Malicious PDF — malware analysis report

Static analysis result for SHA-256 e270597123355a72…

MALICIOUS

PDF

41.3 KB Created: 2019-03-16 09:23:08 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 170c9ddc822570e1f09382249c3e1c9f SHA-1: e9f1330c9618b4cd9f337afe7c7c5a939a11b91c SHA-256: e270597123355a72ee171d52a5dbe276aacac9d29ad9de8e98a98c69e26ca84b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. The primary attack pattern appears to be SEO manipulation or redirection to potentially malicious content via these numerous links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/born-of-the-people.pdf
    • http://www.gorillawalker.com/girls-and-education.pdf
    • http://www.gorillawalker.com/choral-fantasy-op-80-vocal-score-french-and-german-edition.pdf
    • http://www.gorillawalker.com/decisiones-que-cuentan-principios-para-tomar-decisiones-economicas-que-te.pdf
    • http://www.gorillawalker.com/molecular-mechanisms-of-adult-stem-cell-aging-else-kroner-fresenius.pdf
    • http://www.gorillawalker.com/the-art-of-diesel-building-an-efficient-family-hauler.pdf
    • http://www.gorillawalker.com/piano-concerto-no-13-in-c-major-k-415-387b.pdf
    • http://www.gorillawalker.com/beating-fascism-anarchist-anti-fascism-in-theory-and-practice-anarchist.pdf
    • http://www.gorillawalker.com/missionshift-global-mission-issues-in-the-third-millennium.pdf
    • http://www.gorillawalker.com/soccer-and-its-greatest-players-inside-sports.pdf
    • http://www.gorillawalker.com/hilda-s-inn-for-retired-heroes.pdf
    • http://www.gorillawalker.com/algebraic-topology-an-intuitive-approach-translations-of-mathematical-monographs-vol.pdf
    • http://www.gorillawalker.com/once-a-fisher-always-a-fisher.pdf
    • http://www.gorillawalker.com/destiny-signature-series-strategy-guide.pdf
    • http://www.gorillawalker.com/moi-the-making-of-an-african-statesman.pdf
    • http://www.gorillawalker.com/star-force-revelation-sf79-star-force-origin-series.pdf
    • http://www.gorillawalker.com/the-black-book-ii-from-hajji-malik-al-shabazz-to.pdf
    • http://www.gorillawalker.com/interpretation-of-pulmonary-function-tests.pdf
    • http://www.gorillawalker.com/rapid-tooling-guidelines-for-sand-casting-mechanical-engineering-series.pdf
    • http://www.gorillawalker.com/espana-exploring-the-flavors-of-spain.pdf
    • http://www.gorillawalker.com/the-tesseract.pdf
    • http://www.gorillawalker.com/rigid-plastic-packaging-in-south-korea-to-2015-market-profile.pdf
    • http://www.gorillawalker.com/a-history-of-mathematics-second-edition.pdf
    • http://www.gorillawalker.com/mary-had-a-little-jam-and-other-silly-rhymes.pdf
    • http://www.gorillawalker.com/the-war-with-hannibal-the-history-of-rome-from-its.pdf
    • http://www.gorillawalker.com/the-sermon-on-the-mount-its-old-testament-roots.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-lowering-your-cholesterol-healthy-home-library.pdf
    • http://www.gorillawalker.com/how-bush-rules-chronicles-of-a-radical-regime.pdf
    • http://www.gorillawalker.com/requiem-in-d-minor-k-626-violin-ii-part-qty.pdf
    • http://www.gorillawalker.com/rape-and-ritual-a-psychological-study-studies-in-jungian-psychology.pdf
    • http://www.gorillawalker.com/agro-food-marketing.pdf
    • http://www.gorillawalker.com/anti-idiotypic-vaccines-progress-in-vaccinology.pdf
    • http://www.gorillawalker.com/quien-se-robo-los-colores-third-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/low-capacity-cryogenic-refrigeration-monographs-on-cryogenics.pdf
    • http://www.gorillawalker.com/budapest-fbcp-100.pdf
    • http://www.gorillawalker.com/ototoxicity.pdf
    • http://www.gorillawalker.com/secrets-of-the-blue-cliff-record-zen-comments-by-hakuin.pdf
    • http://www.gorillawalker.com/museums-and-restitution-new-practices-new-approaches.pdf
    • http://www.gorillawalker.com/crimes-of-the-art-world.pdf
    • http://www.gorillawalker.com/unafraid-365-days-without-fear.pdf
    • http://www.gorillawalker.com/decisiones-que-cuentan-principios-para-tomar-decisiones-e
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.