Malicious PDF — malware analysis report

Static analysis result for SHA-256 abf271c54ab7565c…

MALICIOUS

PDF

43.9 KB Created: 2018-11-30 01:49:11 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: c94dcefeeed4eba66ab8386a40160889 SHA-1: c2d8765d96bff704ebfbb94040bf1c47489634b5 SHA-256: abf271c54ab7565c4b0fed06fcebb105a8019e644cb640d30d0b5487b3e9d7cb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents, primarily hosted on 'www.gorillawalker.com'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to a multitude of other potentially malicious or unwanted content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/meh-when-a-teacher-shrugs-seeking-ms-sandy-book-1.pdf
    • http://www.gorillawalker.com/pdnt-volume-2-cancer-nursing.pdf
    • http://www.gorillawalker.com/the-2030-spike-countdown-to-global-catastrophe.pdf
    • http://www.gorillawalker.com/omega-6-omega-3-essential-fatty-acid-ratio-the-scientific.pdf
    • http://www.gorillawalker.com/athletes-and-drug-use-introducing-issues-with-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/nascar-kasey-kahne-2009-calendar.pdf
    • http://www.gorillawalker.com/chocolates-sweets-candies-hand-made-temptations-to-give-for-every.pdf
    • http://www.gorillawalker.com/the-third-apprentice-kindle-edition.pdf
    • http://www.gorillawalker.com/daily-science-grade-6-daily-practice-books.pdf
    • http://www.gorillawalker.com/finite-mathematics.pdf
    • http://www.gorillawalker.com/the-big-book-of-bicycling-everything-you-need-to-everything.pdf
    • http://www.gorillawalker.com/w-is-for-wasted-a-kinsey-milhone-mystery.pdf
    • http://www.gorillawalker.com/capital-growth-what-the-2012-london-church-census-reveals.pdf
    • http://www.gorillawalker.com/across-the-sahara-by-land-rover-to-west-and-central.pdf
    • http://www.gorillawalker.com/indiana-core-science-life-science-flashcard-study-system-indiana-core.pdf
    • http://www.gorillawalker.com/curveball-richmond-rogues-book-2.pdf
    • http://www.gorillawalker.com/human-anatomy-for-artists.pdf
    • http://www.gorillawalker.com/paradox-dialectic-and-system-a-contemporary-reconstruction-of-the-hegelian.pdf
    • http://www.gorillawalker.com/billionaire-s-forbidden-baby-bwwm-billionaire-romance-part-two.pdf
    • http://www.gorillawalker.com/15-herbs-for-tea-storey-s-country-wisdom-bulletin-a.pdf
    • http://www.gorillawalker.com/cache-lake-country-life-in-the-north-woods-wilderness-edition.pdf
    • http://www.gorillawalker.com/assembly.pdf
    • http://www.gorillawalker.com/bulletin-funeral-clouds.pdf
    • http://www.gorillawalker.com/administrative-law-and-judicial-deference-hart-studies-in-comparative-public.pdf
    • http://www.gorillawalker.com/dishuiyan-the-book-signed-by-the-author-donated-to-the.pdf
    • http://www.gorillawalker.com/an-introduction-to-ontology.pdf
    • http://www.gorillawalker.com/dickens-and-childhood-a-library-of-essays-on-charles-dickens.pdf
    • http://www.gorillawalker.com/the-beginners-method-for-soprano-and-alto-recorder-part-1.pdf
    • http://www.gorillawalker.com/seoultown-kitchen-korean-recipes-to-share-with-family-and-friends.pdf
    • http://www.gorillawalker.com/resident-evil-zero-pg-official-strategy-guide-gc.pdf
    • http://www.gorillawalker.com/one-hundred-and-one-famous-poems-with-a-prose-supplement.pdf
    • http://www.gorillawalker.com/the-luciano-legacy.pdf
    • http://www.gorillawalker.com/growth-stagnation-or-decline-agricultural-productivity-in-british-india-oxford.pdf
    • http://www.gorillawalker.com/hammond-atlas-of-the-bible-lands-by-hammond-world-atlas.pdf
    • http://www.gorillawalker.com/cset-foundational-level-general-science-exam-flashcard-study-system-cset.pdf
    • http://www.gorillawalker.com/make-getting-started-with-the-photon-making-things-with-the.pdf
    • http://www.gorillawalker.com/hot-air-meeting-canada-s-climate-change-challenge.pdf
    • http://www.gorillawalker.com/louisville-nashville-steam-locomotives-1968-revised-edition.pdf
    • http://www.gorillawalker.com/it-disaster-recovery-planning-for-dummies.pdf
    • http://www.gorillawalker.com/ancient-corinth.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.