Malicious PDF — malware analysis report

Static analysis result for SHA-256 d589f3c048ad05fa…

MALICIOUS

PDF

43.0 KB Created: 2019-03-19 05:36:54 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.07)
MD5: 0d41f160e236745b60fa53164e138b7f SHA-1: e32b55ad7f5b0807aec8e12f39ecf8d7faf06491 SHA-256: d589f3c048ad05fa5531973f399b86a7c93577de34fc0aa464de279515ccc213
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern appears to be the distribution of a large number of external links, likely for SEO manipulation or to serve as a lure for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/modesty-blaise-sabre-tooth-mass-market-paperback.pdf
    • http://www.gorillawalker.com/marbella-gibraltar-travel-guide-attractions-eating-drinking-shopping-places-to.pdf
    • http://www.gorillawalker.com/kindergarten-flash-action-combo.pdf
    • http://www.gorillawalker.com/point-figure-commodity-and-stock-trading-techniques-also-options-bonds.pdf
    • http://www.gorillawalker.com/sydney-travel-guide-michael-brein-s-travel-guides-to-sightseeing.pdf
    • http://www.gorillawalker.com/forever-different-a-memoir-of-one-woman-s-journey-living.pdf
    • http://www.gorillawalker.com/linear-algebra-an-introduction-second-edition.pdf
    • http://www.gorillawalker.com/phonological-theory-the-essential-readings.pdf
    • http://www.gorillawalker.com/the-early-embryology-of-the-chick.pdf
    • http://www.gorillawalker.com/mel-bay-solo-pieces-for-the-beginning-flutist-book-cd.pdf
    • http://www.gorillawalker.com/richard-i-the-english-monarchs-series.pdf
    • http://www.gorillawalker.com/theology-of-the-body-for-beginners-a-basic-introduction-to.pdf
    • http://www.gorillawalker.com/semilasso-in-africa-adventures-in-algiers-and-other-parts-of.pdf
    • http://www.gorillawalker.com/marketplace-security-systems-equipment-and-supplies-product-announcement-an-article.pdf
    • http://www.gorillawalker.com/honey-i-don-t-have-a-headache-tonight-help-for.pdf
    • http://www.gorillawalker.com/northern-europe-by-cruise-ship-the-complete-guide-to-cruising.pdf
    • http://www.gorillawalker.com/george-whitefield-chadwick.pdf
    • http://www.gorillawalker.com/in-the-image-of-god.pdf
    • http://www.gorillawalker.com/water-vapor-measurement-methods-and-instrumentation.pdf
    • http://www.gorillawalker.com/vuelven-the-returned-planeta-internacional-spanish-edition.pdf
    • http://www.gorillawalker.com/non-destructive-test-and-evaluation-of-materials.pdf
    • http://www.gorillawalker.com/anorexia-nervosa-and-bulimia.pdf
    • http://www.gorillawalker.com/the-bobby-singer-method-winning-at-blackjack.pdf
    • http://www.gorillawalker.com/cooking-light-annual-recipes-2003.pdf
    • http://www.gorillawalker.com/murder-the-perfect-murder.pdf
    • http://www.gorillawalker.com/the-islamic-worldview-islamic-jurisprudence-an-american-muslim-perspective-the.pdf
    • http://www.gorillawalker.com/principles-of-information-systems-with-online-content-printed-access-card.pdf
    • http://www.gorillawalker.com/karl-rahner-mystic-of-everyday-life-the-crossroad-spiritual-legacy.pdf
    • http://www.gorillawalker.com/princeless-book-2-get-over-yourself-no-1.pdf
    • http://www.gorillawalker.com/the-times-atlas-of-world-history-hammond-concise-atlas-of.pdf
    • http://www.gorillawalker.com/1-000-music-graphics-a-compilation-of-packaging-posters-and.pdf
    • http://www.gorillawalker.com/11-style-test-papers-maths.pdf
    • http://www.gorillawalker.com/melody-bober-piano-library-grand-solos-for-piano-book-1.pdf
    • http://www.gorillawalker.com/reflections-my-three-year-journey-to-freedom-living-with-multiple.pdf
    • http://www.gorillawalker.com/how-to-use-corn-meal-oat-meal-barley-buckwheat-potatoes.pdf
    • http://www.gorillawalker.com/11-verbal-reasoning-test-book-bk-1-including-multiple-choice.pdf
    • http://www.gorillawalker.com/jason-brent-star-plays.pdf
    • http://www.gorillawalker.com/hawaiian-love-piano-vocal-with-ukulele-arrangement.pdf
    • http://www.gorillawalker.com/goddamned-freaky-monsters-the-tome-of-bill-volume-5.pdf
    • http://www.gorillawalker.com/the-day-i-lost-my-superpowers.pdf
    • http://www.gorillawalker.com/linear-algebra-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.