Malicious PDF — malware analysis report

Static analysis result for SHA-256 8da805a193a5c2f2…

MALICIOUS

PDF

42.9 KB Created: 2019-03-17 06:59:34 +03:00 Authoring application: GPL Ghostscript 8.64 (via Adobe PDF Library 8.0)
MD5: a14842bb19a2ebc16c3cead7c1117d66 SHA-1: e17ccffc2c717d8ad30d07cc8c67e8c413aa7614 SHA-256: 8da805a193a5c2f2825a50fdf4e87493ec910d31f6f10cf93dff00d00d3a8dea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links all point to PDFs hosted on www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to a large number of external resources, potentially for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ren-e-green-ongoing-becomings1989-2009.pdf
    • http://www.gorillawalker.com/unbreakable-the-seven-pillars-of-a-kingdom-family.pdf
    • http://www.gorillawalker.com/melt-rheology-and-its-role-in-plastics-processing-theory-and.pdf
    • http://www.gorillawalker.com/implementing-cisco-ios-network-security-iins-640-554-foundation-learning.pdf
    • http://www.gorillawalker.com/building-literacy-in-secondary-content-area-classrooms.pdf
    • http://www.gorillawalker.com/liberal-directions-basil-dearden-and-postwar-british-film-culture.pdf
    • http://www.gorillawalker.com/enough-already-a-guide-to-recovery-from-alcohol-and-drug.pdf
    • http://www.gorillawalker.com/britannia-eagles-of-the-empire-14.pdf
    • http://www.gorillawalker.com/drills-exercises-for-pool-and-pocket-billiard-table-layouts-to.pdf
    • http://www.gorillawalker.com/god-cares-a-colouring-book-bible-art.pdf
    • http://www.gorillawalker.com/liang-and-lin-partners-in-exploring-china-s-architectural-past.pdf
    • http://www.gorillawalker.com/the-official-patient-s-sourcebook-on-dracunculiasis-a-revised-and.pdf
    • http://www.gorillawalker.com/the-aa-explorer-guide-to-ireland.pdf
    • http://www.gorillawalker.com/spy-satellites-the-library-of-satellites.pdf
    • http://www.gorillawalker.com/annual-editions-aging-12-13.pdf
    • http://www.gorillawalker.com/book-review-the-book-thief-unofficial-kindle-edition.pdf
    • http://www.gorillawalker.com/loving-evangeline.pdf
    • http://www.gorillawalker.com/riders-down-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-dalai-lama-and-the-emperor-of-china-a-political.pdf
    • http://www.gorillawalker.com/gestalt-therapy-verbatim-an-action-approach-to-deepening-awareness-and.pdf
    • http://www.gorillawalker.com/modern-worship-hymns.pdf
    • http://www.gorillawalker.com/inspirational-hymns-for-flute-book-cd.pdf
    • http://www.gorillawalker.com/cave-and-cosmos-shamanic-encounters-with-another-reality.pdf
    • http://www.gorillawalker.com/human-papillomavirus-a-practical-guide-for-urologists.pdf
    • http://www.gorillawalker.com/super-delicious-mediterranean-one-dish-recipes-latest-collection-top-30.pdf
    • http://www.gorillawalker.com/the-return-of-alexis-urban-vampire-volume-3.pdf
    • http://www.gorillawalker.com/easyfinder-norfolk-rand-mcnally-easyfinder.pdf
    • http://www.gorillawalker.com/the-circle-cast-the-lost-years-of-morgan-le-fay.pdf
    • http://www.gorillawalker.com/cracking-the-programming-interview-2000-java-questions-answers-concepts-problems.pdf
    • http://www.gorillawalker.com/bridge-club-player-s-quiz-book.pdf
    • http://www.gorillawalker.com/reiki-ii-spanish-edition.pdf
    • http://www.gorillawalker.com/best-customers-demographics-of-consumer-demand-10th-edition.pdf
    • http://www.gorillawalker.com/tsunami-kolowalu-book.pdf
    • http://www.gorillawalker.com/david-busch-s-guide-to-canon-flash-photography-david-busch.pdf
    • http://www.gorillawalker.com/the-bambino-and-me.pdf
    • http://www.gorillawalker.com/epic-escape.pdf
    • http://www.gorillawalker.com/foo-fighters-essential-interviews-1995-1997.pdf
    • http://www.gorillawalker.com/the-man-who-saved-sea-turtles-archie-carr-and-the.pdf
    • http://www.gorillawalker.com/thandor-gay-barbarian-fantasy-captured-by-the-hannoth-barbarians.pdf
    • http://www.gorillawalker.com/katy-duck-makes-a-friend-ready-to-reads.pdf
    • http://www.gorillawalker.com/liberal-directions-basil-dea
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.