Malicious PDF — malware analysis report

Static analysis result for SHA-256 c1519063d9352c81…

MALICIOUS

PDF

41.4 KB Created: 2019-03-17 07:20:30 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 62b882f4239476c44f475008b8e1f761 SHA-1: e54536415696a0f28cd194c136c77f7ed1a3976f SHA-256: c1519063d9352c8171136eb4606fe8138c771bde992a3016346b3bd9ecc8d463
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be distributing a high volume of links, likely for SEO poisoning or to lure users to potentially malicious websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mortal-stakes-thorndike-press-large-print-superior-collection.pdf
    • http://www.gorillawalker.com/becoming-a-young-woman-who-pleases-god-a-teen-s.pdf
    • http://www.gorillawalker.com/the-drifting-classroom-vol-1.pdf
    • http://www.gorillawalker.com/derrida-and-legal-philosophy.pdf
    • http://www.gorillawalker.com/case-files-emergency-medicine-lange-case-files.pdf
    • http://www.gorillawalker.com/uncommon-fathers-reflections-on-raising-a-child-with-a-disability.pdf
    • http://www.gorillawalker.com/ancient-scripts-from-crete-and-cyprus-publications-from-the-henri.pdf
    • http://www.gorillawalker.com/pseudo-almost-periodic-functions-in-banach-spaces.pdf
    • http://www.gorillawalker.com/el-generalito.pdf
    • http://www.gorillawalker.com/scholastic-discover-more-reader-level-2-hurricane-katrina.pdf
    • http://www.gorillawalker.com/inteligencias-multiples-la-teoria-en-la-practica-surcos-paidos-16.pdf
    • http://www.gorillawalker.com/advanced-placement-english-1-practical-approaches-to-literary-analysis.pdf
    • http://www.gorillawalker.com/mindfulness-how-to-live-in-the-present-moment-version-2.pdf
    • http://www.gorillawalker.com/trigonometry-plus-new-mymathlab-with-pearson-etext-access-card-package.pdf
    • http://www.gorillawalker.com/streetwise-orlando.pdf
    • http://www.gorillawalker.com/structural-bioinformatics-an-algorithmic-approach-chapman-hall-crc-mathematical-and.pdf
    • http://www.gorillawalker.com/elsevier-adaptive-quizzing-for-jarvis-physical-examination-and-health-assessment.pdf
    • http://www.gorillawalker.com/key-west-part-ii-kindle-edition.pdf
    • http://www.gorillawalker.com/1960s-fashion-print.pdf
    • http://www.gorillawalker.com/financial-risk-manager-handbook-test-bank-frm-part-i-part.pdf
    • http://www.gorillawalker.com/pharmaceutical-inhalation-aerosol-technology-drugs-and-the-pharmaceutical-sciences.pdf
    • http://www.gorillawalker.com/protestantism-in-latin-america-a-bibliographical-guide.pdf
    • http://www.gorillawalker.com/meditaciones-meditations-spanish-edition.pdf
    • http://www.gorillawalker.com/p-g-de-gennes-impact-in-science-condensed-matter-and.pdf
    • http://www.gorillawalker.com/nine-lives.pdf
    • http://www.gorillawalker.com/allison-engined-mustangs-walk-around-no-13.pdf
    • http://www.gorillawalker.com/echoes-of-a-gloried-past-book-two-of-the-safanarion.pdf
    • http://www.gorillawalker.com/your-ticket-to-the-universe-a-guide-to-exploring-the.pdf
    • http://www.gorillawalker.com/kilgore-rangerettes-clifton-and-shirley-caldwell-texas-heritage.pdf
    • http://www.gorillawalker.com/cat-allergies-a-comprehensive-guide-to-cat-allergies.pdf
    • http://www.gorillawalker.com/the-macarian-legacy-the-place-of-macarius-symeon-in-the.pdf
    • http://www.gorillawalker.com/stories-from-the-bible-adam-and-eve.pdf
    • http://www.gorillawalker.com/porcelain-manufacture-nymphenburg.pdf
    • http://www.gorillawalker.com/paper-eagle.pdf
    • http://www.gorillawalker.com/orchestral-excerpts-from-the-symphonic-repertoire-for-french-horn-classical.pdf
    • http://www.gorillawalker.com/tonal-values-how-to-see-them-how-to-paint-them.pdf
    • http://www.gorillawalker.com/python-for-data-science-for-dummies-for-dummies-computers.pdf
    • http://www.gorillawalker.com/uruguay-focus-guide-footprint-focus.pdf
    • http://www.gorillawalker.com/atlas-of-the-recovered-territories-of-poland.pdf
    • http://www.gorillawalker.com/kick-yourself-puzzles-a-collection-of-forehead-slapping-fun.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.