Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5eb2f9d2af8befe…

MALICIOUS

PDF

46.3 KB Created: 2018-11-14 11:20:27 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: dc3ee494d37a4f028af443c0d5d10191 SHA-1: a452c9fb96fcee4314b53a7f21d28b7e3437b5fd SHA-256: a5eb2f9d2af8befeadde7896b7f313d265be26f66172ff45cb6f755b55d77714
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to a single domain, www.gorillawalker.com, points towards an attempt to artificially inflate search engine rankings or distribute potentially harmful content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8322

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-road-from-eden-studies-in-christianity-and-culture.pdf
    • http://www.gorillawalker.com/storytelling-a-storytelling-system-to-deliver-inspiring-and-unforgettable-speeches.pdf
    • http://www.gorillawalker.com/playing-1-d4-the-queen-s-gambit-grandmaster-guide.pdf
    • http://www.gorillawalker.com/handbook-of-chronic-fatigue-syndrome-hardcover-2003-author-leonard-a.pdf
    • http://www.gorillawalker.com/the-big-one-hurricane-andrew.pdf
    • http://www.gorillawalker.com/a-guide-to-personal-happiness.pdf
    • http://www.gorillawalker.com/bakterien-rusten-auf-ehec-mrsa-informiert-euch-german-edition.pdf
    • http://www.gorillawalker.com/peter-paul-mary-around-the-campfire.pdf
    • http://www.gorillawalker.com/opportunities-and-challenges-of-workplace-diversity-3rd-edition.pdf
    • http://www.gorillawalker.com/germany-s-rude-awakening-censorship-in-the-land-of-the.pdf
    • http://www.gorillawalker.com/the-dictionary-of-confusable-words.pdf
    • http://www.gorillawalker.com/llewellyn-s-2005-magical-almanac-annuals-magical-almanac.pdf
    • http://www.gorillawalker.com/pokerface-da-san-giovanni-in-persiceto-al-titolo-nba-italian.pdf
    • http://www.gorillawalker.com/educational-leadership-in-action-a-casebook-for-aspiring-educational-leaders.pdf
    • http://www.gorillawalker.com/oil-and-gas-taxation-in-nontechnical-language-pennwell-nontechnical-series.pdf
    • http://www.gorillawalker.com/mt-hood-winter-trails-map.pdf
    • http://www.gorillawalker.com/administrative-costs-claimed-under-part-b-of-the-health-insurance.pdf
    • http://www.gorillawalker.com/an-introduction-to-marriage-and-family-therapy-haworth-marriage-and.pdf
    • http://www.gorillawalker.com/the-heritage-of-north-american-steam-railroads-reader-s-digest.pdf
    • http://www.gorillawalker.com/american-favorites-volume-1-solo-trombone-bassoon-cello-piano.pdf
    • http://www.gorillawalker.com/limits-of-national-claims-in-the-south-china-sea.pdf
    • http://www.gorillawalker.com/j-walter-takeover-from-divine-right-to-common-stock.pdf
    • http://www.gorillawalker.com/kami-and-the-yaks.pdf
    • http://www.gorillawalker.com/physicians-desk-reference-2011.pdf
    • http://www.gorillawalker.com/a-comparative-analysis-of-the-divorce-law-in-england-and.pdf
    • http://www.gorillawalker.com/automotive-heating-air-conditioning-test-preparation.pdf
    • http://www.gorillawalker.com/real-estate-marketing-strategy-personal-selling-negotiation-management-and-ethics.pdf
    • http://www.gorillawalker.com/ipad-and-iphone-video-film-edit-and-share-the-apple.pdf
    • http://www.gorillawalker.com/by-itmb-guatemala-map-international-travel-country-maps-guatemala-5th.pdf
    • http://www.gorillawalker.com/miranda-s-big-mistake.pdf
    • http://www.gorillawalker.com/cartridges-of-the-world-a-complete-and-illustrated-reference-source.pdf
    • http://www.gorillawalker.com/meet-eve-bunting.pdf
    • http://www.gorillawalker.com/3-22-2015-indexes-stocks-buy-sell-hold-ratings-buy.pdf
    • http://www.gorillawalker.com/agricultural-meteorology-the-effect-of-weather-on-crops.pdf
    • http://www.gorillawalker.com/tofu-recipes-the-ultimate-tofu-cookbook-with-over-30-delicious.pdf
    • http://www.gorillawalker.com/racial-spectacles-explorations-in-media-race-and-justice.pdf
    • http://www.gorillawalker.com/failing-peace-gaza-and-the-palestinian-israeli-conflict.pdf
    • http://www.gorillawalker.com/my-book-of-pattern-writing.pdf
    • http://www.gorillawalker.com/social-psychology-books-a-la-carte-plus-mypsychlab-coursecompass-12th.pdf
    • http://www.gorillawalker.com/a-history-of-the-conquest-of-mexico-slip-case-edition.pdf
    • http://www.gorillawalker.com/bakterien-rusten-auf-ehec-mrsa-informiert-euch-german-editi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off000018d0.js
c4d0d380c4c36b37f2461ee23a5d735da52663d1eb05568a2a1d3e7668e70118		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x18D0 28422 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.