Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac1354e4244607b9…

MALICIOUS

PDF

42.0 KB Created: 2019-04-28 07:42:23 +03:00 Authoring application: Pscript.dll Version 5.0 (via AFPL Ghostscript 8.50)
MD5: 20f2799a3b5a629b51e46c40672837c0 SHA-1: 495784861fe7192e179461f0956b307ff49405fe SHA-256: ac1354e4244607b985fde43a3450ae86297b3d2714fd216a02614b79016f818c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the domain 'gorillawalker.com'. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stop-moaning-start-owning-how-entitlement-is-ruining-america-and.pdf
    • http://www.gorillawalker.com/life-jubilee-queen-elizabeth-ii-60-years-on-the-throne.pdf
    • http://www.gorillawalker.com/here-s-to-not-catching-our-hair-on-fire-an.pdf
    • http://www.gorillawalker.com/essential-elements-for-guitar-book-1-comprehensive-guitar-method.pdf
    • http://www.gorillawalker.com/running-out-of-control-dilemmas-of-globalization.pdf
    • http://www.gorillawalker.com/concepts-of-value-in-european-material-culture-1500-1900-the.pdf
    • http://www.gorillawalker.com/wolfe-tone-gill-s-irish-lives.pdf
    • http://www.gorillawalker.com/solar-energy-a-practical-guide.pdf
    • http://www.gorillawalker.com/promises-for-students.pdf
    • http://www.gorillawalker.com/oscuros-fallen-el-poder-de-las-sombras-the-power-of.pdf
    • http://www.gorillawalker.com/scaling-the-wall.pdf
    • http://www.gorillawalker.com/die-syrische-trag.pdf
    • http://www.gorillawalker.com/you-and-your-tween-managing-the-years-from-9-to.pdf
    • http://www.gorillawalker.com/the-only-grant-writing-book-you-ll-ever-need-only.pdf
    • http://www.gorillawalker.com/shakedown-of-elastic-plastic-structures-fundamental-studies-in-engineering.pdf
    • http://www.gorillawalker.com/ultimate-facercise.pdf
    • http://www.gorillawalker.com/the-runaway-climbers-part-1-how-the-2008-k2-disaster.pdf
    • http://www.gorillawalker.com/oreimo-vol-2.pdf
    • http://www.gorillawalker.com/political-islam-and-the-invention-of-tradition.pdf
    • http://www.gorillawalker.com/dead-wrong-blackmore-sisters-mystery-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/a-general-introduction-to-psychoanalysis-classic-reprint.pdf
    • http://www.gorillawalker.com/eagle-boy-a-pacific-northwest-native-tale.pdf
    • http://www.gorillawalker.com/first-year-charts-collection-for-jazz-ensemble-3rd-trombone-first.pdf
    • http://www.gorillawalker.com/in-the-wind.pdf
    • http://www.gorillawalker.com/mosdos-press-literature-jade-student-edition.pdf
    • http://www.gorillawalker.com/dysphagia-clinical-management-in-adults-and-children-print-replica-kindle.pdf
    • http://www.gorillawalker.com/nazi-germany-foundation-heinemann-secondary-history-project.pdf
    • http://www.gorillawalker.com/the-macmillan-atlas-of-the-holocaust-a-da-capo-paperback.pdf
    • http://www.gorillawalker.com/hygiene-dental-and-general.pdf
    • http://www.gorillawalker.com/jigs-reels-hornpipes-violin-with-cd-audio-fiddler-collection.pdf
    • http://www.gorillawalker.com/write-source-skillsbook-consumable-grade-10.pdf
    • http://www.gorillawalker.com/flute-fingering-chart-amsco-fingering-charts.pdf
    • http://www.gorillawalker.com/when-fenelon-falls.pdf
    • http://www.gorillawalker.com/heaven-bound-creating-a-funeral-or-memorial-service-for-your.pdf
    • http://www.gorillawalker.com/marketing-places.pdf
    • http://www.gorillawalker.com/cruel-devices-the-complete-collection-extreme-dark-punishment-bondage-kindle.pdf
    • http://www.gorillawalker.com/flea-market-cash-machine.pdf
    • http://www.gorillawalker.com/emily-post-s-etiquette-with-illustrations-complete-and-unabridged.pdf
    • http://www.gorillawalker.com/a-cephalometric-evaluation-of-maxillary-first-molar-post-treatment-stability.pdf
    • http://www.gorillawalker.com/quality-of-life-in-older-persons-meaning-and-measurement.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.