Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1c46df25cf11e07…

MALICIOUS

PDF

43.7 KB Created: 2018-12-05 11:09:24 +03:00 Authoring application: Pscript.dll Version 5.0 (via AFPL Ghostscript 8.50)
MD5: 7a44e165d5e91bcda1ef212f3757ac83 SHA-1: 8e98548eff323ae912ff8a946166ef940700abe1 SHA-256: d1c46df25cf11e07443edae049d38ad0f94a8beb7f38a2f11313f56b181aaad2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a link farm. The primary purpose appears to be directing users to a large quantity of other PDF documents hosted on the same domain, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/distinct-living-above-the-norm-member-book-bible-studies-for.pdf
    • http://www.gorillawalker.com/are-we-rome-the-fall-of-an-empire-and-the.pdf
    • http://www.gorillawalker.com/dance-kinesiology-second-edition.pdf
    • http://www.gorillawalker.com/giorgio-armani-empire-of-the-senses.pdf
    • http://www.gorillawalker.com/ultrasound-guidance-in-regional-anaesthesia-principles-and-practical-implementation.pdf
    • http://www.gorillawalker.com/a-parapsychological-investigation-of-the-theory-of-psychopraxia-experimental-and.pdf
    • http://www.gorillawalker.com/the-secret-life-of-a-pastor-and-other-intimate-letters.pdf
    • http://www.gorillawalker.com/when-you-get-a-baby.pdf
    • http://www.gorillawalker.com/skins-contemporary-indigenous-writing.pdf
    • http://www.gorillawalker.com/per-n-luz-y-sombras-libro-i-1893-1938-spanish.pdf
    • http://www.gorillawalker.com/fear-nest-to-eat-japanese-250-million-people-silent-killer.pdf
    • http://www.gorillawalker.com/10-steps-to-successful-social-networking-for-business-astd-10.pdf
    • http://www.gorillawalker.com/the-johnny-cash-discography-discographies-association-for-recorded-sound-collections.pdf
    • http://www.gorillawalker.com/the-rome-of-alexander-vii-1655-1667.pdf
    • http://www.gorillawalker.com/another-op-nin-another-show-15-broadway-favorites-for-solo.pdf
    • http://www.gorillawalker.com/dragon-down-turtleback-school-library-binding-edition-dragons-riders-of.pdf
    • http://www.gorillawalker.com/a-world-destroyed-hiroshima-and-its-legacies.pdf
    • http://www.gorillawalker.com/365-ways-to-change-the-world-how-to-make-the.pdf
    • http://www.gorillawalker.com/here-body-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-bill-alexander-and-robert-warren-series-13.pdf
    • http://www.gorillawalker.com/cissp-all-in-one-exam-guide-with-cdrom.pdf
    • http://www.gorillawalker.com/american-muscle-cars-2015-16-month-calendar-september-2014-through.pdf
    • http://www.gorillawalker.com/trust-in-saint-faustina-s-footsteps.pdf
    • http://www.gorillawalker.com/final-judgment.pdf
    • http://www.gorillawalker.com/buddhist-mahayana-texts-sacred-books-of-the-east.pdf
    • http://www.gorillawalker.com/people-who-eat-darkness-murder-grief-and-a-journey-into.pdf
    • http://www.gorillawalker.com/introduction-to-operations-research-7th.pdf
    • http://www.gorillawalker.com/scarecrow-s-secret-usborne-farmyard-tales-sticker-storybook-5.pdf
    • http://www.gorillawalker.com/perry-rhodan-2797-das-land-collthark-heftroman-perry-rhodan-zyklus.pdf
    • http://www.gorillawalker.com/the-last-month-of-the-year-eight-carols-for-voices.pdf
    • http://www.gorillawalker.com/seal-my-destiny-novella.pdf
    • http://www.gorillawalker.com/emotionally-healthy-spirituality-course-workbook-it-s-impossible-to-be.pdf
    • http://www.gorillawalker.com/blackbird-rising-a-novel-of-the-american-spirit.pdf
    • http://www.gorillawalker.com/interactive-multiple-goal-programming-applications-to-financial-planning-international-series.pdf
    • http://www.gorillawalker.com/the-intense-lover-suite-of-poems.pdf
    • http://www.gorillawalker.com/47-calendar-quotations-murphy-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/official-overstreet-comic-book-price-guide-38.pdf
    • http://www.gorillawalker.com/creating-meaning-through-literature-and-the-arts-arts-integration-for.pdf
    • http://www.gorillawalker.com/top-10-unsolved-mysteries-top-10-unexplained.pdf
    • http://www.gorillawalker.com/get-talking-swedish-in-ten-days-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ultrasound-guidance-in-regional-anaest
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.