Malicious PDF — malware analysis report

Static analysis result for SHA-256 decfb1e45ec3b314…

MALICIOUS

PDF

42.9 KB Created: 2018-11-26 08:22:46 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.07)
MD5: ebe2d9aeca66a1ea7cf7c78965037597 SHA-1: 91c625378143b797abe1ac304dee98712b24cd1c SHA-256: decfb1e45ec3b314163251a902e45871b0f8edca688bbcedebe8ed4586cf5fbe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, all hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seven-days-of-solitude-a-guidebook-for-a-personal-retreat.pdf
    • http://www.gorillawalker.com/inky-the-missing-gold.pdf
    • http://www.gorillawalker.com/radiation-curing-science-and-technology-topics-in-applied-chemistry.pdf
    • http://www.gorillawalker.com/customer-service-excellence-how-to-deliver-value-to-today-s.pdf
    • http://www.gorillawalker.com/wired-women-gender-and-new-realities-in-cyberspace.pdf
    • http://www.gorillawalker.com/papua-and-new-guinea-around-australia-program.pdf
    • http://www.gorillawalker.com/mel-bay-the-drummer-s-cook-book.pdf
    • http://www.gorillawalker.com/teaching-and-learning-in-lower-secondary-schools-in-the-era.pdf
    • http://www.gorillawalker.com/fluency-with-information-technology-skills-concepts-capabilities-3rd.pdf
    • http://www.gorillawalker.com/remington-army-and-navy-revolvers-1861-1888.pdf
    • http://www.gorillawalker.com/theatre-and-performance-design-a-reader-in-scenography.pdf
    • http://www.gorillawalker.com/structural-geology-of-canadian-ore-deposits-a-symposium-1948.pdf
    • http://www.gorillawalker.com/risky-sideline-bdsm-erotica.pdf
    • http://www.gorillawalker.com/tradition-and-the-formation-of-the-talmud.pdf
    • http://www.gorillawalker.com/liberal-fascism-the-secret-history-of-the-american-left-from.pdf
    • http://www.gorillawalker.com/moving-out-of-poverty-success-from-the-bottom-up.pdf
    • http://www.gorillawalker.com/when-brother-fought-brother-the-american-civil-war-american-milestones.pdf
    • http://www.gorillawalker.com/cars-mighty-machines.pdf
    • http://www.gorillawalker.com/improving-patient-treatment-adherence-a-clinician-s-guide.pdf
    • http://www.gorillawalker.com/gymnast-rules-pict-pa.pdf
    • http://www.gorillawalker.com/chugworth-academy-vol-1.pdf
    • http://www.gorillawalker.com/southwest-rock.pdf
    • http://www.gorillawalker.com/principles-of-pediatric-nursing-caring-for-children-5th-edition.pdf
    • http://www.gorillawalker.com/commencement-of-insolvency-proceedings-oxford-international-and-comparative-insolvency-law.pdf
    • http://www.gorillawalker.com/signifying-god-social-relation-and-symbolic-act-in-the-york.pdf
    • http://www.gorillawalker.com/global-issues-in-patient-recruitment-and-retention.pdf
    • http://www.gorillawalker.com/applied-psychology-new-frontiers-and-rewarding-careers.pdf
    • http://www.gorillawalker.com/exzessive-palliativchirurgie-spezialheft-chirurgische-gastroenterologie-2007-dutch-edition.pdf
    • http://www.gorillawalker.com/arlekinada-pas-de-trois-bassoon-1-part-qty-2-a8908.pdf
    • http://www.gorillawalker.com/holt-biologia-assessments-spanish-edition.pdf
    • http://www.gorillawalker.com/what-does-the-minimum-wage-do.pdf
    • http://www.gorillawalker.com/the-holocaust-a-german-historian-examines-the-genocide.pdf
    • http://www.gorillawalker.com/geology-of-the-united-states-seafloor-the-view-from-gloria.pdf
    • http://www.gorillawalker.com/every-prophecy-of-the-bible-clear-explanations-for-uncertain-times.pdf
    • http://www.gorillawalker.com/matlab-for-behavioral-scientists-second-edition.pdf
    • http://www.gorillawalker.com/law-of-administrative-investigations-and-prosecutions.pdf
    • http://www.gorillawalker.com/human-being-human-culture-and-the-soul.pdf
    • http://www.gorillawalker.com/american-public-opinion-advocacy-and-policy-in-congress-what-the.pdf
    • http://www.gorillawalker.com/battle-for-north-carolina.pdf
    • http://www.gorillawalker.com/california-peace-officers-vehicle-code-2015-qwik-code.pdf
    • http://www.gorillawalker.com/mel-bay-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.