Malicious PDF — malware analysis report

Static analysis result for SHA-256 92503b61bbf6eff4…

MALICIOUS

PDF

42.4 KB Created: 2019-03-17 06:41:29 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 057e2bc8301d6302966d399679bd0ed3 SHA-1: d16d4579b0bb0e51966c1820fc366e93bb524a6e SHA-256: 92503b61bbf6eff45a850d0ff41c0f7ad330e06b05b710101ad9713b4dafb172
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/curating-sochi-city-notebook-for-sochi-russia-a-d-i.pdf
    • http://www.gorillawalker.com/local-function-spaces-heat-and-navier-stokes-equations-ems-tracts.pdf
    • http://www.gorillawalker.com/the-legacy-of-fairbairn-and-sutherland-psychotherapeutic-applications.pdf
    • http://www.gorillawalker.com/psychology-themes-and-variations-9th-edition.pdf
    • http://www.gorillawalker.com/unearthing-business-requirements-elicitation-tools-and-techniques-business-analysis-essential.pdf
    • http://www.gorillawalker.com/johann-fischart-s-geschichtklitterung-a-study-of-the-narrator-and.pdf
    • http://www.gorillawalker.com/handbook-of-plant-based-biofuels.pdf
    • http://www.gorillawalker.com/makeup-skin-care-10-year-old-magic-reset-beauty-negative.pdf
    • http://www.gorillawalker.com/israel-countries-of-the-world.pdf
    • http://www.gorillawalker.com/base-66-a-story-of-fear-fun-and-freefall.pdf
    • http://www.gorillawalker.com/new-faces-of-the-fur-trade-selected-papers-of-the.pdf
    • http://www.gorillawalker.com/digital-nature-photography-closeup.pdf
    • http://www.gorillawalker.com/captured-on-film.pdf
    • http://www.gorillawalker.com/icelandic-bird-guide-appearance-way-of-life-habitat.pdf
    • http://www.gorillawalker.com/city-a-guidebook-for-the-urban-age.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-tuscany-umbria-5-rough-guide-travel.pdf
    • http://www.gorillawalker.com/zola-and-the-victorians-fit-for-swine.pdf
    • http://www.gorillawalker.com/gospel-figures-in-art-guide-to-imagery-paperback-common-paperback.pdf
    • http://www.gorillawalker.com/a-first-course-in-coding-theory-oxford-applied-mathematics-and.pdf
    • http://www.gorillawalker.com/die-steuerabgrenzung-im-handelsrechtlichen-jahresabschlu-ein-beitrag-zu-der-systematischen.pdf
    • http://www.gorillawalker.com/grimm-fairy-tales-presents-helsing.pdf
    • http://www.gorillawalker.com/big-bear-ball.pdf
    • http://www.gorillawalker.com/when-to-exchange-in-chess.pdf
    • http://www.gorillawalker.com/baja-california-sur-historia-breve-historias-breves-spanish-edition.pdf
    • http://www.gorillawalker.com/plastic-and-reconstructive-surgery-of-the-eye-and-adnexa.pdf
    • http://www.gorillawalker.com/lung-transplantation-pipeline-review-q1-2011-download-pdf-digital.pdf
    • http://www.gorillawalker.com/awake-josh-groban.pdf
    • http://www.gorillawalker.com/management-accounting-for-the-sugar-cane-industry-sugar-series.pdf
    • http://www.gorillawalker.com/fairy-tale-pieces-op-113-kalmus-edition.pdf
    • http://www.gorillawalker.com/u-s-coast-guard-cutters-military-vehicles.pdf
    • http://www.gorillawalker.com/the-papers-of-francis-bernard-governor-of-colonial-massachusetts-1760.pdf
    • http://www.gorillawalker.com/pop-goes-the-weasel-detective-inspector-helen-grace.pdf
    • http://www.gorillawalker.com/tim-burton-an-unauthorized-biography-of-the-filmmaker.pdf
    • http://www.gorillawalker.com/the-watchdog-new-zealand-s-audit-office-1840-to-2008.pdf
    • http://www.gorillawalker.com/espresso-coffee-second-edition-the-science-of-quality.pdf
    • http://www.gorillawalker.com/bethany-the-ballet-fairy-dance-fairies-series-1-by-daisy.pdf
    • http://www.gorillawalker.com/the-living-goddesses.pdf
    • http://www.gorillawalker.com/aan-den-hoogleeraar-siegenbeek-over-de-vocaalverdubbeling-in-het-nederduitsch.pdf
    • http://www.gorillawalker.com/reading-the-web-strategies-for-internet-inquiry-solving-problems-in.pdf
    • http://www.gorillawalker.com/sensors-update-vol-5.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.