Malicious PDF — malware analysis report

Static analysis result for SHA-256 92dc8afadd77d7e0…

MALICIOUS

PDF

33.8 KB Created: 2020-02-08 18:29:20 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 98d647898adc42cfda1755511c999df2 SHA-1: 066d337a79d8b881083405a611828f8cd9583851 SHA-256: 92dc8afadd77d7e027763c2263ff3e2985bafc15b701360923a103b1e9f81383
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute potentially malicious content via numerous external links hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/guide-to-strategic-infrastructure-security.pdf
    • http://www.gorillawalker.com/under-the-bodhi-tree-pupils-book-a-story-of-the.pdf
    • http://www.gorillawalker.com/pathfinder-flip-mat-classics-ship.pdf
    • http://www.gorillawalker.com/nature-notebook.pdf
    • http://www.gorillawalker.com/slow-boat-to-china-the-personal-diaries-and-letters-of.pdf
    • http://www.gorillawalker.com/el-elefante-spanish-edition.pdf
    • http://www.gorillawalker.com/clays-of-yellowstone-national-park.pdf
    • http://www.gorillawalker.com/saving-dallas-making-the-cut-book-2.pdf
    • http://www.gorillawalker.com/dogs-of-myth-tales-from-around-the-world.pdf
    • http://www.gorillawalker.com/as-she-likes-it-shakespeare-s-unruly-women-gender-in.pdf
    • http://www.gorillawalker.com/tropical-conservation-biology.pdf
    • http://www.gorillawalker.com/gifts-in-a-jar-holiday-fun.pdf
    • http://www.gorillawalker.com/earthquake-discoveries-in-seismology.pdf
    • http://www.gorillawalker.com/random-maintenance-policies-springer-series-in-reliability-engineering.pdf
    • http://www.gorillawalker.com/olive-oil-free-gift-ebook-inside-how-it-heals-and.pdf
    • http://www.gorillawalker.com/fifa-imperium-dutch-edition.pdf
    • http://www.gorillawalker.com/argentina-foreign-policy-and-government-guide.pdf
    • http://www.gorillawalker.com/my-red-pencil-my-first-reading-books-spanish-edition.pdf
    • http://www.gorillawalker.com/typing-teach-yourself-business-professional.pdf
    • http://www.gorillawalker.com/crazy-about-words.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-for-dummies.pdf
    • http://www.gorillawalker.com/ase-online-testprep-steering-and-suspension-a4-access-card.pdf
    • http://www.gorillawalker.com/gnostic-apocalypse-jacob-boehme-s-haunted-narrative.pdf
    • http://www.gorillawalker.com/hal-leonard-the-story-of-paul-bigsby-father-of-the.pdf
    • http://www.gorillawalker.com/how-did-we-find-out-about-numbers.pdf
    • http://www.gorillawalker.com/who-built-that-awe-inspiring-stories-of-american-tinkerpreneurs.pdf
    • http://www.gorillawalker.com/personal-foul-coach-joe-moore-vs-the-university-of-notre.pdf
    • http://www.gorillawalker.com/development-of-the-australian-standard-definition-of-child-adolescent-overweight.pdf
    • http://www.gorillawalker.com/what-life-should-mean-to-you.pdf
    • http://www.gorillawalker.com/railroad-of-death.pdf
    • http://www.gorillawalker.com/wild-weather-see-in-3-d.pdf
    • http://www.gorillawalker.com/to-err-is-human-building-a-safer-health-system.pdf
    • http://www.gorillawalker.com/vienna-1900-architecture-and-design.pdf
    • http://www.gorillawalker.com/dark-angel-it-s-payback-time-attente-dans-les-ombres.pdf
    • http://www.gorillawalker.com/three-dimensional-imaging-visualization-and-display-2015-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/embodied-encounters-new-approaches-to-psychoanalysis-and-cinema.pdf
    • http://www.gorillawalker.com/not-a-tame-lion-a-lent-course-based-on-the.pdf
    • http://www.gorillawalker.com/mountain-biking-in-the-bay-area-south-from-san-francisco.pdf
    • http://www.gorillawalker.com/art-of-coloring-coloring-books-for-adults-volume-2.pdf
    • http://www.gorillawalker.com/spode-and-copeland-marks-and-other-relevant-intelligence-hardcover.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.