Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4acdcc2893fb857…

MALICIOUS

PDF

43.5 KB Created: 2018-12-08 04:13:06 +03:00 Authoring application: - (via GNU Ghostscript 6.53)
MD5: 19b9ca135076ac5378a7daacdeef0715 SHA-1: 0400a465ced01c48bc4ac06690472e719dc73472 SHA-256: e4acdcc2893fb85702614b40a4d3c0a733809ae65a205a6aa2724d01069f946d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links found. The ML classifier also strongly indicated maliciousness. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or manipulate search results. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9099

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dynamo-5-volume-3-fresh-blood.pdf
    • http://www.gorillawalker.com/post-jungian-criticism-theory-and-practice-suny-series-in-psychoanalysis.pdf
    • http://www.gorillawalker.com/rare.pdf
    • http://www.gorillawalker.com/cakes-and-cookies.pdf
    • http://www.gorillawalker.com/tell-it-slant-study-guide.pdf
    • http://www.gorillawalker.com/the-stylistics-of-poetry-context-cognition-discourse-history-advances-in.pdf
    • http://www.gorillawalker.com/the-antidote-happiness-for-people-who-can-t-stand-positive.pdf
    • http://www.gorillawalker.com/financial-planning-exposed-overcoming-myths-to-create-a-secure-future.pdf
    • http://www.gorillawalker.com/the-kitchen-witch-guide-to-the-timeless-art-of-herbal.pdf
    • http://www.gorillawalker.com/national-geographic-encyclopedia-of-animals-exclusive-expanded-edition.pdf
    • http://www.gorillawalker.com/the-cultural-space-of-the-arts-and-the-infelicities-of.pdf
    • http://www.gorillawalker.com/newman-and-the-gospel-of-christ-oxford-theological-monographs.pdf
    • http://www.gorillawalker.com/latino-urbanism-the-politics-of-planning-policy-and-redevelopment.pdf
    • http://www.gorillawalker.com/roadmap-to-the-correct-prescription.pdf
    • http://www.gorillawalker.com/aquarium-atlas-volume-3.pdf
    • http://www.gorillawalker.com/artwork-pencil-drawings-of-famous-people-101-pencil-sketches-of.pdf
    • http://www.gorillawalker.com/naked-in-the-stream-isle-royale-stories.pdf
    • http://www.gorillawalker.com/the-new-oxford-book-of-war-poetry-oxford-books-of.pdf
    • http://www.gorillawalker.com/everything-is-hotsy-totsy-now-ukulele-ike-edwards-on-front.pdf
    • http://www.gorillawalker.com/the-game-of-my-life-a-true-story-of-challenge.pdf
    • http://www.gorillawalker.com/desperate-for-love.pdf
    • http://www.gorillawalker.com/economic-development-of-tropical-agriculture-theory-policy-strategy-and-organization.pdf
    • http://www.gorillawalker.com/magnesium-technology-proceedings-of-the-conference-sponsored-and-organized-by.pdf
    • http://www.gorillawalker.com/secrets-about-men-every-woman-should-know.pdf
    • http://www.gorillawalker.com/true-crime-seventeen-real-girls-real-life-stories.pdf
    • http://www.gorillawalker.com/financial-reporting-and-analysis-5th-edition.pdf
    • http://www.gorillawalker.com/riddle-of-the-sands-kindle-edition.pdf
    • http://www.gorillawalker.com/the-rise-of-modern-logic-from-leibniz-to-frege-volume.pdf
    • http://www.gorillawalker.com/ashes-in-the-wind-the-destruction-of-dutch-jewry.pdf
    • http://www.gorillawalker.com/targeting-terror-u-s-policy-toward-middle-eastern-state-sponsors.pdf
    • http://www.gorillawalker.com/canine-and-feline-geriatrics.pdf
    • http://www.gorillawalker.com/amerikabrevene-stjalne-amerikabrev-historien-bak-tyveriet-i-1896-samt-en.pdf
    • http://www.gorillawalker.com/politicizing-gender-narrative.pdf
    • http://www.gorillawalker.com/a-woman-s-soul-reflections.pdf
    • http://www.gorillawalker.com/program-construction-international-summer-school-lecture-notes-in-computer-science.pdf
    • http://www.gorillawalker.com/crime-and-the-media-the-postmodern-spectacle.pdf
    • http://www.gorillawalker.com/little-jewel.pdf
    • http://www.gorillawalker.com/brimstone-pendergast-series-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/folklore-of-prehistoric-sites-in-britain.pdf
    • http://www.gorillawalker.com/el-burlador-de-sevilla-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.