Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb13336659d75ae4…

MALICIOUS

PDF

45.5 KB Created: 2018-11-15 18:32:29 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.07)
MD5: 79b0556a86fd8b7aebaf98881be3a4d3 SHA-1: 3b05d0fdaf3a502a5bf3a7fcb03bd9896b784831 SHA-256: cb13336659d75ae4f694c8c62eb9b58367b473bb3f4d82ce203d12b3489dcad6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links to PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The document body itself is heavily obfuscated and does not provide clear textual lures, but the sheer volume of linked PDFs suggests a non-legitimate purpose.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/authority-and-the-sacred-aspects-of-the-christianisation-of-the.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-christianity-volume-1-a-d.pdf
    • http://www.gorillawalker.com/2-corinthians-a-handbook-on-the-greek-text-baylor-handbook.pdf
    • http://www.gorillawalker.com/the-ballet-called-swan-lake.pdf
    • http://www.gorillawalker.com/forgotten-souls-the-saving-angels.pdf
    • http://www.gorillawalker.com/black-beauty-little-brown-notebooks.pdf
    • http://www.gorillawalker.com/colossae-in-space-and-time-linking-to-an-ancient-city.pdf
    • http://www.gorillawalker.com/taken-by-the-paranormal-futas.pdf
    • http://www.gorillawalker.com/bayesian-survival-analysis-springer-series-in-statistics.pdf
    • http://www.gorillawalker.com/mel-bay-presents-bodhran-beyond-the-basics-book-cd-set.pdf
    • http://www.gorillawalker.com/the-vichy-syndrome-history-and-memory-in-france-since-1944.pdf
    • http://www.gorillawalker.com/i-have-the-right-to-destroy-myself-harvest-original.pdf
    • http://www.gorillawalker.com/high-performance-options-trading-option-volatility-pricing-strategies-1st-first.pdf
    • http://www.gorillawalker.com/three-volumes-bound-in-one-travels-in-egypt-and-nubia.pdf
    • http://www.gorillawalker.com/my-neighbor-raymond.pdf
    • http://www.gorillawalker.com/a-concise-history-of-modern-painting.pdf
    • http://www.gorillawalker.com/germany-and-the-second-world-war-v-ii-organization-and.pdf
    • http://www.gorillawalker.com/okin-the-panda-bear-finds-his-family.pdf
    • http://www.gorillawalker.com/rammstein-on-fire-new-perspectives-on-the-music-and-performances.pdf
    • http://www.gorillawalker.com/words-of-life-scripture-as-the-living-and-active-word.pdf
    • http://www.gorillawalker.com/die-verteidigung-der-kindheit-roman-fiction-poetry-drama-german-edition.pdf
    • http://www.gorillawalker.com/divine-justice.pdf
    • http://www.gorillawalker.com/construction-law-and-the-environment.pdf
    • http://www.gorillawalker.com/beyond-grits-and-gravy-the-south-s-all-time-favorite.pdf
    • http://www.gorillawalker.com/microscopes-first-facts-science-tools.pdf
    • http://www.gorillawalker.com/the-official-lsat-preptest-73-sept-2014-lsat.pdf
    • http://www.gorillawalker.com/the-party-begins-with-bacon-kindle-edition.pdf
    • http://www.gorillawalker.com/australia-activity-book-hands-on-arts-crafts-cooking-research-and.pdf
    • http://www.gorillawalker.com/access-to-justice-final-report-to-the-lord-chancellor-on.pdf
    • http://www.gorillawalker.com/nirvana-and-other-buddhist-felicities-cambridge-studies-in-religious-traditions.pdf
    • http://www.gorillawalker.com/natural-antioxidants-in-human-health-and-disease.pdf
    • http://www.gorillawalker.com/five-ingredient-15-minute-recipes-weight-watchers.pdf
    • http://www.gorillawalker.com/feeding-and-swallowing-disorders-in-infancy-assessment-and-management.pdf
    • http://www.gorillawalker.com/globalization-and-poverty-the-new-global-society.pdf
    • http://www.gorillawalker.com/we-were-the-ramchargers-inside-drag-racing-s-legendary-team.pdf
    • http://www.gorillawalker.com/ford-taurus-sable-1996-99-chilton-s-total-car-care.pdf
    • http://www.gorillawalker.com/between-dreams-and-realities-some-milestones-in-pakistan-s-history.pdf
    • http://www.gorillawalker.com/hiking-zion-and-bryce-canyon-national-parks-regional-hiking-series.pdf
    • http://www.gorillawalker.com/business-magnetism-the-power-of-partnership.pdf
    • http://www.gorillawalker.com/2015-craft-beers-of-oregon-wall-calendar-jg.pdf
    • http://www.gorillawalker.com/bayesian-survival-analysis-springer-se
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.