Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ceeecbc33c1f7f1…

MALICIOUS

PDF

42.7 KB Created: 2018-12-07 18:27:35 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: ff1d7031f50155a6e803d9fedefdbaa6 SHA-1: 80ae939a861da566ebb300567fb316c39e80955b SHA-256: 7ceeecbc33c1f7f1c465511efcc5497d43e3f4e9f72fc5122d4cc7bd381d023d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to distribute or obscure malicious content by linking to numerous seemingly innocuous documents. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. While no specific payload is directly executed from this PDF, its function as a link farm is a common distribution method.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-best-of-francis-poulenc-in-twenty-pieces-for-piano.pdf
    • http://www.gorillawalker.com/you-are-my-wish.pdf
    • http://www.gorillawalker.com/calculus-analytic-geometry-volume-2-3rd-edition.pdf
    • http://www.gorillawalker.com/dicey-and-morris-on-the-conflict-of-laws.pdf
    • http://www.gorillawalker.com/the-korean-war-twentieth-century-wars.pdf
    • http://www.gorillawalker.com/transport-phenomena-in-biological-systems-2nd-edition-2nd-second-edition.pdf
    • http://www.gorillawalker.com/2011-dream-gardens-calendar-calendar.pdf
    • http://www.gorillawalker.com/tam-o-the-scoots.pdf
    • http://www.gorillawalker.com/conan-volume-6-hand-of-nergal-conan-dark-horse.pdf
    • http://www.gorillawalker.com/the-dictionary-of-forestry.pdf
    • http://www.gorillawalker.com/hidden-left-behind-the-young-trib-force-book-3-kindle.pdf
    • http://www.gorillawalker.com/nanotechnology-and-tissue-engineering-the-scaffold.pdf
    • http://www.gorillawalker.com/classic-tales-elementary-1-aladdin-little-mermaid-audio-cd.pdf
    • http://www.gorillawalker.com/outside-25-classic-tales-and-new-voices-from-the-frontiers.pdf
    • http://www.gorillawalker.com/the-thomas-guide-2006-king-county-washington-street-guide-king.pdf
    • http://www.gorillawalker.com/the-beatles-hunter-davies.pdf
    • http://www.gorillawalker.com/rabbit-food.pdf
    • http://www.gorillawalker.com/godzilla-king-of-the-movie-monsters-an-illustrated-guide-to.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-groove-book-cd.pdf
    • http://www.gorillawalker.com/starting-with-locke.pdf
    • http://www.gorillawalker.com/op-amp-circuits-and-principles.pdf
    • http://www.gorillawalker.com/el-estatuto-biol-gico-y-ontol-gico-del-embri-n.pdf
    • http://www.gorillawalker.com/levers-useful-machines.pdf
    • http://www.gorillawalker.com/disrespectfully-yours.pdf
    • http://www.gorillawalker.com/communication-applications.pdf
    • http://www.gorillawalker.com/japanese-visual-culture-explorations-in-the-world-of-manga-and.pdf
    • http://www.gorillawalker.com/the-notebook.pdf
    • http://www.gorillawalker.com/iec-60072-3-ed-1-0-b-1994-dimensions-and.pdf
    • http://www.gorillawalker.com/intravitreal-steroids.pdf
    • http://www.gorillawalker.com/environment-technology-justification.pdf
    • http://www.gorillawalker.com/christian-platonism-of-simone-weil.pdf
    • http://www.gorillawalker.com/meat-market-for-the-soul-life-lessons-from-the-butcher.pdf
    • http://www.gorillawalker.com/die-br-cke-von-alc-ntara-roman-german-edition.pdf
    • http://www.gorillawalker.com/san-diego.pdf
    • http://www.gorillawalker.com/taking-daily-foot-temperatures-prevents-ulcers-clinical-rounds-an-article.pdf
    • http://www.gorillawalker.com/topics-in-industrial-mathematics-case-studies-and-related-mathematical-methods.pdf
    • http://www.gorillawalker.com/switzerland-culture-smart-the-essential-guide-to-customs-culture.pdf
    • http://www.gorillawalker.com/modern-refrigeration-and-air-conditioning-laboratory-manual-18th-eighteenth-edition.pdf
    • http://www.gorillawalker.com/intermediaries-in-the-criminal-justice-system-improving-communication-for-vulnerable.pdf
    • http://www.gorillawalker.com/implementing-technology-solutions-in-libraries-techniques-tools-and-tips-from.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.