Malicious PDF — malware analysis report

Static analysis result for SHA-256 d2284669a39656b8…

MALICIOUS

PDF

44.4 KB Created: 2018-11-30 20:08:43 +03:00 Authoring application: ESP Ghostscript 815.02
MD5: a3b06b37e956c42d8b5a4122361bea14 SHA-1: 574615a0ad48054058c736f89a9a8deb8463bf37 SHA-256: d2284669a39656b8ae64959d24f870b89e65de256fc918b54f3f56fdd4acd39d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also indicated a high probability of maliciousness. The document body contains numerous URLs pointing to PDFs hosted on gorillawalker.com, suggesting a link farm or content distribution network.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-watcher-roswell-high-no-4.pdf
    • http://www.gorillawalker.com/charalampos-fougias-and-charalampos-menychtas-kindle-edition.pdf
    • http://www.gorillawalker.com/the-world-s-best-books-a-key-to-the-treasures.pdf
    • http://www.gorillawalker.com/set-in-stone-the-geology-and-landscapes-of-scotland.pdf
    • http://www.gorillawalker.com/acting-and-stage-movement-a-complete-handbook-for-amateurs-and.pdf
    • http://www.gorillawalker.com/swan-song-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ethiopia-and-sudan-warfare-politics-and-famine-hearing-before-the.pdf
    • http://www.gorillawalker.com/critical-care-of-the-newborn.pdf
    • http://www.gorillawalker.com/lords-of-the-sea-the-epic-story-of-the-athenian.pdf
    • http://www.gorillawalker.com/kapitalkosten-regulierter-stromnetzbetreiber-europaeische-hochschulschriften-european-university-studie-german-edition.pdf
    • http://www.gorillawalker.com/critical-care-transport-by-american-academy-of-orthopaedic-surgeons-aaos.pdf
    • http://www.gorillawalker.com/violin-concerto-no-3-op-58-orchestra-score-parts-flute.pdf
    • http://www.gorillawalker.com/schwartz-s-principles-of-surgery-10th-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/lots-o-riddles-good-clean-fun-for-everyone.pdf
    • http://www.gorillawalker.com/folk-songs-for-young-folks-vol-2-bass-trombone-and.pdf
    • http://www.gorillawalker.com/christa-mcauliffe-a-space-biography-countdown-to-space.pdf
    • http://www.gorillawalker.com/when-i-was-born-women-s-autobiography-in-modern-china.pdf
    • http://www.gorillawalker.com/marriage-and-holy-orders-your-call-to-love-and-serve.pdf
    • http://www.gorillawalker.com/contemporary-marxism-essays-in-honor-of-j-m-boche-ski.pdf
    • http://www.gorillawalker.com/clean-hydrogen-production-methods-springerbriefs-in-energy.pdf
    • http://www.gorillawalker.com/appointed-times.pdf
    • http://www.gorillawalker.com/georgia-o-keeffe-great-artists.pdf
    • http://www.gorillawalker.com/the-art-of-ray-harryhausen-ray-harryhausen-tony-dalton.pdf
    • http://www.gorillawalker.com/my-italian-garden-more-than-125-seasonal-recipes-from-a.pdf
    • http://www.gorillawalker.com/audi-tt-service-manual-2000-2001-2002-2003-2004-2005.pdf
    • http://www.gorillawalker.com/remembering-the-dragon-lady-the-u-2-spy-plane-memoirs.pdf
    • http://www.gorillawalker.com/he-was-irresistible.pdf
    • http://www.gorillawalker.com/the-passion-to-survive-an-erotic-adventure-novel-the-passions.pdf
    • http://www.gorillawalker.com/modernising-charity-law-recent-developments-and-future-directions.pdf
    • http://www.gorillawalker.com/kassandra-et-la-gr-ce-des-l-gendes-plus-qu.pdf
    • http://www.gorillawalker.com/signal-integrity-simplified.pdf
    • http://www.gorillawalker.com/playing-with-the-band-clarinet-in-b-flat-edition.pdf
    • http://www.gorillawalker.com/pers-e-et-d-m-trius-french-edition.pdf
    • http://www.gorillawalker.com/shakespeare-s-horse-poems.pdf
    • http://www.gorillawalker.com/back-of-beyond-stories-of-the-supernatural.pdf
    • http://www.gorillawalker.com/productive-metal-cutting.pdf
    • http://www.gorillawalker.com/the-hospital-executive-s-guide-to-physician-staffing.pdf
    • http://www.gorillawalker.com/hydrology-ecology-and-fishes-of-the-klamath-river-basin.pdf
    • http://www.gorillawalker.com/akame-ga-kill-vol-2.pdf
    • http://www.gorillawalker.com/ethiopia-and-sudan-warfare-politics-and-famine-hearing-bef
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.