Malicious PDF — malware analysis report

Static analysis result for SHA-256 73ce6d5534b2c0c5…

MALICIOUS

PDF

46.4 KB Created: 2018-11-21 22:13:42 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: 6f318a867780df27d58e6a3d5a8dab6e SHA-1: 909fec012a637cfe0b15ef070b09531907afeb34 SHA-256: 73ce6d5534b2c0c561fdd054edd6d912dd8a81fbdf9cc40b50487ba46ddd609e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. The embedded URLs point to a single domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7752

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/das-wissen-der-weltb.pdf
    • http://www.gorillawalker.com/armed-helicopters-vol-2-atlas-of-the-world-s-aircraft.pdf
    • http://www.gorillawalker.com/the-nut-gourmet-delicious-plant-based-recipes-valuable-nutritional-information.pdf
    • http://www.gorillawalker.com/standard-methods-for-examination-of-water-wastewater-standard-methods-for.pdf
    • http://www.gorillawalker.com/complex-stochastic-systems-chapman-hall-crc-monographs-on-statistics-applied.pdf
    • http://www.gorillawalker.com/philippines-night-free-travel-cosmic-mook-japanese-edition-isbn-10.pdf
    • http://www.gorillawalker.com/what-s-in-the-southeast-all-around-the-u-s.pdf
    • http://www.gorillawalker.com/the-anglican-story-in-ghana-from-mission-beginnings-to-province.pdf
    • http://www.gorillawalker.com/the-a-z-of-food-safety.pdf
    • http://www.gorillawalker.com/arc-welding-a-basic-manual-of-instruction.pdf
    • http://www.gorillawalker.com/avancemos-lesson-review-bookmarks-levels-1b-1-spanish-edition.pdf
    • http://www.gorillawalker.com/logolounge-8-2-000-international-identities-by-leading-designers.pdf
    • http://www.gorillawalker.com/malocclusion-an-entry-from-thomson-gale-s-gale-encyclopedia-of.pdf
    • http://www.gorillawalker.com/the-beginnings-of-modern-gendered-discourse-in-late-eighteenth-century.pdf
    • http://www.gorillawalker.com/links-of.pdf
    • http://www.gorillawalker.com/intermittent-fasting-made-simple-how-to-build-muscle-and-burn.pdf
    • http://www.gorillawalker.com/rheology-and-fracture-mechanics-of-foods.pdf
    • http://www.gorillawalker.com/cheetahs-abdo-kids-big-cats.pdf
    • http://www.gorillawalker.com/salt-tectonics.pdf
    • http://www.gorillawalker.com/brief-history-of-cuba.pdf
    • http://www.gorillawalker.com/skizzen-aus-ecuador-dem-vi-deutschen-geographentage-gewidmet-german-edition.pdf
    • http://www.gorillawalker.com/kundalini-discover-the-secret-wealth-of-energy-in-your-body.pdf
    • http://www.gorillawalker.com/private-security-and-public-safety-a-community-based-approach.pdf
    • http://www.gorillawalker.com/german-seed-in-texas-soil-immigrant-farmers-in-nineteenth-century.pdf
    • http://www.gorillawalker.com/the-social-self-in-zen-and-american-pragmatism-suny-series.pdf
    • http://www.gorillawalker.com/discover-the-amazon-the-world-s-largest-rainforest-discover-your.pdf
    • http://www.gorillawalker.com/herbs-to-soothe-your-nerves-everybody-s-home-herbal.pdf
    • http://www.gorillawalker.com/schumann-a-chorus-of-voices.pdf
    • http://www.gorillawalker.com/learning-from-conflict-the-u-s-military-in-vietnam-el.pdf
    • http://www.gorillawalker.com/by-design-or-by-chance-the-growing-controversy-on-the.pdf
    • http://www.gorillawalker.com/diagnostic-pathology-placenta-1e.pdf
    • http://www.gorillawalker.com/the-mufti-of-jerusalem-al-hajj-amin-al-husayni-and.pdf
    • http://www.gorillawalker.com/tools-techniques-for-character-interpretation-a-handbook-of-psychology-for.pdf
    • http://www.gorillawalker.com/the-whole-fromage-adventures-in-the-delectable-world-of-french.pdf
    • http://www.gorillawalker.com/manual-on-uniform-traffic-control-devices-for-streets-and-highways.pdf
    • http://www.gorillawalker.com/studies-in-the-zohar-suny-series-in-contemporary-continental-philosophy.pdf
    • http://www.gorillawalker.com/oxygen-first-aid-for-scuba-diving-injuries-student-handbook-dan.pdf
    • http://www.gorillawalker.com/the-liberating-image-the-imago-dei-in-genesis-1.pdf
    • http://www.gorillawalker.com/more-math-games-activities-from-around-the-world.pdf
    • http://www.gorillawalker.com/ironic-freedom-personal-choice-public-policy-and-the-paradox-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.