Malicious PDF — malware analysis report

Static analysis result for SHA-256 75ec2484168c05bd…

MALICIOUS

PDF

42.4 KB Created: 2018-11-30 20:31:37 +03:00 Authoring application: - (via GPL Ghostscript 8.70)
MD5: cd314bc659d0bb67201ee576e2ef70b8 SHA-1: d02f9d2804c68e88af8c9e3ad722a30ad92dc2e3 SHA-256: 75ec2484168c05bd5678961e549711fa6ec509af465badf4273e6039447f69bd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious or unwanted content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/addresses-delivered-at-the-twenty-seventh-annual-meeting-of-the.pdf
    • http://www.gorillawalker.com/resolver-conflictos-y-alcanzar-acuerdos-c-mo-plantear-la-negociaci.pdf
    • http://www.gorillawalker.com/the-golden-room-a-practical-guide-for-death-with-dignity.pdf
    • http://www.gorillawalker.com/handmade-modern.pdf
    • http://www.gorillawalker.com/reclaiming-participation-christ-as-god-s-life-for-all.pdf
    • http://www.gorillawalker.com/the-unofficial-downton-abbey-cookbook-from-lady-mary-s-crab.pdf
    • http://www.gorillawalker.com/the-measurement-of-moral-judgement-volume-2-standard-issue-scoring.pdf
    • http://www.gorillawalker.com/fit-at-last-look-and-feel-better-once-and-for.pdf
    • http://www.gorillawalker.com/a-daybook-of-positive-thinking-daily-affirmations-of-gratitude-and.pdf
    • http://www.gorillawalker.com/great-smokies-from-natural-habitat-to-national-park.pdf
    • http://www.gorillawalker.com/both-sides-of-the-line-the-true-story-of-a.pdf
    • http://www.gorillawalker.com/the-spook-s-battle-book-4-the-wardstone-chronicles.pdf
    • http://www.gorillawalker.com/corporate-responses-to-hiv-aids-case-studies-from-india.pdf
    • http://www.gorillawalker.com/jaelle-her-book.pdf
    • http://www.gorillawalker.com/mastering-pandas.pdf
    • http://www.gorillawalker.com/adrenaline-2001-the-year-s-best-stories-of-adventure-and.pdf
    • http://www.gorillawalker.com/volpone-spanish-edition.pdf
    • http://www.gorillawalker.com/men-against-fire-the-problem-of-battle-command-in-future.pdf
    • http://www.gorillawalker.com/modern-history-of-hong-kong-a-1841-1997-kindle-edition.pdf
    • http://www.gorillawalker.com/the-tiananmen-papers.pdf
    • http://www.gorillawalker.com/engineering-fundamentals-an-introduction-to-engineering-activate-learning-with-these.pdf
    • http://www.gorillawalker.com/radicals-portraits-of-a-destructive-passion-by-david-horowitz-sep.pdf
    • http://www.gorillawalker.com/captain-beefheart.pdf
    • http://www.gorillawalker.com/between-cultures-tensions-in-the-struggle-for-recognition.pdf
    • http://www.gorillawalker.com/eyes-of-emerald.pdf
    • http://www.gorillawalker.com/aci-350-5-12-specifications-for-environmental-concrete-structures-kindle.pdf
    • http://www.gorillawalker.com/marie-curie-groundbreakers.pdf
    • http://www.gorillawalker.com/beyond-the-sapphire-gate.pdf
    • http://www.gorillawalker.com/student-laboratory-workbook-for-statistics-the-art-and-science-of.pdf
    • http://www.gorillawalker.com/die-kompatibilit-t-islamischer-staatsauffassungen-mit-der-freiheitlich-demokratischen-grundordnung.pdf
    • http://www.gorillawalker.com/introduction-to-fourier-optics-mcgraw-hill-physical-and-quantum-electronics.pdf
    • http://www.gorillawalker.com/calculo-conceptos-y-contextos-una-variable-spanish-edition.pdf
    • http://www.gorillawalker.com/another-asia-rabindranath-tagore-and-okakura-tenshin-oxford-india-paperbacks.pdf
    • http://www.gorillawalker.com/legal-medicine.pdf
    • http://www.gorillawalker.com/life-america-the-beautiful-a-photographic-journey-coast-to-coast.pdf
    • http://www.gorillawalker.com/plumbing-basics-basics-series.pdf
    • http://www.gorillawalker.com/portland-city-map.pdf
    • http://www.gorillawalker.com/glee-music-from-the-fox-television-show-big-note-piano.pdf
    • http://www.gorillawalker.com/knights-and-castles-first-look-at-history.pdf
    • http://www.gorillawalker.com/the-russian-social-democratic-labour-party-1899-1904-documents-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.