Malicious PDF — malware analysis report

Static analysis result for SHA-256 a49c32618a0d60a5…

MALICIOUS

PDF

43.0 KB Created: 2018-11-14 11:20:32 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: b1d994ceffb9bf0b1c392584c75c5700 SHA-1: b0367f3ff184c5e76aaa095c5df500721607fb90 SHA-256: a49c32618a0d60a509f20a7ca0bd9aeaf57a1947e56d160e2284a66abfe2187e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or SEO poisoning attack. The document body contains numerous URLs pointing to various PDF files on the same domain, likely serving as lures or redirects.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-book-of-boyhoods-chaucer-to-macdowell-1920.pdf
    • http://www.gorillawalker.com/reading-drills-introductory.pdf
    • http://www.gorillawalker.com/southern-insurgency-the-coming-of-the-global-working-class-wildcat.pdf
    • http://www.gorillawalker.com/the-sumerians.pdf
    • http://www.gorillawalker.com/the-culture-of-fashion-a-new-history-of-fashionable-dress.pdf
    • http://www.gorillawalker.com/lacanian-coordinates-from-the-logic-of-the-signifier-to-the.pdf
    • http://www.gorillawalker.com/on-the-road-again-travel-love-and-marriage.pdf
    • http://www.gorillawalker.com/chinese-system-of-natural-cures.pdf
    • http://www.gorillawalker.com/be-safe-self-defense-for-women-in-the-real-world.pdf
    • http://www.gorillawalker.com/how-would-a-patriot-act-defending-american-values-from-a.pdf
    • http://www.gorillawalker.com/programming-elastic-mapreduce-using-aws-services-to-build-an-end.pdf
    • http://www.gorillawalker.com/abcs-of-rifle-shooting.pdf
    • http://www.gorillawalker.com/every-single-woman-s-battle-guarding-your-heart-and-mind.pdf
    • http://www.gorillawalker.com/comprehensive-coronary-care-4e.pdf
    • http://www.gorillawalker.com/raising-poultry-on-pasture-ten-years-of-success.pdf
    • http://www.gorillawalker.com/the-study-abroad-truth-you-might-just-discover-yourself-what.pdf
    • http://www.gorillawalker.com/spanish-pronunciation-theory-and-practice.pdf
    • http://www.gorillawalker.com/international-perspectives-on-shojo-and-shojo-manga-the-influence-of.pdf
    • http://www.gorillawalker.com/where-oh-where-is-huggle-buggle-bear-picture-books-large.pdf
    • http://www.gorillawalker.com/ride-to-niagara-in-1809.pdf
    • http://www.gorillawalker.com/modelling-irregularly-spaced-financial-data-theory-and-practice-of-dynamic.pdf
    • http://www.gorillawalker.com/the-book-of-jasher-kindle-edition.pdf
    • http://www.gorillawalker.com/abc-time-tips.pdf
    • http://www.gorillawalker.com/defensive-environmentalists-and-the-dynamics-of-global-reform.pdf
    • http://www.gorillawalker.com/creating-noise-kindle-edition.pdf
    • http://www.gorillawalker.com/resource-use-and-management-geography-unit-resource-file-2-people.pdf
    • http://www.gorillawalker.com/the-final-alice.pdf
    • http://www.gorillawalker.com/aleman-para-los-negocios-aleman-practico-spanish-edition.pdf
    • http://www.gorillawalker.com/photo-reading-for-hong-kong.pdf
    • http://www.gorillawalker.com/house-of-robots-robots-go-wild.pdf
    • http://www.gorillawalker.com/fundamentals-of-behavioral-statistics.pdf
    • http://www.gorillawalker.com/a-place-for-frogs.pdf
    • http://www.gorillawalker.com/principles-of-seismology.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-the-silhouette-cameo-based-on-version.pdf
    • http://www.gorillawalker.com/by-bryan-peterson-understanding-flash-photography-how-to-shoot-great.pdf
    • http://www.gorillawalker.com/travels-from-st-petersburg-in-russia-to-diverse-parts-of.pdf
    • http://www.gorillawalker.com/meaningful-first-communion-liturgies-the-complete-planning-guide-for-catechists.pdf
    • http://www.gorillawalker.com/image-comics.pdf
    • http://www.gorillawalker.com/girls-a-to-z.pdf
    • http://www.gorillawalker.com/charles-bean-s-gallipoli-illustrated.pdf
    • http://www.gorillawalker.com/chinese-system-of-natural-c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.