Malicious PDF — malware analysis report

Static analysis result for SHA-256 b43142083f1c6cd2…

MALICIOUS

PDF

45.2 KB Created: 2019-04-09 23:55:29 +03:00 Authoring application: GPL Ghostscript 8.64 (via Adobe PDF Library 8.0)
MD5: 55fdc49c227817775fb253d5d12af447 SHA-1: a47c1d5e22af1b9c4d18bc6a6257774b14b05883 SHA-256: b43142083f1c6cd2c55b3fd22c7caf8f8bf97bc423c2e0b851a2d62085e476f3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded URLs pointing to PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, which can include malicious payloads. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/contemporary-europe-second-edition-palgrave-foundation-series.pdf
    • http://www.gorillawalker.com/scene-design-and-stage-lighting-with-infotrac.pdf
    • http://www.gorillawalker.com/np-notes-nurse-practitioner-s-clinical-pocket-guide-davis-s.pdf
    • http://www.gorillawalker.com/financial-accounting-custom-edition-for-arizona-state-university.pdf
    • http://www.gorillawalker.com/egyptian-pyramids-designing-the-future.pdf
    • http://www.gorillawalker.com/algebra-2-noteables-interactive-study-notebook-with-foldables-california.pdf
    • http://www.gorillawalker.com/the-bantam-medical-dictionary-sixth-edition-updated-and-expanded-sixth.pdf
    • http://www.gorillawalker.com/battling-malaria-on-the-front-lines-against-a-global-killer.pdf
    • http://www.gorillawalker.com/provincetown-volume-ii-images-of-america.pdf
    • http://www.gorillawalker.com/if-you-re-happy-and-you-know-it-raffi-songs.pdf
    • http://www.gorillawalker.com/memories-of-a-cuban-kitchen-more-than-200-classic-recipes.pdf
    • http://www.gorillawalker.com/by-andy-herbach-eating-drinking-in-spain-portugal-open-road.pdf
    • http://www.gorillawalker.com/john-a-macdonald-revised-the-canadians.pdf
    • http://www.gorillawalker.com/organic-light-emitting-materials-and-devices-second-edition.pdf
    • http://www.gorillawalker.com/garden-cities-of-to-morrow-experiments-in-urban-planning.pdf
    • http://www.gorillawalker.com/the-native-culture-in-the-marquesas.pdf
    • http://www.gorillawalker.com/the-cat-who-blew-the-whistle.pdf
    • http://www.gorillawalker.com/surviving-high-school-kindle-edition.pdf
    • http://www.gorillawalker.com/maxilire-mystere-dans-le-metro-bk-6-english-and-french.pdf
    • http://www.gorillawalker.com/lines-of-fire-a-renegade-writes-on-strategy-intelligence-and.pdf
    • http://www.gorillawalker.com/women-and-criminal-justice-aspen-college.pdf
    • http://www.gorillawalker.com/pet-architecture-guide-book-vol-2.pdf
    • http://www.gorillawalker.com/proceedings-of-3rd-international-conference-on-advanced-computing-networking-and.pdf
    • http://www.gorillawalker.com/natural-health-101-hidden-treasures-of-alternative-medicine.pdf
    • http://www.gorillawalker.com/running-for-black-gold-fifty-years-of-african-athletics.pdf
    • http://www.gorillawalker.com/ballots-and-bullets-the-bloody-county-seat-wars-of-kansas.pdf
    • http://www.gorillawalker.com/joseph-brodsky-and-the-creation-of-exile-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/contemporary-linguistics-6e-study-guide.pdf
    • http://www.gorillawalker.com/japanese-cooking-at-home.pdf
    • http://www.gorillawalker.com/sensualities-textualities-and-technologies-writings-of-the-body-in-21st.pdf
    • http://www.gorillawalker.com/the-conquer-kit-a-creative-business-planner-for-women-entrepreneurs.pdf
    • http://www.gorillawalker.com/the-secret-history-of-freemasonry-its-origins-and-connection-to.pdf
    • http://www.gorillawalker.com/daggers-of-darkness-puffin-adventure-gamebooks.pdf
    • http://www.gorillawalker.com/deliberate-optimism-reclaiming-the-joy-in-education.pdf
    • http://www.gorillawalker.com/henley-s-twentieth-century-forrmulas-recipes-and-processes-containing-ten.pdf
    • http://www.gorillawalker.com/hands-on-rocky-mountains-art-activities-for-anasazi-american-indians.pdf
    • http://www.gorillawalker.com/the-haunted-library-1.pdf
    • http://www.gorillawalker.com/development-of-the-human-spinal-cord-an-interpretation-based-on.pdf
    • http://www.gorillawalker.com/black-curiosity-censored.pdf
    • http://www.gorillawalker.com/how-to-increase-the-value-of-your-business-before-you.pdf
    • http://www.gorillawalker.com/the-bantam-medical-dictionary-sixth-edition-upda
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.