Malicious PDF — malware analysis report

Static analysis result for SHA-256 858c88171918b07e…

MALICIOUS

PDF

46.7 KB Created: 2018-12-15 20:19:47 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 32c1c9c692abed282c976b3d2373164c SHA-1: ec12ba769636c6d32491fd6191ce5c9dd36e799c SHA-256: 858c88171918b07e7feed922bb6114efead949e9c7a80b865a8b0320e5819b41
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary purpose appears to be to direct users to a vast collection of other PDF documents hosted on the same domain, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/learn-to-play-guitar-with-metallica-cherry-lane.pdf
    • http://www.gorillawalker.com/san-antonio-s-spanish-missions-a-portrait.pdf
    • http://www.gorillawalker.com/disney-animated-2012-weekly-animotion-calendar.pdf
    • http://www.gorillawalker.com/the-complete-book-of-self-sufficiency.pdf
    • http://www.gorillawalker.com/life-under-the-jolly-roger-reflections-on-golden-age-piracy.pdf
    • http://www.gorillawalker.com/perspectives-in-colon-and-rectal-surgery-volume-10-number-2.pdf
    • http://www.gorillawalker.com/tee-an-interactive-board-review-on-cd-rom.pdf
    • http://www.gorillawalker.com/current-sources-and-voltage-references-a-design-reference-for-electronics.pdf
    • http://www.gorillawalker.com/warman-s-world-coins-field-guide-values-identification-warmans-guides.pdf
    • http://www.gorillawalker.com/the-creation-of-the-world-and-other-business.pdf
    • http://www.gorillawalker.com/rethinking-gender-crime-and-justice-feminist-perspectives.pdf
    • http://www.gorillawalker.com/acts-of-war-behavior-of-men-in-battle.pdf
    • http://www.gorillawalker.com/get-into-medical-school-600-ukcat-practice-questions-includes-full.pdf
    • http://www.gorillawalker.com/the-way-it-was-old-world-italian-recipes-for-new.pdf
    • http://www.gorillawalker.com/hyperactive-the-controversial-history-of-adhd.pdf
    • http://www.gorillawalker.com/playbill-s-and-popcorn.pdf
    • http://www.gorillawalker.com/the-life-of-st-patrick-enlightener-of-the-irish.pdf
    • http://www.gorillawalker.com/the-ethnic-cleansing-of-palestine.pdf
    • http://www.gorillawalker.com/created-in-their-image-evangelical-protestantism-in-antigua-and-barbados.pdf
    • http://www.gorillawalker.com/swords-sorcery-and-sundry-edges-embers-one.pdf
    • http://www.gorillawalker.com/slaine-runequest.pdf
    • http://www.gorillawalker.com/cult-movies-3-50-more-of-the-classics-the-sleepers.pdf
    • http://www.gorillawalker.com/the-ripper-point.pdf
    • http://www.gorillawalker.com/philadelphia-s-outdoor-art-a-walking-tour.pdf
    • http://www.gorillawalker.com/no-need-for-speed-a-beginner-s-guide-to-the.pdf
    • http://www.gorillawalker.com/relaunch-5-keys-to-getting-past-stuck-and-stress-at.pdf
    • http://www.gorillawalker.com/human-resources-management-in-the-hospitality-industry.pdf
    • http://www.gorillawalker.com/daniel-menaker-sa-good-talk-the-story-and-skill-of.pdf
    • http://www.gorillawalker.com/complete-billy-the-fish-yearbook.pdf
    • http://www.gorillawalker.com/going-underground-your-guide-to-caves-in-the-mid-atlantic.pdf
    • http://www.gorillawalker.com/citizen-jefferson-the-wit-and-wisdom-of-an-american-sage.pdf
    • http://www.gorillawalker.com/learn-to-burn-a-step-by-step-guide-to-getting.pdf
    • http://www.gorillawalker.com/how-does-earth-work-and-environmental-science-for-environmental-management.pdf
    • http://www.gorillawalker.com/touching-from-a-distance-ian-curtis-and-joy-division.pdf
    • http://www.gorillawalker.com/book-of-world-records-2002-scholastic-book-of-world-records.pdf
    • http://www.gorillawalker.com/the-autoimmune-paleo-plan-a-revolutionary-protocol-to-rapidly-decrease.pdf
    • http://www.gorillawalker.com/microbiology-with-diseases-by-taxonomy-books-a-la-carte-edition.pdf
    • http://www.gorillawalker.com/harry-styles-every-piece-of-me.pdf
    • http://www.gorillawalker.com/the-complete-liebeslieder-and-zigeunerlieder-for-four-solo-voices-and.pdf
    • http://www.gorillawalker.com/haunted-puffin-sleuth-novels.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.