Malicious PDF — malware analysis report

Static analysis result for SHA-256 87d2a897740b7131…

MALICIOUS

PDF

41.9 KB Created: 2019-03-17 08:18:01 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.07)
MD5: b5a0f6dbd41dcad3104481fd38cd94d0 SHA-1: 9984f826ee0816a05db247ea66f743192ae53c1e SHA-256: 87d2a897740b71310a4e0166d5fb3ccc46d5d9b15d946b16ebe36f02f714db3a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, suggesting a link farm or a deceptive lure. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing pretext.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-battle-for-saudi-arabia-royalty-fundamentalism-and-global-power.pdf
    • http://www.gorillawalker.com/abnormal-psychology-custom-publication.pdf
    • http://www.gorillawalker.com/history-of-the-calendar-in-different-countries-through-the-ages.pdf
    • http://www.gorillawalker.com/fascism.pdf
    • http://www.gorillawalker.com/heaven-and-earth-are-not-humane-the-problem-of-evil.pdf
    • http://www.gorillawalker.com/black-moon-lilith.pdf
    • http://www.gorillawalker.com/the-romance-of-william-of-palerne.pdf
    • http://www.gorillawalker.com/profitable-menu-planning-4th-edition.pdf
    • http://www.gorillawalker.com/defensive-line-techniques-and-drills-from-the-43-defense-part.pdf
    • http://www.gorillawalker.com/alleluia-alleluia-christ-is-risen-sheet-music-masterwork-of-patrick.pdf
    • http://www.gorillawalker.com/the-poets-dante-twentieth-century-responses.pdf
    • http://www.gorillawalker.com/the-knight-the-lady-and-the-priest-the-making-of.pdf
    • http://www.gorillawalker.com/senior-citizens-word-search-puzzle-book-volume-1.pdf
    • http://www.gorillawalker.com/textbook-of-clinical-echocardiography-5e-endocardiography.pdf
    • http://www.gorillawalker.com/perioperative-organ-protection-a-society-of-cardiovascular-anesthesiologists-monograph.pdf
    • http://www.gorillawalker.com/the-library.pdf
    • http://www.gorillawalker.com/the-book-of-gad-the-seer-bulgarian-translation-bulgarian-edition.pdf
    • http://www.gorillawalker.com/national-series-of-choral-music-education-and-choral-conducting-concise.pdf
    • http://www.gorillawalker.com/the-kids-book-of-questions-revised-for-the-new-century.pdf
    • http://www.gorillawalker.com/passion-in-paradise-duo-2-in-1-box-set-of.pdf
    • http://www.gorillawalker.com/the-official-abms-directory-of-board-certified-medical-specialists-2011.pdf
    • http://www.gorillawalker.com/nutrition-nutrition-2007-national-health-professional-and-technical-qualification-examinations.pdf
    • http://www.gorillawalker.com/look-up-florida-walking-tours-of-12-towns-in-the.pdf
    • http://www.gorillawalker.com/1000-americans.pdf
    • http://www.gorillawalker.com/online-social-networks-technology-360.pdf
    • http://www.gorillawalker.com/the-real-thing-coke-s-bumpy-ride-through-india.pdf
    • http://www.gorillawalker.com/engineering-design-principles.pdf
    • http://www.gorillawalker.com/the-easy-seventies-fake-book-fake-books-paperback-2005-author.pdf
    • http://www.gorillawalker.com/yes-we-have-no-neutrons-an-eye-opening-tour-through.pdf
    • http://www.gorillawalker.com/the-renunciation-unesco-collection-of-representative-works.pdf
    • http://www.gorillawalker.com/bold-brave-a-heroic-resource-for-genrediversion-3e.pdf
    • http://www.gorillawalker.com/guide-for-the-new-zealand-traveller-in-britain.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-led-zeppelin-rough-guide-reference.pdf
    • http://www.gorillawalker.com/tre-cantate-napoletane-the-critical-edition-of-the-works-of.pdf
    • http://www.gorillawalker.com/beginning-bridge-ii-bridge-with-patty.pdf
    • http://www.gorillawalker.com/utilitarianism-library-of-liberal-arts-edition.pdf
    • http://www.gorillawalker.com/throne-of-jade-temeraire-book-2.pdf
    • http://www.gorillawalker.com/the-oxford-encyclopedia-of-the-modern-islamic-world-4-volume.pdf
    • http://www.gorillawalker.com/world-authors-series-e-t-a-hoffmann-twayne-s-world.pdf
    • http://www.gorillawalker.com/christian-paths-to-health-and-wellness-2nd-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.