Malicious PDF — malware analysis report

Static analysis result for SHA-256 6c59366129927467…

MALICIOUS

PDF

33.9 KB Created: 2020-01-17 19:19:02 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.14)
MD5: 98cc9557a58c009bd94d67b86273ebe5 SHA-1: dc9fd78d224f557be923315d329d2aae84a2a0d7 SHA-256: 6c5936612992746705f17e55d4f1eebd49d612e97e0925b184fa273eaf351975
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to drive traffic to a specific domain, potentially for distributing further malware or phishing content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-complete-handbook-of-coaching.pdf
    • http://www.gorillawalker.com/the-end-of-manhood-a-book-for-men-of-conscience.pdf
    • http://www.gorillawalker.com/secrets-of-powerful-women-leading-change-for-a-new-generation.pdf
    • http://www.gorillawalker.com/writing-south-carolina-selections-from-the-first-annual-high-school.pdf
    • http://www.gorillawalker.com/orientation-to-the-counseling-profession-with-video-enhanced-pearson-etext.pdf
    • http://www.gorillawalker.com/historical-atlas-and-gazetteer.pdf
    • http://www.gorillawalker.com/the-social-behavior-of-the-bees-belknap-press.pdf
    • http://www.gorillawalker.com/vitreoretinal-surgery-of-the-injured-eye.pdf
    • http://www.gorillawalker.com/less-worry-more-life-preparing-for-weight-loss-surgery-what.pdf
    • http://www.gorillawalker.com/10-preludes-op-23-piano-solo.pdf
    • http://www.gorillawalker.com/strategic-advertising-campaigns-formulating-and-implementing-communications-campaigns-fourth-edition.pdf
    • http://www.gorillawalker.com/insight-amsterdam-insight-city-guide-amsterdam.pdf
    • http://www.gorillawalker.com/managing-business-relationships.pdf
    • http://www.gorillawalker.com/as-puck-would-have-it-charmed.pdf
    • http://www.gorillawalker.com/mel-bay-s-folk-melodies-for-recorder.pdf
    • http://www.gorillawalker.com/null-set.pdf
    • http://www.gorillawalker.com/a-shining-city-the-legacy-of-ronald-reagan.pdf
    • http://www.gorillawalker.com/dead-ringers-series-10-bbc-radio-collection.pdf
    • http://www.gorillawalker.com/the-highly-paid-expert-turn-your-passion-skills-and-talents.pdf
    • http://www.gorillawalker.com/transport-phenomena-of-foods-and-biological-materials-food-engineering-manufacturing.pdf
    • http://www.gorillawalker.com/unions-in-america.pdf
    • http://www.gorillawalker.com/venice-national-geographic-destination-city-map.pdf
    • http://www.gorillawalker.com/the-pursuit-of-perfection-and-how-it-harms-writers-wmg.pdf
    • http://www.gorillawalker.com/the-healing-presence.pdf
    • http://www.gorillawalker.com/copyright-answers.pdf
    • http://www.gorillawalker.com/rereading-america-cultural-contexts-for-critical-thinking-and-writing-fifth.pdf
    • http://www.gorillawalker.com/good-gardens-with-less-water-csiro-publishing-gardening-guides.pdf
    • http://www.gorillawalker.com/southern-cooking-cookbooks-southern-cooking-recipes-collection-of-the-best.pdf
    • http://www.gorillawalker.com/how-to-cook-delicious-thai-chicken-dishes-thai-food-recipes.pdf
    • http://www.gorillawalker.com/bruckner-te-deum-soli-chor-orchester-und-orgel-klavierauszug-vocal.pdf
    • http://www.gorillawalker.com/the-oona-king-diaries-house-music.pdf
    • http://www.gorillawalker.com/perfect-health-the-natural-way.pdf
    • http://www.gorillawalker.com/introduction-to-programming-with-c.pdf
    • http://www.gorillawalker.com/what-s-in-my-house.pdf
    • http://www.gorillawalker.com/dulce-base-the-truth-and-evidence-from-the-case-files.pdf
    • http://www.gorillawalker.com/nuclear-fuel-cycle-science-and-engineering-woodhead-publishing-series-in.pdf
    • http://www.gorillawalker.com/marketing-imagination-new-expanded-edition.pdf
    • http://www.gorillawalker.com/valentine-delights-cookbook-a-collection-of-valentine-s-day-recipes.pdf
    • http://www.gorillawalker.com/the-sex-sorcerer-s-apprentice-chapter-2-hard-work-fantasy.pdf
    • http://www.gorillawalker.com/the-golden-trail-the-story-of-the-klondike-rush.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.