Malicious PDF — malware analysis report

Static analysis result for SHA-256 905ce1a7f8d67804…

MALICIOUS

PDF

41.4 KB Created: 2018-11-26 20:07:07 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: e77dd402dc299fa48b8291e7d25f7af9 SHA-1: 695527d8f9158df1220549ea3ffc458a6d4417aa SHA-256: 905ce1a7f8d678046fce663748d3ec1205efe4212b87b17ed8ae8c38a02a7cab
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be SEO manipulation or acting as a link farm, potentially redirecting users to malicious sites or hosting further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quake-pulse.pdf
    • http://www.gorillawalker.com/krzysztof-wodiczko-guests.pdf
    • http://www.gorillawalker.com/snuff-discworld-novels.pdf
    • http://www.gorillawalker.com/pacific-heights-marten-fane-series.pdf
    • http://www.gorillawalker.com/by-lonely-planet-lonely-planet-thailand-travel-guide-15th-fifteenth.pdf
    • http://www.gorillawalker.com/the-forgotten-village-kindle-edition.pdf
    • http://www.gorillawalker.com/pocket-quiz-book-3-bk-3.pdf
    • http://www.gorillawalker.com/turning-eighteen-and-the-law-a-complete-guide-to-your.pdf
    • http://www.gorillawalker.com/cold-steel-lakshmi-mittal-and-the-multi-billion-dollar-battle.pdf
    • http://www.gorillawalker.com/malta-and-gozo-leisure-map-holiday-maps.pdf
    • http://www.gorillawalker.com/rhetorical-bodies.pdf
    • http://www.gorillawalker.com/taylor-swift-speak-now-pvg-kindle-edition.pdf
    • http://www.gorillawalker.com/coral-reefs-first-library-what-are.pdf
    • http://www.gorillawalker.com/readings-in-st-john-s-gospel-st-martin-s-library.pdf
    • http://www.gorillawalker.com/ny-multiple-choice-questions-book.pdf
    • http://www.gorillawalker.com/indian-philosophy-since-independence.pdf
    • http://www.gorillawalker.com/herbal-antibiotics-secrets-how-to-use-herbal-medicine-to-prevent.pdf
    • http://www.gorillawalker.com/sin-and-redemption-bloom-s-literary-themes.pdf
    • http://www.gorillawalker.com/how-to-write-about-contemporary-art.pdf
    • http://www.gorillawalker.com/mail-order-brides-from-across-the-pond-to-their-ranchers.pdf
    • http://www.gorillawalker.com/the-gawgon-and-the-boy.pdf
    • http://www.gorillawalker.com/mothers-surviving-child-sexual-abuse.pdf
    • http://www.gorillawalker.com/the-official-patient-s-sourcebook-on-reflex-sympathetic-dystrophy-syndrome.pdf
    • http://www.gorillawalker.com/to-kill-a-mockingbird-student-packet-by-novel-units-inc.pdf
    • http://www.gorillawalker.com/tchaikovsky-ballet-music-bbc-music-guides-41.pdf
    • http://www.gorillawalker.com/photoshop-elements-13-in-easy-steps.pdf
    • http://www.gorillawalker.com/diverse-applications-of-wavelet-theory.pdf
    • http://www.gorillawalker.com/identification-and-classification-of-soil-and-rock-engineering-soundbites-kindle.pdf
    • http://www.gorillawalker.com/creative-pressure-cooking.pdf
    • http://www.gorillawalker.com/the-public-relations-practitioner-s-playbook-for-all-strategic-communicators.pdf
    • http://www.gorillawalker.com/beginning-math-and-physics-for-game-programmers.pdf
    • http://www.gorillawalker.com/market-wizards-interviews-with-top-traders.pdf
    • http://www.gorillawalker.com/don-t-leap-with-the-sheep-and-other-scriptural-strategies.pdf
    • http://www.gorillawalker.com/the-day-the-tide-kept-rising.pdf
    • http://www.gorillawalker.com/national-register-of-belgian-draft-horses-volume-1.pdf
    • http://www.gorillawalker.com/graduate-school-foreign-language-test-gsflt-german-german-admission-test.pdf
    • http://www.gorillawalker.com/500-essential-cult-movies-the-ultimate-guide.pdf
    • http://www.gorillawalker.com/fetal-anomalies-ultrasound-diagnosis-and-postnatal-management.pdf
    • http://www.gorillawalker.com/greece-for-tourists-the-traveler-s-guide-to-make-the.pdf
    • http://www.gorillawalker.com/mergers-and-acquisitions-from-a-to-z.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.