Malicious PDF — malware analysis report

Static analysis result for SHA-256 a2f5bc62fcc9f7c5…

MALICIOUS

PDF

45.3 KB Created: 2019-03-17 10:24:25 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: 7cb1350bc555075b03bde520817e8e9b SHA-1: 9942593fba59a6db1ed5c62dce48ca6bbd301ff8 SHA-256: a2f5bc62fcc9f7c52e4592ce336431d54b93a5b5ade7245762c38ab608aed795
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links point to various PDF documents on the domain 'gorillawalker.com'. The sheer volume of these links suggests a coordinated effort, likely for SEO manipulation or to serve as a distribution point for further malicious content, rather than legitimate document content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/disruption-management-in-airline-operations-control-designing-a-multi-agent.pdf
    • http://www.gorillawalker.com/deficits-debts-and-demographics-three-fundamentals-affecting-our-long-term.pdf
    • http://www.gorillawalker.com/his-needs-her-needs-audiobook-cd-unabridged-publisher-revell-unabridged.pdf
    • http://www.gorillawalker.com/the-theatre-of-the-holocaust-volume-1-four-plays.pdf
    • http://www.gorillawalker.com/the-cable-car-book.pdf
    • http://www.gorillawalker.com/seeing-god-through-the-ordinary-lenten-devotions-kindle-edition.pdf
    • http://www.gorillawalker.com/data-modeling-made-simple-a-practical-guide-for-business-information.pdf
    • http://www.gorillawalker.com/alicia-en-el-pa-s-de-las-maravillas-ilustrado-nueva.pdf
    • http://www.gorillawalker.com/people-politics-and-child-welfare-in-british-columbia.pdf
    • http://www.gorillawalker.com/the-agronomy-and-economy-of-turmeric-and-ginger-the-invaluable.pdf
    • http://www.gorillawalker.com/fields-of-battle-terrain-in-military-history-geojournal-library.pdf
    • http://www.gorillawalker.com/great-groups-no-turning-lg.pdf
    • http://www.gorillawalker.com/elizabeth-bathory.pdf
    • http://www.gorillawalker.com/the-violent-years-prohibition-and-the-detroit-mobs.pdf
    • http://www.gorillawalker.com/the-princeton-companion-to-mathematics.pdf
    • http://www.gorillawalker.com/cognitive-linguistics-basic-readings-mouton-reader.pdf
    • http://www.gorillawalker.com/comparative-governments-and-politics-including-case-studies-of-britain-brazil.pdf
    • http://www.gorillawalker.com/sap-bw-ultimate-interview-questions-answers-and-explanations-sap-bw.pdf
    • http://www.gorillawalker.com/dark-eyes-doctor-who.pdf
    • http://www.gorillawalker.com/le-5-leggi-biologiche-la-pelle-e-le-allergie-cutanee.pdf
    • http://www.gorillawalker.com/scientific-aspects-of-dental-materials.pdf
    • http://www.gorillawalker.com/electronic-structure-and-optical-properties-of-semiconductors-springer-series-in.pdf
    • http://www.gorillawalker.com/concise-eurocode-for-the-design-of-concrete-buildings.pdf
    • http://www.gorillawalker.com/the-syntax-of-french-cambridge-syntax-guides.pdf
    • http://www.gorillawalker.com/brc-global-standards-for-consumer-products-issue-3.pdf
    • http://www.gorillawalker.com/sheer-city-young-naked-women-mila-evans-is-the-babe.pdf
    • http://www.gorillawalker.com/cinderella-or-cyberella-empowering-women-in-the-knowledge-society.pdf
    • http://www.gorillawalker.com/sermons-for-revival.pdf
    • http://www.gorillawalker.com/postcards-from-the-boys.pdf
    • http://www.gorillawalker.com/medical-billing-networks-and-processes-profitable-and-compliant-revenue-cycle.pdf
    • http://www.gorillawalker.com/choosing-books-for-children-a-commonsense-guide.pdf
    • http://www.gorillawalker.com/science-in-the-kitchen.pdf
    • http://www.gorillawalker.com/amar-pode-dar-certo.pdf
    • http://www.gorillawalker.com/constricted-beyond-the-brothel-walls.pdf
    • http://www.gorillawalker.com/atlantis-revelation.pdf
    • http://www.gorillawalker.com/rock-s-dream-a-picture-book-for-children-which-encourages.pdf
    • http://www.gorillawalker.com/atrapa-el-pez-dorado-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/holistic-anatomy-an-integrative-guide-to-the-human-body.pdf
    • http://www.gorillawalker.com/the-ecstasy-of-loving-god-trances-raptures-and-the-supernatural.pdf
    • http://www.gorillawalker.com/brunner-s-carnal-delights.pdf
    • http://www.gorillawalker.com/his-needs-her-needs-audiobook-cd-unabridg
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.