-of-secrets-in-plain-sight.pdf
    • http://www.gorillawalker.com/como-aplicar-gimnasia-para-el-cerebro-tecnicas-de-autoayuda-para.pdf
    • http://www.gorillawalker.com/flatbreads-flavors-a-baker-s-atlas.pdf
    • http://www.gorillawalker.com/fixing-frege-princeton-monographs-in-philosophy.pdf
    • http://www.gorillawalker.com/acting-in-prime-time.pdf
    • http://www.gorillawalker.com/racing-the-antelope-what-animals-can-teach-us-about-running.pdf
    • http://www.gorillawalker.com/insurance-law-2007-top-lawyers-on-trends-and-key-strategies.pdf
    • http://www.gorillawalker.com/pischna-technical-studies-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/jesus-is-all-you-need-a-study-in-colossians-the.pdf
    • http://www.gorillawalker.com/low-carb-slow-cooker-recipes-better-homes-gardens.pdf
    • http://www.gorillawalker.com/fibromyalgia-stop-a-comprehensive-guide-on-fibromyalgia-causes-symptoms-treatments.pdf
    • http://www.gorillawalker.com/guidelines-for-pulmonary-rehabilitation-programs-2nd-edition.pdf
    • http://www.gorillawalker.com/railroad-signaling.pdf
    • http://www.gorillawalker.com/refugees-and-gender-law-and-process.pdf
    • http://www.gorillawalker.com/the-banjo-s-back-in-town-sa-t-b.pdf
    • http://www.gorillawalker.com/finding-walter.pdf
    • http://www.gorillawalker.com/prisoner-of-zion-muslims-mormons-and-other-misadventures.pdf
    • http://www.gorillawalker.com/typography-and-architecture-amsterdam-in-letters-hardcover.pdf
    • http://www.gorillawalker.com/effects-of-increased-loudness-on-tongue-movements-during-speech-in.pdf
    • http://www.gorillawalker.com/choppers-horsepower.pdf
    • http://www.gorillawalker.com/success-in-science-key-stage-2-national-tests-bk-1.pdf
    • http://www.gorillawalker.com/christians-get-depressed-too.pdf
    • http://www.gorillawalker.com/pope-awesome-and-other-stories.pdf
    • http://www.gorillawalker.com/varney-s-midwifery.pdf
    • http://www.gorillawalker.com/first-time-with-a-babysitter-first-experiences.pdf
    • http://www.gorillawalker.com/como-conejos-like-rabbits-spanish-edition.pdf
    • http://www.gorillawalker.com/vocabulary-flash-cards-for-the-new-naturalization-test-2009.pdf
    • http://www.gorillawalker.com/the-art-of-living-vipassana-meditation-as-taught-by-s.pdf
    • http://www.gorillawalker.com/i-call-myself-a-feminist-the-view-from-twenty-five.pdf
    • http://www.gorillawalker.com/hand-reef-and-steer.pdf
    • http://www.gorillawalker.com/madrid-y-alrededores-michelin-zoom-maps.pdf
    • http://www.gorillawalker.com/storia-dell-archeologia-classica-in-italia-dal-1764-ai-giorni.pdf
    • http://www.gorillawalker.com/polish-phrase-book-berlitz-phrase-books-paperback.pdf
    • http://www.gorillawalker.com/how-lawyers-screw-their-clients-and-what-you-can-do.pdf
    • http://www.gorillawalker.com/project-girl.pdf
    • http://www.gorillawalker.com/13th-united-nations-regional-cartographic-conference-for-asia-and-the.pdf
    • http://www.gorillawalker.com/shape-your-butt-and-thighs-weight-loss-body-sculpting-exercises.pdf
    • http://www.gorillawalker.com/holiness-is-always-in-season.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.