Malicious PDF — malware analysis report

Static analysis result for SHA-256 d50cd3d204552106…

MALICIOUS

PDF

41.5 KB Created: 2019-04-11 21:02:37 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: e246ec38157c8aaabe7e65a99add59c8 SHA-1: a61be0e1ff97fbe0467523abbc1b392b63b155bd SHA-256: d50cd3d20455210628977341110ae3e07fa39f42bf6f4e4b6f0b02e3ca90b030
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to distribute further malware or engage in SEO spam. The dominant host for these links is www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/yardie-struggles-of-a-young-jamaican-growing-up-in-new.pdf
    • http://www.gorillawalker.com/understanding-and-mastering-the-bluebook-student-workbook.pdf
    • http://www.gorillawalker.com/string-builder-book-two-belwin-course-for-strings-cello.pdf
    • http://www.gorillawalker.com/wet-games-5-watersports-stories-bundle.pdf
    • http://www.gorillawalker.com/a-new-law-dictionary-intended-for-general-use-as-well.pdf
    • http://www.gorillawalker.com/chicken-mission-the-curse-of-fogsham-farm-book-2.pdf
    • http://www.gorillawalker.com/back-to-peace-reconciliation-and-retribution-in-the-postwar-period.pdf
    • http://www.gorillawalker.com/the-lakes-handbook-lake-restoration-and-rehabilitation.pdf
    • http://www.gorillawalker.com/freedonia-focus-on-coated-fabrics-download-pdf-digital.pdf
    • http://www.gorillawalker.com/texts-from-the-pyramid-age-writings-from-the-ancient-world.pdf
    • http://www.gorillawalker.com/the-divine-comedy-knickerbocker-classics.pdf
    • http://www.gorillawalker.com/review-of-stellar-abundance-results-from-large-telescopes.pdf
    • http://www.gorillawalker.com/enrique-pezzoni-lector-de-borges-spanish-edition.pdf
    • http://www.gorillawalker.com/contemplating-apollinaire-s-bestiaire-guillaume-apollinaire-le-bestiaire-ou-cortege.pdf
    • http://www.gorillawalker.com/czech-taxes-for-dummies-2013-a-simple-and-understandable-guide.pdf
    • http://www.gorillawalker.com/is-it-a-prawn-or-a-shrimp-the-literacy-tower.pdf
    • http://www.gorillawalker.com/gene-regulation-by-steroid-hormones-iv.pdf
    • http://www.gorillawalker.com/metaphysical-licks.pdf
    • http://www.gorillawalker.com/phenomenal-dot-to-dot-puzzles-connectivity.pdf
    • http://www.gorillawalker.com/on-seeing.pdf
    • http://www.gorillawalker.com/moleskine-2016-weekly-notebook-12m-large-black-soft-cover-5.pdf
    • http://www.gorillawalker.com/an-der-sch-nen-blauen-donau-op-314-harp-part.pdf
    • http://www.gorillawalker.com/limits-a-new-approach-to-real-analysis-undergraduate-texts-in.pdf
    • http://www.gorillawalker.com/intermediate-algebra-annotated-instructor-s-edition-with-cdrom.pdf
    • http://www.gorillawalker.com/reformed-dogmatics-4-volume-set.pdf
    • http://www.gorillawalker.com/blood-irradiation-a-users-guide.pdf
    • http://www.gorillawalker.com/dante-s-divine-comedy-inferno.pdf
    • http://www.gorillawalker.com/crossbones-yard-a-thriller-alice-quentin-series.pdf
    • http://www.gorillawalker.com/batman-arkham-knight-the-official-novelization.pdf
    • http://www.gorillawalker.com/the-book-of-the-garand.pdf
    • http://www.gorillawalker.com/what-is-this-thing-called-science.pdf
    • http://www.gorillawalker.com/crete-to-egypt-missing-links-of-the-rigveda.pdf
    • http://www.gorillawalker.com/hymnal-a-worship-book.pdf
    • http://www.gorillawalker.com/introduction-to-electromagnetic-engineering-dover-books-on-electrical-engineering.pdf
    • http://www.gorillawalker.com/authentic-christianity-sermons-on-the-acts-of-the-apostles-volume.pdf
    • http://www.gorillawalker.com/fire-insurance-law-and-claims.pdf
    • http://www.gorillawalker.com/hatewokoete-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/teleology-and-the-norms-of-nature.pdf
    • http://www.gorillawalker.com/more-goops-and-how-not-to-be-them-a-manual.pdf
    • http://www.gorillawalker.com/animal-noises-usborne-farmyard-tales.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.