Malicious PDF — malware analysis report

Static analysis result for SHA-256 e597e9a80238b2de…

MALICIOUS

PDF

43.8 KB Created: 2018-12-15 20:06:45 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 961eba54d1aae8907114053930e959e8 SHA-1: 0ee14d73a45625a0959296d5d1b8864a10884099 SHA-256: e597e9a80238b2de36b55c942cbee13853f4cc2ef0201ac39e2b62ee8ecf83ae
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a redirection scheme designed to drive traffic to a specific set of resources. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rock-mechanics-an-introduction.pdf
    • http://www.gorillawalker.com/compounds-with-chlorine-bromine-iodine-gmelin-handbook-of-inorganic-and.pdf
    • http://www.gorillawalker.com/forensic-pathology.pdf
    • http://www.gorillawalker.com/battletech-silent-reapers-zyklus-2-auf-der-flucht-german-edition.pdf
    • http://www.gorillawalker.com/180-essential-vocabulary-words-for-6th-grade-independent-learning-packets.pdf
    • http://www.gorillawalker.com/marley-marley-springs-ahead.pdf
    • http://www.gorillawalker.com/tvro-technology.pdf
    • http://www.gorillawalker.com/destinos-second-edition-of-the-alternate-edition.pdf
    • http://www.gorillawalker.com/christopher-columbus-and-his-voyage-to-america-lets-celebrate-series.pdf
    • http://www.gorillawalker.com/principles-of-chemistry-a-molecular-approach.pdf
    • http://www.gorillawalker.com/the-walking-dead-03-die-zuflucht-german-edition.pdf
    • http://www.gorillawalker.com/spalding-s-official-football-guide-for-1918.pdf
    • http://www.gorillawalker.com/principles-of-prescribing-clinical-experiences-of-pioneers-of-homeopathy.pdf
    • http://www.gorillawalker.com/the-last-vampire.pdf
    • http://www.gorillawalker.com/sams-teach-yourself-web-services-in-24-hours.pdf
    • http://www.gorillawalker.com/one-piece-vol-34-the-city-of-water-water-seven.pdf
    • http://www.gorillawalker.com/cooking-with-the-firehouse-chef.pdf
    • http://www.gorillawalker.com/south-sea-tales-by-jack-london-short-story-collection-the.pdf
    • http://www.gorillawalker.com/rancidity-in-foods.pdf
    • http://www.gorillawalker.com/marvel-chronicle-a-year-by-year-history.pdf
    • http://www.gorillawalker.com/giacomo-leopardi-selected-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/radically-simple-accounting-a-way-out-of-the-dark-and.pdf
    • http://www.gorillawalker.com/craigavon-irish-discoverer-series.pdf
    • http://www.gorillawalker.com/conceptual-structures-knowledge-visualization-and-reasoning-16th-international-conference-on.pdf
    • http://www.gorillawalker.com/branded-orca-currents.pdf
    • http://www.gorillawalker.com/vision-casting-the-road-of-leadership-the-summit-at-willow.pdf
    • http://www.gorillawalker.com/do-obsessional-beliefs-discriminate-ocd-without-tic-patients-from-ocd.pdf
    • http://www.gorillawalker.com/ellie-and-elvis-bloomsbury-paperbacks.pdf
    • http://www.gorillawalker.com/owned-by-bbc-2-interracial-cuckold-lifestyle-naughty-interracial-hot.pdf
    • http://www.gorillawalker.com/the-wannado-curriculum-a-math-teacher-s-journey-to-the.pdf
    • http://www.gorillawalker.com/asian-security-order-instrumental-and-normative-features.pdf
    • http://www.gorillawalker.com/the-shadow-no-4-the-murder-master-and-the-hydra.pdf
    • http://www.gorillawalker.com/andante-e-rondo-ongarese-op-35-version-for-bassoon-and.pdf
    • http://www.gorillawalker.com/substrate-noise-coupling-in-analog-rf-circuits-artech-house-microwave.pdf
    • http://www.gorillawalker.com/contract-of-betrayal-spectras-arise-trilogy-book-2.pdf
    • http://www.gorillawalker.com/the-court-and-times-of-charles-the-first-illustrated-by.pdf
    • http://www.gorillawalker.com/iec-60130-12-ed-2-0-b-1976-connectors-for.pdf
    • http://www.gorillawalker.com/rocker-scars-strikes.pdf
    • http://www.gorillawalker.com/hybrid-lives-of-teaching-artists-in-dance-and-theatre-arts.pdf
    • http://www.gorillawalker.com/ordinary-people-change-the-world-gift-set-ordinary-people-change.pdf
    • http://www.gorillawalker.com/christopher-columbus-and-his-voyage
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.