Malicious PDF — malware analysis report

Static analysis result for SHA-256 79a9b93c192f8ac0…

MALICIOUS

PDF

42.7 KB Created: 2019-01-06 08:12:18 +03:00 Authoring application: dvips(k) 5.90a Copyright 2002 Radical Eye Software (via AFPL Ghostscript 8.53)
MD5: 9d3199c55c2e64b32af77e7ff18dd89a SHA-1: 3cc9ca1193338116ff785e0a730d4eb63cf05f58 SHA-256: 79a9b93c192f8ac0e7ba4a12eff3585f2c650f543f7f7dc9e2dd9b450a6d3d8e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary purpose appears to be SEO manipulation or to serve as a landing page for numerous potentially malicious or unwanted links, rather than delivering a direct payload within the PDF itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/suddenly-dominatrix-my-secret-life-as-a-private-bdsm-mistress.pdf
    • http://www.gorillawalker.com/easy-keyboard-harmony-book-4-level-5-schaum-publications-easy.pdf
    • http://www.gorillawalker.com/the-1910s-from-world-war-i-to-ragtime-music-decades.pdf
    • http://www.gorillawalker.com/fodor-s-new-york-city-s-25-best-8th-edition.pdf
    • http://www.gorillawalker.com/linux-administration-a-beginner-s-guide-fifth-edition.pdf
    • http://www.gorillawalker.com/los-funerales-de-la-mam-grande-spanish-edition.pdf
    • http://www.gorillawalker.com/the-dragon-and-the-apprentice-book-one-of-the-chronicles.pdf
    • http://www.gorillawalker.com/the-kid-of-coney-island-fred-thompson-and-the-rise.pdf
    • http://www.gorillawalker.com/so-u-r-in-love-with-porn.pdf
    • http://www.gorillawalker.com/photo-poetics-an-anthology.pdf
    • http://www.gorillawalker.com/angles-et-grandeur-d-euclide-a-kamal-al-din-al.pdf
    • http://www.gorillawalker.com/neonatology-7th-edition-neonatology-gomella-kindle-edition.pdf
    • http://www.gorillawalker.com/lo-specchio-passion-italian-edition.pdf
    • http://www.gorillawalker.com/wireless-markup-language-wml-scripting-and-programming-using-wml-chtml.pdf
    • http://www.gorillawalker.com/5-step-toefl-prep-for-chinese-speakers-volume-3.pdf
    • http://www.gorillawalker.com/high-school-environmental-science-2011-workbook-grade-11.pdf
    • http://www.gorillawalker.com/richard-burton-a-life.pdf
    • http://www.gorillawalker.com/andreas-capellanus-on-love-paperduck.pdf
    • http://www.gorillawalker.com/the-way-to-the-west-essays-on-the-central-plains.pdf
    • http://www.gorillawalker.com/how-to-start-a-men-s-choir-classic-reprint.pdf
    • http://www.gorillawalker.com/the-boxcar-children-collection-volume-8-the-animal-shelter-mystery.pdf
    • http://www.gorillawalker.com/laboratory-manual-in-physical-geology-plus-masteringgeology-with-etext-access.pdf
    • http://www.gorillawalker.com/aviation-maintenance-technician-series-airframe-volume-1-structures-textbook-hard.pdf
    • http://www.gorillawalker.com/transvestism-masculinity-and-latin-american-literature-genders-share-flesh.pdf
    • http://www.gorillawalker.com/hermann-zapf-and-his-design-philosophy.pdf
    • http://www.gorillawalker.com/alimentacion-alcalina-spanish-edition.pdf
    • http://www.gorillawalker.com/150-ecg-problems-4e.pdf
    • http://www.gorillawalker.com/rainforest-home-remedies-the-maya-way-to-heal-your-body.pdf
    • http://www.gorillawalker.com/how-to-buy-your-perfect-wedding-dress.pdf
    • http://www.gorillawalker.com/introduction-to-feedback-control.pdf
    • http://www.gorillawalker.com/mozart-s-magnificent-voyage-with-cd-audio-classical-kids.pdf
    • http://www.gorillawalker.com/demon-possession-papers-presented-at-the-university-of-notre-dame.pdf
    • http://www.gorillawalker.com/the-moorchild.pdf
    • http://www.gorillawalker.com/old-chinese-a-new-reconstruction.pdf
    • http://www.gorillawalker.com/the-new-mcdougall-cookbook.pdf
    • http://www.gorillawalker.com/badwater-self-guiding-auto-tour.pdf
    • http://www.gorillawalker.com/multi-grade-readers-theatre-picture-book-authors-and-illustrators.pdf
    • http://www.gorillawalker.com/king-pin-wifeys-vol-1-series-1-4-kingpin-wifeys.pdf
    • http://www.gorillawalker.com/workouts-and-turnarounds-the-handbook-of-restructuring-and-investing-in.pdf
    • http://www.gorillawalker.com/solutions-manual-for-introduction-to-optical-fiber-communications-systems-solutions.pdf
    • http://www.gorillawalker.com/so-u-r-in-l
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.