Malicious PDF — malware analysis report

Static analysis result for SHA-256 9c5e821a62984d88…

MALICIOUS

PDF

45.4 KB Created: 2018-11-22 08:02:23 +03:00 Authoring application: dvips(k) 5.90a Copyright 2002 Radical Eye Software (via AFPL Ghostscript 8.53)
MD5: 29b0559c9de36fc8a7b966b3209f68d4 SHA-1: 070b5aaea4ed53004442e433bbf5b314e09a55c9 SHA-256: 9c5e821a62984d88ff6dc824b1496e8541fbb7c438aba868b5af56aebae27836
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, potentially used for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pumpkin-roll-a-culinary-mystery-book-6-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/colum-s-viking-captivity-iv-trial-by-combat-gay-viking.pdf
    • http://www.gorillawalker.com/helping-america-s-homeless-emergency-shelter-or-affordable-housing.pdf
    • http://www.gorillawalker.com/china-to-peru-over-the-andes-a-journey-through-south.pdf
    • http://www.gorillawalker.com/jewelry-designs-from-nature-woodlands-gardens-sea-art-bead-jewelry.pdf
    • http://www.gorillawalker.com/dermatology-urticaria-skin-diseases-book-19-kindle-edition.pdf
    • http://www.gorillawalker.com/fmla-protects-worker-with-ulcer-fired-for-absenteeism-family-and.pdf
    • http://www.gorillawalker.com/the-heart-masters-blue-book-a-programme-for-the-promotion.pdf
    • http://www.gorillawalker.com/3-hags-in-1-the-misadventures-of-the-laundry-hag.pdf
    • http://www.gorillawalker.com/misreading-masculinity-boys-literacy-and-popular-culture.pdf
    • http://www.gorillawalker.com/foundations-of-higher-mathematics.pdf
    • http://www.gorillawalker.com/traditional-acupuncture-the-law-of-the-five-elements.pdf
    • http://www.gorillawalker.com/legally-hotwife-working-off-my-husband-s-mob-debt.pdf
    • http://www.gorillawalker.com/the-official-overstreet-indian-arrowheads-identification-and-price-guide-7th.pdf
    • http://www.gorillawalker.com/idiot-s-guides-project-management-sixth-edition.pdf
    • http://www.gorillawalker.com/west-side-story-piano-solo-selections.pdf
    • http://www.gorillawalker.com/wings-bromeliad-trilogy-the-bromeliad-trilogy.pdf
    • http://www.gorillawalker.com/a-stata-companion-to-political-analysis.pdf
    • http://www.gorillawalker.com/saudi-syrian-verbal-war-an-article-from-aps-diplomat-redrawing.pdf
    • http://www.gorillawalker.com/god-made-families-baby-faith.pdf
    • http://www.gorillawalker.com/sergeant-major-mejasky.pdf
    • http://www.gorillawalker.com/the-power-of-consistency-prosperity-mindset-training-for-sales-and.pdf
    • http://www.gorillawalker.com/art-after-philosophy-boris-pasternak-s-early-prose.pdf
    • http://www.gorillawalker.com/how-to-understand-the-sacred-scriptures.pdf
    • http://www.gorillawalker.com/ni-hao-kai-lan-the-dragon-dance.pdf
    • http://www.gorillawalker.com/moonkid-and-liberty-gemini-books-toronto-ont.pdf
    • http://www.gorillawalker.com/la-evaluaci-n-del-mobbing-c-mo-peritar-el-acoso.pdf
    • http://www.gorillawalker.com/making-a-real-killing-rocky-flats-and-the-nuclear-west.pdf
    • http://www.gorillawalker.com/food-nutrition-and-diet-therapy-a-textbook-of-nutritional-care.pdf
    • http://www.gorillawalker.com/forming-a-successful-business-partnership-the-9-things-you-must.pdf
    • http://www.gorillawalker.com/pioneer-on-a-mountain-bike-eight-days-through-early-american.pdf
    • http://www.gorillawalker.com/ready-to-use-reading-and-writing-silhouettes-95-different-copyright.pdf
    • http://www.gorillawalker.com/coins-of-england-the-united-kingdom-2015.pdf
    • http://www.gorillawalker.com/ginger-baker-hellraiser-the-autobiography-of-the-world-s-greatest.pdf
    • http://www.gorillawalker.com/legal-evolution-the-story-of-an-idea.pdf
    • http://www.gorillawalker.com/shooting-range-photography-the-great-war.pdf
    • http://www.gorillawalker.com/telephone-address-book-large-print-for-seniors.pdf
    • http://www.gorillawalker.com/badminton-steps-to-success-2nd-edition-steps-to-success-activity.pdf
    • http://www.gorillawalker.com/discovering-the-americas-the-evolution-of-canadian-foreign-policy-towards.pdf
    • http://www.gorillawalker.com/preparing-for-marriage-what-to-do-before-and-after-the.pdf
    • http://www.gorillawalker.com/jewelry-designs-from-nature-woodla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.