Malicious PDF — malware analysis report

Static analysis result for SHA-256 90632d4ebf6d03b1…

MALICIOUS

PDF

42.6 KB Created: 2019-03-16 17:36:24 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: 6e81069d8bfa7d5e92d51d9ae9410722 SHA-1: f6281146c2404cf4b6e7728b8579eda0b682cdc1 SHA-256: 90632d4ebf6d03b157b7e7bbf343625436c793f8a4b52973b1c5e833609ec687
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/new-moon-book-one-of-the-oran-trilogy.pdf
    • http://www.gorillawalker.com/analytic-theory-of-continued-fractions.pdf
    • http://www.gorillawalker.com/beyond-the-bottom-line-the-producer-in-film-and-television.pdf
    • http://www.gorillawalker.com/south-of-bixby-bridge.pdf
    • http://www.gorillawalker.com/music-for-two-volume-2-for-flute-or-oboe-or.pdf
    • http://www.gorillawalker.com/flying-for-france-with-the-american-escadrille-at-verdun-dawn.pdf
    • http://www.gorillawalker.com/female-principals-eve-s-apples-paradise-gained-three-works-of.pdf
    • http://www.gorillawalker.com/impostor-a-variants-novel.pdf
    • http://www.gorillawalker.com/south-america-surprise-our-amazing-continents.pdf
    • http://www.gorillawalker.com/atomic-weight-of-secrets-or-the-arrival-of-the-mysterious.pdf
    • http://www.gorillawalker.com/immortals-of-meluha-the.pdf
    • http://www.gorillawalker.com/hadoop-for-dummies.pdf
    • http://www.gorillawalker.com/revelation-st-john-the-divine-prophecies-for-the-apocalypse-and.pdf
    • http://www.gorillawalker.com/little-preludes-and-fugues-dover-music-for-piano.pdf
    • http://www.gorillawalker.com/surviving-infidelity-making-decisions-recovering-from-the-pain-3rd-edition.pdf
    • http://www.gorillawalker.com/challenging-behavior-in-young-children-understanding-preventing-and-responding-effectively.pdf
    • http://www.gorillawalker.com/the-proper-care-and-feeding-of-husbands-and-marriages.pdf
    • http://www.gorillawalker.com/christmas-in-finland-christmas-around-the-world.pdf
    • http://www.gorillawalker.com/the-international-criminal-court-an-introduction-springerbriefs-in-law.pdf
    • http://www.gorillawalker.com/sonya-s-chickens.pdf
    • http://www.gorillawalker.com/delicious-bite-size.pdf
    • http://www.gorillawalker.com/humboldt-s-gift.pdf
    • http://www.gorillawalker.com/hand-book-for-central-europe-or-guide-for-tourists-through.pdf
    • http://www.gorillawalker.com/findley-s-lass-the-clan-macdougall-series-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/meaning-of-meaning.pdf
    • http://www.gorillawalker.com/waking-the-buddha-how-the-most-dynamic-and-empowering-buddhist.pdf
    • http://www.gorillawalker.com/bright-angel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-values-based-safety-process-improving-your-safety-culture-with.pdf
    • http://www.gorillawalker.com/st-rker-ges-nder-sch-ner-der-weg-zum-ultimativen.pdf
    • http://www.gorillawalker.com/delivery-system-handbook-for-personal-care-and-cosmetic-products-technology.pdf
    • http://www.gorillawalker.com/immunologie-f.pdf
    • http://www.gorillawalker.com/the-fifth-victim.pdf
    • http://www.gorillawalker.com/history-of-christian-dogma.pdf
    • http://www.gorillawalker.com/after-twenty-years.pdf
    • http://www.gorillawalker.com/piano-concerto-op-2-full-score-a1296.pdf
    • http://www.gorillawalker.com/michelin-california-regional-road-atlas-and-travel-guide.pdf
    • http://www.gorillawalker.com/cholesterol-control-without-diet.pdf
    • http://www.gorillawalker.com/weatherby-the-man-the-gun-the-legend.pdf
    • http://www.gorillawalker.com/aviation-firsts-336-questions-and-answers-dover-transportation.pdf
    • http://www.gorillawalker.com/electroncs-and-phonons-the-theory-of-transport-phenomena-in-solids.pdf
    • http://www.gorillawalker.com/music-for-two-volume-2-for-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.