Malicious PDF — malware analysis report

Static analysis result for SHA-256 79a073874c784cc3…

MALICIOUS

PDF

40.7 KB Created: 2018-11-14 08:16:34 +03:00 Authoring application: Pscript.dll Version 5.0 (via AFPL Ghostscript 8.50)
MD5: da453bdbffde7eccdf9f5cec9fafd719 SHA-1: 3977c8cce4c713c8ab15c14800e2e7552c87ba7d SHA-256: 79a073874c784cc3b521e9a8c654c7bd5f4dd4aaf74531a86c828d31a1faa467
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs likely serve as a link farm, potentially for SEO manipulation or to distribute additional malicious content, and are therefore considered the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jesting-pilate-travels-through-india-burma-malaya-japan-china-and.pdf
    • http://www.gorillawalker.com/yamaha-etude-and-exercise-book-for-trumpet-the-secrets-of.pdf
    • http://www.gorillawalker.com/rosencrantz-gildenstern-are-dead.pdf
    • http://www.gorillawalker.com/2-romanian-rhapsodies-op-11-rhapsody-no-2-in-d.pdf
    • http://www.gorillawalker.com/the-moon-the-new-solar-system.pdf
    • http://www.gorillawalker.com/empire-of-liberty-a-history-of-the-early-republic-1789.pdf
    • http://www.gorillawalker.com/the-year-in-sweden.pdf
    • http://www.gorillawalker.com/the-incas-ancient-peoples-and-places.pdf
    • http://www.gorillawalker.com/bareboat-charters-lloyd-s-shipping-law-library.pdf
    • http://www.gorillawalker.com/the-son-of-the-streets-kindle-edition.pdf
    • http://www.gorillawalker.com/scar-a-revolutionary-war-tale.pdf
    • http://www.gorillawalker.com/eu-integration-with-north-africa-trade-negotiations-and-democracy-deficits.pdf
    • http://www.gorillawalker.com/52-new-testament-sermon-starters-book-four-pulpit-helps-outline.pdf
    • http://www.gorillawalker.com/the-shacklands.pdf
    • http://www.gorillawalker.com/xxl-leseprobe-henny-walden-memoiren-einer-vergessenen-soubrette-german-edition.pdf
    • http://www.gorillawalker.com/victorian-family-save-all.pdf
    • http://www.gorillawalker.com/human-subjects-research-after-the-holocaust.pdf
    • http://www.gorillawalker.com/universal-philosophy.pdf
    • http://www.gorillawalker.com/light-and-color-straightforward-science.pdf
    • http://www.gorillawalker.com/the-public-health-quality-improvement-handbook.pdf
    • http://www.gorillawalker.com/direct-detection-ladar-systems-spie-tutorial-text-vol-tt85-tutorial.pdf
    • http://www.gorillawalker.com/bicycle-touring-colombia-guide-to-cycling-the-colombian-andes-kindle.pdf
    • http://www.gorillawalker.com/mr-r-s-math-poems.pdf
    • http://www.gorillawalker.com/lucky-s-collectors-guide-to-20th-century-yo-yos-history.pdf
    • http://www.gorillawalker.com/the-piano-guys-wonders-cello-play-along-volume-1-hal.pdf
    • http://www.gorillawalker.com/the-lotus-unleashed-the-buddhist-peace-movement-in-south-vietnam.pdf
    • http://www.gorillawalker.com/federal-reserve-is-not-a-federal-agency-kindle-edition.pdf
    • http://www.gorillawalker.com/on-writing-fiction-rethinking-conventional-wisdom-about-the-craft.pdf
    • http://www.gorillawalker.com/army-doctrine-publication-adp-3-07-stability-august-2012-kindle.pdf
    • http://www.gorillawalker.com/babewatch-bay-gender-transformation-erotica.pdf
    • http://www.gorillawalker.com/astronomy-a-visual-guide-visual-guides.pdf
    • http://www.gorillawalker.com/dictionary-of-entomology-plant-pathology-an-nematology.pdf
    • http://www.gorillawalker.com/contracts-cases-discussion-problems.pdf
    • http://www.gorillawalker.com/terror-and-apocalypse-psychological-undercurrents-of-history-volume-ii.pdf
    • http://www.gorillawalker.com/an-introduction-to-tropical-agriculture.pdf
    • http://www.gorillawalker.com/educating-intuition.pdf
    • http://www.gorillawalker.com/promise-to-keep-promises-book-2.pdf
    • http://www.gorillawalker.com/american-woodys.pdf
    • http://www.gorillawalker.com/zero-sum-game-russell-s-attic-volume-1.pdf
    • http://www.gorillawalker.com/frankie-and-johnny-in-the-claire-de-lune.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.