Malicious PDF — malware analysis report

Static analysis result for SHA-256 7712487360ebea16…

MALICIOUS

PDF

41.9 KB Created: 2019-03-17 08:23:09 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 1d846ca0e1f7096841e80c74388ec717 SHA-1: d6e3502e0e1637dcb6a57551ee7f69c4f2718977 SHA-256: 7712487360ebea1651acfa4bc25d92c865f636b7bc8c44047684020fe90c0a75
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/with-love-stan-a-soldier-s-letters-from-vietnam-to.pdf
    • http://www.gorillawalker.com/you-write-they-pay-how-to-build-a-thriving-writing.pdf
    • http://www.gorillawalker.com/herzegovina-a-guided-journey-through.pdf
    • http://www.gorillawalker.com/book-alone-chronic-illness-in-canada-impact-and-intervention.pdf
    • http://www.gorillawalker.com/air-war-over-southeast-asia-a-pictorial-record-vol-1.pdf
    • http://www.gorillawalker.com/encyclopedia-of-positive-questions-volume-i-using-appreciative-inquiry-to.pdf
    • http://www.gorillawalker.com/carrots-and-sticks-kevin-and-kell-the-eighth-collection.pdf
    • http://www.gorillawalker.com/selected-poems-of-giuseppe-ungaretti.pdf
    • http://www.gorillawalker.com/word-search-grade-1-home-workbooks.pdf
    • http://www.gorillawalker.com/enterprise-information-management-volume-ii.pdf
    • http://www.gorillawalker.com/schl-sselwerke-der-organisationsforschung-german-edition.pdf
    • http://www.gorillawalker.com/s-a-l-t-pepper-hank-davis-recipe-for-success.pdf
    • http://www.gorillawalker.com/collector-s-originality-guide-triumph-tr2-tr3-tr4-tr5-tr6.pdf
    • http://www.gorillawalker.com/practical-volume-holography-oxford-engineering-science-series.pdf
    • http://www.gorillawalker.com/the-life-of-senna-the-biography-of-ayrton-senna.pdf
    • http://www.gorillawalker.com/micheliana-the-monster-treats.pdf
    • http://www.gorillawalker.com/gazetteer-of-the-kohat-district-1883-84.pdf
    • http://www.gorillawalker.com/english-direct-teaching-book-level-3.pdf
    • http://www.gorillawalker.com/original-sins-the-crime-writers-association-anthology.pdf
    • http://www.gorillawalker.com/understanding-international-art-markets-and-management.pdf
    • http://www.gorillawalker.com/deification-and-grace-introductions-to-catholic-doctrine.pdf
    • http://www.gorillawalker.com/eat-green-being-green.pdf
    • http://www.gorillawalker.com/michelin-must-sees-new-york-michelin-must-sees-new-york.pdf
    • http://www.gorillawalker.com/classroom-strategies-for-helping-at-risk-students.pdf
    • http://www.gorillawalker.com/giants-and-trolls.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-interactive-audio-oxford-handbooks.pdf
    • http://www.gorillawalker.com/miya-black-pirate-princess-i-adventure-dawns-kindle-edition.pdf
    • http://www.gorillawalker.com/the-beginner-s-guide-to-counselling-psychotherapy.pdf
    • http://www.gorillawalker.com/complete-method-for-clarinet.pdf
    • http://www.gorillawalker.com/learning-arcgis-10-2-basics.pdf
    • http://www.gorillawalker.com/aviation-maintenance-practices-korean-edition.pdf
    • http://www.gorillawalker.com/meeting-of-the-minds-a-guide-to-successful-meeting-facilitation.pdf
    • http://www.gorillawalker.com/our-immune-system.pdf
    • http://www.gorillawalker.com/fiber-optics-technology-and-applications-applications-of-communications-theory.pdf
    • http://www.gorillawalker.com/the-thorney-annals-963-1412-a-d-an-edition-and.pdf
    • http://www.gorillawalker.com/the-german-army-1939-45-4-eastern-front-1943-45.pdf
    • http://www.gorillawalker.com/las-casas-romanticas-de-la-toscana-spanish-edition.pdf
    • http://www.gorillawalker.com/the-five-people-you-meet-in-heaven.pdf
    • http://www.gorillawalker.com/doozers-catch-a-ride-ready-to-reads.pdf
    • http://www.gorillawalker.com/le-morte-d-arthur-volume-1-and-2-king-arthur.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.