Malicious PDF — malware analysis report

Static analysis result for SHA-256 67d27e304563bccd…

MALICIOUS

PDF

43.4 KB Created: 2018-11-23 08:08:49 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 6822bfc9e821b0372eb87e5117c74ae9 SHA-1: b754aac3496bc6856033f713040ae9ca87aef438 SHA-256: 67d27e304563bccd0573ebd0f93d4f1ed6e49219c3c32d5bc7674f77fbccf34a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a large collection of documents on gorillawalker.com, potentially for SEO abuse or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/famous-assassinations-in-world-history-2-volumes-an-encyclopedia.pdf
    • http://www.gorillawalker.com/seaworthiness-the-forgotten-factor-sailmate.pdf
    • http://www.gorillawalker.com/how-did-we-find-out-about-vitamins.pdf
    • http://www.gorillawalker.com/wimpy-kid-2013-calendar-illustrated-by-jeff-kinney.pdf
    • http://www.gorillawalker.com/the-anonymous-bride-texas-boardinghouse-brides-book-1.pdf
    • http://www.gorillawalker.com/wesendonk-lieder-and-other-songs-for-voice-and-piano-dover.pdf
    • http://www.gorillawalker.com/maggi-and-henrietta-drawings-of-henrietta-moraes.pdf
    • http://www.gorillawalker.com/elsie-s-womanhood-original-elsie-classics-the-original-elsie-dinsmore.pdf
    • http://www.gorillawalker.com/are-you-morbid.pdf
    • http://www.gorillawalker.com/a-grammar-of-biblical-aramaic-with-an-index-of-biblical.pdf
    • http://www.gorillawalker.com/academic-library-effectiveness.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-functions-and-applications-tests.pdf
    • http://www.gorillawalker.com/ancient-civilizations-activity-book-harcourt-brace-social-studies.pdf
    • http://www.gorillawalker.com/agile-software-development-series-bundle-surviving-object-oriented-projects-writing.pdf
    • http://www.gorillawalker.com/la-osteoporosis-osteosporosis-que-es-y-como-prevenirla-what-is.pdf
    • http://www.gorillawalker.com/ancient-symbology-in-fantasy-literature-a-psychological-study.pdf
    • http://www.gorillawalker.com/designing-the-perfect-resume.pdf
    • http://www.gorillawalker.com/monitoring-publicly-funded-family-mediation-report-to-the-legal-services.pdf
    • http://www.gorillawalker.com/1996-martindale-hubbell-international-arbitration-dispute-resolution-directory.pdf
    • http://www.gorillawalker.com/the-mini-farming-guide-to-composting-self-sufficiency-from-your.pdf
    • http://www.gorillawalker.com/atom.pdf
    • http://www.gorillawalker.com/hipaa-compliance-handbook-2005-edition.pdf
    • http://www.gorillawalker.com/elephants-let-s-investigate.pdf
    • http://www.gorillawalker.com/criminal-law-an-outline-for-essay-writing-ivy-black-letter.pdf
    • http://www.gorillawalker.com/tone-studies-primer-developmental-and-progressive-studies-for-flute.pdf
    • http://www.gorillawalker.com/sun-and-moon-tarot.pdf
    • http://www.gorillawalker.com/max-mo-s-first-day-at-school-ready-to-reads.pdf
    • http://www.gorillawalker.com/green-capitalism-why-it-can-t-work.pdf
    • http://www.gorillawalker.com/avian-viruses-function-and-control.pdf
    • http://www.gorillawalker.com/black-white-photography-magazine-photo-masterclass-master-monochrome.pdf
    • http://www.gorillawalker.com/economics-of-regulation-and-antitrust.pdf
    • http://www.gorillawalker.com/200-budget-smart-home-plans-affordable-homes-from-902-to.pdf
    • http://www.gorillawalker.com/practice-your-comprehension-skills-3.pdf
    • http://www.gorillawalker.com/the-brother-of-jesus-and-the-lost-teachings-of-christianity.pdf
    • http://www.gorillawalker.com/derek-jeter-surefire-shortstop.pdf
    • http://www.gorillawalker.com/cellogirls-identity-and-transformation-in-2cellos-fan-culture.pdf
    • http://www.gorillawalker.com/ergodicity-and-stability-of-stochastic-processes.pdf
    • http://www.gorillawalker.com/abba-pater-an-inner-journey-mapped-out-by-key-speeches.pdf
    • http://www.gorillawalker.com/principles-of-chemistry-a-molecular-approach-2nd-edition-2nd-second.pdf
    • http://www.gorillawalker.com/la-infancia-y-su-desarollo-beginnings-beyond-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.