Malicious PDF — malware analysis report

Static analysis result for SHA-256 bb981534b6a0ac97…

MALICIOUS

PDF

43.1 KB Created: 2018-11-15 18:31:22 +03:00 Authoring application: PScript5.dll Version 5.2 (via GPL Ghostscript 8.15)
MD5: 1e3b63f884e528776646651ff18ad4c2 SHA-1: 864833e275005f056ffb0fe997c2f33670c7e684 SHA-256: bb981534b6a0ac97e9863021da08ef4f6f9dbd03ccf0bbabec445245a66eb63f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various external websites, suggesting a tactic to manipulate search engine rankings or redirect users to potentially malicious content. No scripts were extracted from this sample, and the document body was not sufficiently readable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/clinical-success-in-bone-surgery-with-ultrasonic-devices.pdf
    • http://www.gorillawalker.com/from-work-family-balance-to-work-family-interaction-changing-the.pdf
    • http://www.gorillawalker.com/the-grumpy-gardener-s-handbook.pdf
    • http://www.gorillawalker.com/rookie-when-michael-jordan-came-to-the-minor-leagues.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-cakes-cookies-28-mayor.pdf
    • http://www.gorillawalker.com/taka-chan-and-i-a-dog-s-journey-to-japan.pdf
    • http://www.gorillawalker.com/garfield-in-disguise-garfield-colour-tv-special.pdf
    • http://www.gorillawalker.com/seeing-through-heaven-s-eyes-a-world-view-that-will.pdf
    • http://www.gorillawalker.com/planning-legislation-and-administration-an-annotated-bibliography-council-of-planning.pdf
    • http://www.gorillawalker.com/secret-agent-boyfriend-the-adair-affairs.pdf
    • http://www.gorillawalker.com/man-of-the-house-the-brat-becomes-a-bride-watching.pdf
    • http://www.gorillawalker.com/to-soar-on-eagle-s-wings.pdf
    • http://www.gorillawalker.com/reconceptualising-arms-control-controlling-the-means-of-violence.pdf
    • http://www.gorillawalker.com/minzoku-toshi-no-hitobito-rekishi-bunka-raiburari-japanese-edition.pdf
    • http://www.gorillawalker.com/bare-knuckle-negotiating-second-edition-knockout-negotiation-tactics-they-won.pdf
    • http://www.gorillawalker.com/phytochemical-functional-foods-woodhead-publishing-in-food-science-and-technology.pdf
    • http://www.gorillawalker.com/mathematics-for-dyslexics-including-dyscalculia.pdf
    • http://www.gorillawalker.com/hepatology-medication-with-meals-color-upgrades-chinese-edition.pdf
    • http://www.gorillawalker.com/boas-nature-s-children.pdf
    • http://www.gorillawalker.com/phoenix-wright-ace-attorney-volume-5-phoenix-wright-ace-attorney.pdf
    • http://www.gorillawalker.com/on-road-in-the-uae-paperback.pdf
    • http://www.gorillawalker.com/gran-escuela-cartom-gica-iv-spanish-edition.pdf
    • http://www.gorillawalker.com/gabriel-garcia-moreno-coleccion-ecuador-historia-spanish-edition.pdf
    • http://www.gorillawalker.com/interpersonal-process-in-therapy-an-integrative-model-skills-techniques-process.pdf
    • http://www.gorillawalker.com/understanding-terrorism-challenges-perspectives-and-issues-4th-edition.pdf
    • http://www.gorillawalker.com/holly-first-crusade-siege-of-jerusalem-medieval-warfare-snowflake-census.pdf
    • http://www.gorillawalker.com/bacco-in-toscana-italian-edition.pdf
    • http://www.gorillawalker.com/tomas-enchanted-riverside-1.pdf
    • http://www.gorillawalker.com/government-by-the-people-2012-election-edition-25th-edition.pdf
    • http://www.gorillawalker.com/darkness-shadows-a-patrick-bannister-psychological-thriller.pdf
    • http://www.gorillawalker.com/st-petersburg-russia-s-imperial-city-paperback.pdf
    • http://www.gorillawalker.com/cycles-every-woman-s-guide-to-menstruation.pdf
    • http://www.gorillawalker.com/spiritual-warfare-recognizing-and-overcoming-the-work-of-evil-spirits.pdf
    • http://www.gorillawalker.com/clinical-pathogenetic-and-experimental-investigations-of-endometriosis-especially-regarding-the.pdf
    • http://www.gorillawalker.com/my-bodyworks-songs-about-your-bones-muscles-heart-and-more.pdf
    • http://www.gorillawalker.com/islamic-jewish-relations-before-1947-world-of-islam.pdf
    • http://www.gorillawalker.com/clinical-neuropsychology-medicine.pdf
    • http://www.gorillawalker.com/life-the-royal-family-prince-george-of-cambridge.pdf
    • http://www.gorillawalker.com/beautiful-flowers-at-version-author-viola-melanie-calendar.pdf
    • http://www.gorillawalker.com/traditional-southern-italian-mandolin-and-fiddle-tunes.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.