Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9137a9a786d6dc1…

MALICIOUS

PDF

35.9 KB Created: 2020-01-10 17:21:27 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: 6fe4e7fe7c1a925dd1fb7bb306586e0b SHA-1: 20661352a9ba67aa6fee7ce67b100ffc50a1c4ce SHA-256: d9137a9a786d6dc1c067421663efb6c05a323e57b6da3e70ab499784ff3a6f7c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or SEO poisoning tactic, designed to drive traffic to a specific domain or set of resources. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7977

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/worthy-of-the-nation-washington-dc-from-l-enfant-to.pdf
    • http://www.gorillawalker.com/the-jim-doty-story-accounts-of-some-of-the-marathon.pdf
    • http://www.gorillawalker.com/the-servant-state-overseeing-capital-accumulation-in-canada.pdf
    • http://www.gorillawalker.com/care-for-the-caregiver.pdf
    • http://www.gorillawalker.com/elementary-intermediate-algebra-with-mathxl-12-month-access-3rd-edition.pdf
    • http://www.gorillawalker.com/dragon-ball-z-dragon-ball-z-sagebrush.pdf
    • http://www.gorillawalker.com/comedy-quotes-from-the-movies-over-4-000-bits-of.pdf
    • http://www.gorillawalker.com/guardian-a-jack-sigler-continuum-novella.pdf
    • http://www.gorillawalker.com/biometrie-und-informatik-neue-wege-zur-erkenntnisgewinnung-in-der-medizin.pdf
    • http://www.gorillawalker.com/rv-camping-guide-box-set-2-in-1-50-mistakes.pdf
    • http://www.gorillawalker.com/behavioral-ecology-of-tropical-birds-ap-natural-world.pdf
    • http://www.gorillawalker.com/cured-slow-techniques-for-flavouring-meat-fish-and-vegetables.pdf
    • http://www.gorillawalker.com/modern-geometry.pdf
    • http://www.gorillawalker.com/violence-against-prisoners-of-war-in-the-first-world-war.pdf
    • http://www.gorillawalker.com/pediatric-splinting-selection-fabrication-and-clinical-application-of-upper-extremity.pdf
    • http://www.gorillawalker.com/statistical-methods-for-quality-of-life-studies-design-measurements-and.pdf
    • http://www.gorillawalker.com/commentaries-on-the-civil-war-illustrated.pdf
    • http://www.gorillawalker.com/steck-vaughn-language-exercises-student-edition-grade-3-level-c.pdf
    • http://www.gorillawalker.com/treating-the-alcoholic-a-developmental-model-of-recovery.pdf
    • http://www.gorillawalker.com/35-years-of-the-ironman-triathlon-world-championships.pdf
    • http://www.gorillawalker.com/earth-into-property-colonization-decolonization-and-capitalism-the-bowl-with.pdf
    • http://www.gorillawalker.com/turkmenistan-strategies-of-power-dilemmas-of-development.pdf
    • http://www.gorillawalker.com/business-beyond-the-box-applying-your-mind-for-breakthrough-results.pdf
    • http://www.gorillawalker.com/the-people-finder-reuniting-relatives-finding-friends-a-practical-guide.pdf
    • http://www.gorillawalker.com/wheat-harvesttime-welcome-books.pdf
    • http://www.gorillawalker.com/hiking-trails-of-southern-africa-south-african-travel-field-guides.pdf
    • http://www.gorillawalker.com/fuengirola-benalmadena-costa-del-sol-spain-travel-guide-sightseeing-hotel.pdf
    • http://www.gorillawalker.com/wizards-presents-classes-and-races-dungeons-dragons.pdf
    • http://www.gorillawalker.com/professional-cooking.pdf
    • http://www.gorillawalker.com/war-over-kosovo-politics-and-strategy-in-a-global-age.pdf
    • http://www.gorillawalker.com/corrupted-by-mom-s-boyfriend-corrupted-by-men-in-power.pdf
    • http://www.gorillawalker.com/happy-as-the-grass-was-green.pdf
    • http://www.gorillawalker.com/sonatina-album-piano-solo-schirmer-s-library-of-musical-classics.pdf
    • http://www.gorillawalker.com/serial-composition.pdf
    • http://www.gorillawalker.com/the-m-lodies-of-francis-poulenc-a-study-guide.pdf
    • http://www.gorillawalker.com/habit-a-gripping-detective-thriller-full-of-suspense-titan-trilogy.pdf
    • http://www.gorillawalker.com/gianni-schicchi-full-score-a7693.pdf
    • http://www.gorillawalker.com/my-boyfriend-s-an-alien.pdf
    • http://www.gorillawalker.com/enduring-justice-photographs-by-thomas-roma.pdf
    • http://www.gorillawalker.com/alcman-and-the-cosmos-of-sparta.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.