Malicious PDF — malware analysis report

Static analysis result for SHA-256 bb6402015bf9c6b4…

MALICIOUS

PDF

34.4 KB Created: 2019-05-24 00:42:50 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 0afa897f3ba703ffe7da7ab8b6cc5985 SHA-1: 51d350e6d2b7acb3aded51ecfa9c07790b970e8b SHA-256: bb6402015bf9c6b4c1ec6274feef48138ddb4f084bcac0fd56853e8cc0542258
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of external links, many of which point to other PDF files. This suggests a link farm or SEO poisoning attack, designed to drive traffic to the linked content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/whiplash-and-temporomandibular-disorders-an-interdiciplinary-approach-to-case-management.pdf
    • http://www.gorillawalker.com/the-greek-world-the-making-of-the-past.pdf
    • http://www.gorillawalker.com/children-noble-causes-or-worthy-citizens.pdf
    • http://www.gorillawalker.com/the-man-who-discovered-quality-how-w-edwards-deming-brought.pdf
    • http://www.gorillawalker.com/fundamentals-of-insurance.pdf
    • http://www.gorillawalker.com/hacia-el-nuevo-estado-m-xico-1920-2000-politica-y.pdf
    • http://www.gorillawalker.com/ballentine-s-law-dictionary.pdf
    • http://www.gorillawalker.com/hope-for-a-hopeless-day.pdf
    • http://www.gorillawalker.com/mindscreen-bergman-godard-and-first-person-film-dalkey-archive-scholarly.pdf
    • http://www.gorillawalker.com/employment-law-yearbook-2013.pdf
    • http://www.gorillawalker.com/the-best-bike-rides-in-the-midwest-illinois-indiana-iowa.pdf
    • http://www.gorillawalker.com/eyewitness-travel-guides-morocco.pdf
    • http://www.gorillawalker.com/filmmaking-direct-your-movie-from-script-to-screen-using-proven.pdf
    • http://www.gorillawalker.com/the-environmental-psychology-of-prisons-and-jails-creating-humane-spaces.pdf
    • http://www.gorillawalker.com/bach-js-easter-oratorio-voc-sc-score.pdf
    • http://www.gorillawalker.com/wanted.pdf
    • http://www.gorillawalker.com/freedom-and-force-essays-on-kant-s-legal-philosophy-law.pdf
    • http://www.gorillawalker.com/ancestor-of-the-west-writing-reasoning-and-religion-in-mesopotamia.pdf
    • http://www.gorillawalker.com/the-pharaohs-of-ancient-egypt-landmark-books.pdf
    • http://www.gorillawalker.com/benet-s-reader-s-encyclopedia-fourth-edition.pdf
    • http://www.gorillawalker.com/forms-in-the-abyss-a-philosophical-bridge-between-sartre-and.pdf
    • http://www.gorillawalker.com/butterworths-police-criminal-evidence-act-cases.pdf
    • http://www.gorillawalker.com/current-issues-in-adolescent-psychiatry.pdf
    • http://www.gorillawalker.com/expositions-of-holy-scripture-psalms-i-to-xlix.pdf
    • http://www.gorillawalker.com/poverty-opposing-viewpoints-kindle-edition.pdf
    • http://www.gorillawalker.com/technical-analysis-and-financial-asset-forecasting-from-simple-tools-to.pdf
    • http://www.gorillawalker.com/selecting-injection-molds.pdf
    • http://www.gorillawalker.com/the-free-port-system-in-the-british-west-indies-a.pdf
    • http://www.gorillawalker.com/theory-of-everything.pdf
    • http://www.gorillawalker.com/a-history-of-modern-aesthetics-3-volume-set.pdf
    • http://www.gorillawalker.com/introducing-happiness-a-practical-guide.pdf
    • http://www.gorillawalker.com/god-is-no-thing-fresh-ways-of-looking-at-theological.pdf
    • http://www.gorillawalker.com/the-illustrated-encyclopedia-of-fairies.pdf
    • http://www.gorillawalker.com/unworldly-encounter-part-1-a-bbw-alien-romance-serial.pdf
    • http://www.gorillawalker.com/brussels-petit-fute.pdf
    • http://www.gorillawalker.com/gods-of-our-time.pdf
    • http://www.gorillawalker.com/real-estate-principles-in-california.pdf
    • http://www.gorillawalker.com/orthodoxy-hardcover.pdf
    • http://www.gorillawalker.com/l-ducation-d-un-prince-french-edition.pdf
    • http://www.gorillawalker.com/sarajevo-map-city-map-english-french-italian-and-german-edition.pdf
    • http://www.gorillawalker.com/mindscreen-bergman-godard-and-first-person-film-dalkey-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.