Malicious PDF — malware analysis report

Static analysis result for SHA-256 a211795d854eb044…

MALICIOUS

PDF

43.1 KB Created: 2018-11-15 02:40:17 +03:00 Authoring application: ESP Ghostscript 815.02
MD5: 3459435815a9600119e5e8ba612ff062 SHA-1: ecc6365d3b556d7aa2cdad710ddcc1d2ed12eee8 SHA-256: a211795d854eb044533d4ba08fbf4bd8e27e7e1d09e49b44844c3f2b22903c8c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or redirection attack designed to drive traffic to a specific set of sites. No scripts were extracted from this sample, and the document body was unreadable. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-philip-d-harvey-schizophrenia-in-late-life-aging-effects.pdf
    • http://www.gorillawalker.com/coves-of-maidencombe-a-field-guide-to-the-stretch-of.pdf
    • http://www.gorillawalker.com/british-intelligence-in-the-second-world-war-volume-2-its.pdf
    • http://www.gorillawalker.com/boston-jane-an-adventure.pdf
    • http://www.gorillawalker.com/making-changes-a-practical-guide-to-vernacular-harmony.pdf
    • http://www.gorillawalker.com/arabic-graffiti-paperback-edition.pdf
    • http://www.gorillawalker.com/the-skylark-s-song-sheet-music.pdf
    • http://www.gorillawalker.com/twelfth-night-shakespeare-made-easy-shakespeare-made-easy-study-guides.pdf
    • http://www.gorillawalker.com/rattling-chains-and-other-stories-for-children-ruido-de-cadenas.pdf
    • http://www.gorillawalker.com/fosse.pdf
    • http://www.gorillawalker.com/technical-analysis-explained-fifth-edition-the-successful-investor-s-guide.pdf
    • http://www.gorillawalker.com/power-politics-and-pentecostals-in-latin-america.pdf
    • http://www.gorillawalker.com/tiny-surrealism-salvador-dal-and-the-aesthetics-of-the-small.pdf
    • http://www.gorillawalker.com/cinema-state-socialism-and-society-in-the-soviet-union-and.pdf
    • http://www.gorillawalker.com/step-forward-intro-student-book-with-audio-cd-and-workbook.pdf
    • http://www.gorillawalker.com/complete-transformers-ark.pdf
    • http://www.gorillawalker.com/cross-selling-success-a-rainmaker-s-guide-to-professional-account.pdf
    • http://www.gorillawalker.com/interpretations-of-probability.pdf
    • http://www.gorillawalker.com/center-stage-bassoon.pdf
    • http://www.gorillawalker.com/looking-for-normal-acting-edition.pdf
    • http://www.gorillawalker.com/the-haunted-a-sarah-roberts-thriller-book-12-kindle-edition.pdf
    • http://www.gorillawalker.com/passing-strange-the-complete-book-and-lyrics-of-the-broadway.pdf
    • http://www.gorillawalker.com/negro-americans-in-the-civil-war-from-slavery-to-citizenship.pdf
    • http://www.gorillawalker.com/plastic-surgery-a-problem-based-approach.pdf
    • http://www.gorillawalker.com/nutrition-education-in-medical-schools-hearing-before-the-subcommittee-on.pdf
    • http://www.gorillawalker.com/safety-plays-endplays-card-play-made-easy-v-1.pdf
    • http://www.gorillawalker.com/valentino-a-dream-of-desire.pdf
    • http://www.gorillawalker.com/drop-of-dreams.pdf
    • http://www.gorillawalker.com/by-italian-seas.pdf
    • http://www.gorillawalker.com/the-story-of-christianity.pdf
    • http://www.gorillawalker.com/the-avengers.pdf
    • http://www.gorillawalker.com/vuelo-del-quetzal-puertas-al-sol.pdf
    • http://www.gorillawalker.com/horse-movement-structure-function-and-rehabilitation.pdf
    • http://www.gorillawalker.com/enhanced-oil-recovery-ii-processes-and-operations-developments-in-petroleum.pdf
    • http://www.gorillawalker.com/principios-de-electricidad-y-electr-nica-tomo-iii-spanish-edition.pdf
    • http://www.gorillawalker.com/what-s-your-story-using-stories-to-ignite-performance-and.pdf
    • http://www.gorillawalker.com/child-custody-doing-what-is-best-for-your-kids-find.pdf
    • http://www.gorillawalker.com/song-of-moon-pony.pdf
    • http://www.gorillawalker.com/electron-microscopy-in-viral-diagnosis.pdf
    • http://www.gorillawalker.com/understanding-psychology-interactive-student-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.