Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ad4134b546690d9…

MALICIOUS

PDF

42.2 KB Created: 2018-11-23 21:03:16 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: 0eedec44e56c055150b52731e43c239f SHA-1: 0c39f195cefd7519b90a785112cd46ffaddd7903 SHA-256: 9ad4134b546690d9cdd8d4bc705bcfba2fbcf3a90a4394548042cd63ad3c71e5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to potentially malicious content hosted on the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-hound-of-the-baskervilles-a-sherlock-holmes-novel-unabridged.pdf
    • http://www.gorillawalker.com/adriana-lecouvreur-act-ii-aria-mezzo-soprano-acerba-voluta-trombone.pdf
    • http://www.gorillawalker.com/world-class-contracting.pdf
    • http://www.gorillawalker.com/signs-point-to-yes-the-mason-braithwaite-paranormal-mystery-series.pdf
    • http://www.gorillawalker.com/the-glorious-vegetables-of-italy.pdf
    • http://www.gorillawalker.com/how-to-form-a-nonprofit-corporation-book-w-cd-rom.pdf
    • http://www.gorillawalker.com/coyote-at-the-kitchen-door-living-with-wildlife-in-suburbia.pdf
    • http://www.gorillawalker.com/silent-hill-prima-s-official-strategy-guide.pdf
    • http://www.gorillawalker.com/the-lives-and-opinions-of-eminent-philosophers.pdf
    • http://www.gorillawalker.com/the-fiberarts-design-book-ii.pdf
    • http://www.gorillawalker.com/am-i-the-only-sane-one-working-here-101-solutions.pdf
    • http://www.gorillawalker.com/saint-thomas-more-courage-conscience-and-the-king-encounter-the.pdf
    • http://www.gorillawalker.com/powerful-voices-the-musical-and-social-world-of-collegiate-a.pdf
    • http://www.gorillawalker.com/ricky.pdf
    • http://www.gorillawalker.com/iina-marja-s-day-from-dawn-to-dusk-in-lapland.pdf
    • http://www.gorillawalker.com/marcus-is-walking-scenes-from-the-road-acting-edition.pdf
    • http://www.gorillawalker.com/a-first-book-for-understanding-diabetes.pdf
    • http://www.gorillawalker.com/mcdougal-littell-literature-california-student-s-edition-grade-07-2009.pdf
    • http://www.gorillawalker.com/rally-round-the-flag-uniforms-of-the-union-volunteers-of.pdf
    • http://www.gorillawalker.com/west-b-flashcard-study-system-west-b-exam-practice-questions.pdf
    • http://www.gorillawalker.com/conan-meets-the-academy-multidisciplinary-essays-on-the-enduring-barbarian.pdf
    • http://www.gorillawalker.com/what-adults-need-to-know-about-kids-and-substance-use.pdf
    • http://www.gorillawalker.com/how-the-constitution-was-created-the-u-s-government-how.pdf
    • http://www.gorillawalker.com/encyclopedia-of-medieval-literature.pdf
    • http://www.gorillawalker.com/fun-with-the-lawyer-chocolates-and-cream-book-3.pdf
    • http://www.gorillawalker.com/espanol-en-marcha-basico-a1-a2-with-2-audio-cd.pdf
    • http://www.gorillawalker.com/beginning-digital-electronics-through-projects.pdf
    • http://www.gorillawalker.com/classic-set-theory-for-guided-independent-study-a-guided-introduction.pdf
    • http://www.gorillawalker.com/forty-fifth-georgia-regiment-volunteer-infantry-a-history.pdf
    • http://www.gorillawalker.com/bootstrap-tests-for-regression-models-palgrave-texts-in-econometrics.pdf
    • http://www.gorillawalker.com/bacterial-pangenomics-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-inboard-outdrives.pdf
    • http://www.gorillawalker.com/feather-woman-of-the-jungle.pdf
    • http://www.gorillawalker.com/old-soldier-sahib.pdf
    • http://www.gorillawalker.com/venganza-trakatr.pdf
    • http://www.gorillawalker.com/odds-ratios-in-the-analysis-of-contingency-tables-quantitative-applications.pdf
    • http://www.gorillawalker.com/messages-on-christian-science-series-4.pdf
    • http://www.gorillawalker.com/the-persian-cat.pdf
    • http://www.gorillawalker.com/the-midnight-twins-midnight-twins-novels.pdf
    • http://www.gorillawalker.com/melancholy-witness-images-of-the-troubles.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.