Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4e0d292cb5b38aa…

MALICIOUS

PDF

42.6 KB Created: 2018-12-08 04:07:36 +03:00 Authoring application: ESP Ghostscript 815.02
MD5: 7185e2a288c910591ca8de8c3612aa1f SHA-1: d1602f4c18b7a5f792fef1dd9595dd9ee7360b37 SHA-256: a4e0d292cb5b38aa57d5e3d5a5bde33fd7ee77d44b2167d2c64374cbff06e325
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs all point to the same domain, suggesting a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/advances-in-biomedical-science-and-engineering.pdf
    • http://www.gorillawalker.com/st-patrick-s-day-dia-de-san-patricio-powerkids-readers.pdf
    • http://www.gorillawalker.com/tighe-of-rosanna-co-wicklow-the-gentry-aristocracy-of-co.pdf
    • http://www.gorillawalker.com/greening-auto-jobs-a-critical-analysis-of-the-green-job.pdf
    • http://www.gorillawalker.com/how-steeple-sinderby-wanderers-won-the-fa-cup-prion-humor.pdf
    • http://www.gorillawalker.com/the-camera-my-mother-gave-me.pdf
    • http://www.gorillawalker.com/poland-european-maps-german-edition.pdf
    • http://www.gorillawalker.com/the-bowler-s-art-understanding-spin-swing-and-swerve.pdf
    • http://www.gorillawalker.com/war-master-s-gate-shadows-of-the-apt.pdf
    • http://www.gorillawalker.com/london-cool-restaurants.pdf
    • http://www.gorillawalker.com/daemonique-i-the-darkest-desire.pdf
    • http://www.gorillawalker.com/disney-sofia-the-first-where-is-my-tiara-open-door.pdf
    • http://www.gorillawalker.com/trial-by-circus.pdf
    • http://www.gorillawalker.com/critical-incidents-in-integrating-spirituality-into-counseling.pdf
    • http://www.gorillawalker.com/forbidden-check-up-a-medical-taboo-erotica.pdf
    • http://www.gorillawalker.com/always-remember-you-are-loved-when-a-child-seeks-guidance.pdf
    • http://www.gorillawalker.com/passion-branding-harnessing-the-power-of-emotion-to-build-strong.pdf
    • http://www.gorillawalker.com/the-loon.pdf
    • http://www.gorillawalker.com/basics-creative-photography-03-behind-the-image-research-in-photography.pdf
    • http://www.gorillawalker.com/photographic-giants-of-palomar.pdf
    • http://www.gorillawalker.com/phosgene-and-related-carbonyl-halides-topics-in-inorganic-and-general.pdf
    • http://www.gorillawalker.com/killer-sudoku-12x12-easy-to-hard-volume-13-276-puzzles.pdf
    • http://www.gorillawalker.com/el-sapo-que-no-quer-a-comer-spanish-edition.pdf
    • http://www.gorillawalker.com/unorthodox-book-of-jewish-records-and-lists.pdf
    • http://www.gorillawalker.com/den-gang-det-het-christiania-norwegian-edition.pdf
    • http://www.gorillawalker.com/book-supplier-profile-sudoc-si-1-2-r-22-4.pdf
    • http://www.gorillawalker.com/narrating-the-self-fictions-of-japanese-modernity.pdf
    • http://www.gorillawalker.com/blockbuster-21-chapters-about-your-brain.pdf
    • http://www.gorillawalker.com/the-mormon-wars-early-persecutions-hawn-s-mill-nauvoo-war.pdf
    • http://www.gorillawalker.com/diary-and-correspondence-of-john-evelyn-f-r-s-to.pdf
    • http://www.gorillawalker.com/writing-for-social-scientists-how-to-start-and-finish-your.pdf
    • http://www.gorillawalker.com/geography-challenge.pdf
    • http://www.gorillawalker.com/the-blackwell-encyclopedia-of-management-and-encyclopedic-dictionaries-the-blackwell.pdf
    • http://www.gorillawalker.com/the-polar-bears-are-hungry.pdf
    • http://www.gorillawalker.com/handmade-culture-raku-potters-patrons-and-tea-practitioners-in-japan.pdf
    • http://www.gorillawalker.com/how-asia-can-shape-the-world-from-the-era-of.pdf
    • http://www.gorillawalker.com/the-h-m-s-bad-idea-an-anti-self-help.pdf
    • http://www.gorillawalker.com/ser-padre-es-cosa-de-hombres-spanish-edition.pdf
    • http://www.gorillawalker.com/beyond-the-bronze-pillars-envoy-poetry-and-the-sino-vietnamese.pdf
    • http://www.gorillawalker.com/tabe-test-of-adult-basic-education-level-a-math-workbook.pdf
    • http://www.gorillawalker.com/the-bo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.