Malicious PDF — malware analysis report

Static analysis result for SHA-256 85e8ed55366ee613…

MALICIOUS

PDF

46.2 KB Created: 2018-12-07 18:29:45 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.14)
MD5: 4e4273f441b2d29d6b23da3faaa88cbc SHA-1: b0a362dfa6599299682420ec20e4507762f806b7 SHA-256: 85e8ed55366ee6136e9d3d7867d43f38812ecfcaf32edff667cbed9021d585cf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear user-facing text, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/business-law-for-business-men-a-reference-book-for-daily.pdf
    • http://www.gorillawalker.com/living-by-chemistry-fire-preliminary-edition-student-guide.pdf
    • http://www.gorillawalker.com/the-toyota-way-to-lean-leadership-achieving-and-sustaining-excellence.pdf
    • http://www.gorillawalker.com/cucumber-e-rspec-construa-aplica-es-ruby-com-testes-e.pdf
    • http://www.gorillawalker.com/bdsm-collection-2-3-books-oral-exam-taken-by-a.pdf
    • http://www.gorillawalker.com/catalogue-of-an-exhibition-illustrative-of-a-centenary-of-atristic.pdf
    • http://www.gorillawalker.com/passages-level-1-workbook.pdf
    • http://www.gorillawalker.com/the-solar-system-astronomy-astrophysics-library.pdf
    • http://www.gorillawalker.com/haskalah-the-romantic-movement-in-judaism-key-words-in-jewish.pdf
    • http://www.gorillawalker.com/concise-introduction-to-statistical-mechanics-and-thermodynamics.pdf
    • http://www.gorillawalker.com/ntc-s-super-mini-common-american-phrases.pdf
    • http://www.gorillawalker.com/the-homeric-epics-and-the-gospel-of-mark.pdf
    • http://www.gorillawalker.com/baptist-spirituality-a-call-for-renewed-attentiveness-to-god.pdf
    • http://www.gorillawalker.com/essential-criminology.pdf
    • http://www.gorillawalker.com/what-a-wonderful-world.pdf
    • http://www.gorillawalker.com/sonate-for-solo-clarinet-op-110-sigrid-karg-elert.pdf
    • http://www.gorillawalker.com/nelly-sachs-im-kontext-eine-schwester-kafkas-beihefte-zum-euphorion.pdf
    • http://www.gorillawalker.com/zenzile-a-child-of-africa.pdf
    • http://www.gorillawalker.com/game-of-thrones-in-memoriam-digital.pdf
    • http://www.gorillawalker.com/riverine-a-brown-water-sailor-in-the-delta-1967.pdf
    • http://www.gorillawalker.com/black-swamp-farm.pdf
    • http://www.gorillawalker.com/6-german-dances-k-600-bassoon-1-part-qty-4.pdf
    • http://www.gorillawalker.com/festivals-of-the-buddha-living-festivals.pdf
    • http://www.gorillawalker.com/long-term-preservation-of-digital-documents-principles-and-practices.pdf
    • http://www.gorillawalker.com/the-spirit-of-prophecy-a-groundbreaking-new-analysis-of-the.pdf
    • http://www.gorillawalker.com/spanish-conversation-book-for-beginners-i-ii-spanish-dialogues-spanish.pdf
    • http://www.gorillawalker.com/enchanted-august-a-novel.pdf
    • http://www.gorillawalker.com/behind-closed-doors-2-voyeurism-exhibitionism-suspense-romance-the-model.pdf
    • http://www.gorillawalker.com/rent-it-up-four-steps-to-unlocking-the-profit-potential.pdf
    • http://www.gorillawalker.com/musculoskeletal-imaging-oxford-specialist-handbooks-in-radiology.pdf
    • http://www.gorillawalker.com/the-limits-of-liberty-american-history-1607-1992-short-oxford.pdf
    • http://www.gorillawalker.com/noah-noah-what-ll-we-do-group-s-foldover-bible.pdf
    • http://www.gorillawalker.com/new-england-a-fall-foliage-adventure.pdf
    • http://www.gorillawalker.com/farce-a-history-from-aristophanes-to-woody-allen.pdf
    • http://www.gorillawalker.com/an-anatomy-of-sino-japanese-disputes-and-u-s-involvement.pdf
    • http://www.gorillawalker.com/being-harnessed-3-seductive-stablemates-kindle-edition.pdf
    • http://www.gorillawalker.com/the-imaging-of-tropical-diseases-with-epidemiological-pathological-and-clinical.pdf
    • http://www.gorillawalker.com/nystce-last-liberal-arts-and-sciences-test-001-teacher-certification.pdf
    • http://www.gorillawalker.com/killer-history-a-gruesome-and-grisly-trip-through-the-past.pdf
    • http://www.gorillawalker.com/a-lawyer-writes-a-practical-guide-to-legal-analysis.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.