Malicious PDF — malware analysis report

Static analysis result for SHA-256 eb0a1344d3389169…

MALICIOUS

PDF

43.7 KB Created: 2018-12-15 20:01:06 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: e707ea8582ac226864e76c64586e1c77 SHA-1: 09cbe2ad0b45f17dd3c7e3f739d9e3c439ab147a SHA-256: eb0a1344d33891694101125277d436df71955c881f401f4e558782c7252bf7f0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs are all hosted on www.gorillawalker.com, suggesting a coordinated effort to manipulate search engine results or distribute content from a single source. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-a-to-z-of-british-radio-the-a-to.pdf
    • http://www.gorillawalker.com/fighting-crime-together-the-challenges-of-policing-security-networks.pdf
    • http://www.gorillawalker.com/in-the-shade-of-the-qur-an-vol-16-fi.pdf
    • http://www.gorillawalker.com/prelude-to-postlude-ceremonial-music-for-string-trio-with-opt.pdf
    • http://www.gorillawalker.com/strategy-and-management-of-industrial-brands-business-to-business-products.pdf
    • http://www.gorillawalker.com/nematology-advances-and-perspectives.pdf
    • http://www.gorillawalker.com/medicare-s-birth-in-saskatchewan-50th-anniversary-of-a-people.pdf
    • http://www.gorillawalker.com/principles-of-discrete-event-simulation-wiley-series-on-systems-engineering.pdf
    • http://www.gorillawalker.com/never-kiss-a-man-in-a-canoe-words-of-wisdom.pdf
    • http://www.gorillawalker.com/you-can-be-happy-no-matter-what-five-principles-for.pdf
    • http://www.gorillawalker.com/the-chronology-of-american-literature-america-s-literary-achievements-from.pdf
    • http://www.gorillawalker.com/neruda-por-skarmeta-spanish-edition.pdf
    • http://www.gorillawalker.com/broadband-european-networks-and-multimedia-services-18-20-may-1998.pdf
    • http://www.gorillawalker.com/mother-teresa-a-biography-greenwood-biographies.pdf
    • http://www.gorillawalker.com/gre-literature-in-english-test-secrets-study-guide-gre-subject.pdf
    • http://www.gorillawalker.com/sustainable-urban-industrial-development-pas-report.pdf
    • http://www.gorillawalker.com/good-tidings-the-history-and-ecology-of-shellfish-farming-in.pdf
    • http://www.gorillawalker.com/exceptional-children-a-developmental-view-college.pdf
    • http://www.gorillawalker.com/comparative-constitutional-law-university-casebook-series.pdf
    • http://www.gorillawalker.com/slave-girl-the-1-001-erotic-nights-series-kindle-edition.pdf
    • http://www.gorillawalker.com/the-a3-workbook-unlock-your-problem-solving-mind.pdf
    • http://www.gorillawalker.com/the-zero-energy-thermal-mass-greenhouse-one-hour-of-free.pdf
    • http://www.gorillawalker.com/ali-boumendjel-1919-1957-une-affaire-fran-aise-une-histoire.pdf
    • http://www.gorillawalker.com/the-hallux-an-issue-of-foot-and-ankle-clinics-1e.pdf
    • http://www.gorillawalker.com/rocket-s-mighty-words.pdf
    • http://www.gorillawalker.com/foundations-adult-health-nursing-text-with-miller-keane-encyclopedia-dictionary.pdf
    • http://www.gorillawalker.com/el-ladron-del-fuego-ataca-de-nuevo-the-fire-thief.pdf
    • http://www.gorillawalker.com/my-new-teacher-and-me.pdf
    • http://www.gorillawalker.com/blue-amber-kindle-edition.pdf
    • http://www.gorillawalker.com/creative-happiness-a-journey-with-j-krishnamurti.pdf
    • http://www.gorillawalker.com/blues-for-flute.pdf
    • http://www.gorillawalker.com/insurance-dictionary-what-means-what-when-it-comes-to-life.pdf
    • http://www.gorillawalker.com/inside-city-parks.pdf
    • http://www.gorillawalker.com/femdom-forever-3-female-domination-stories.pdf
    • http://www.gorillawalker.com/ny-pt-dressing-after-prostate-exam-blacks-out-medical-malpractice.pdf
    • http://www.gorillawalker.com/bitch-heiress-x-samurai-butler-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-cosmetic-skin-care-second-edition-series-in-cosmetic.pdf
    • http://www.gorillawalker.com/statistical-thermodynamics-a-version-of-statistical-mechanics-for-students-of.pdf
    • http://www.gorillawalker.com/felix-mendelssohn-6-ges-nge-op-19a-a-score-for.pdf
    • http://www.gorillawalker.com/legal-rules-and-legal-reasoning-collected-essays-in-law.pdf
    • http://www.gorillawalker.com/medicare-s-birth-in-saskatchewan-50th-anniversary-of-a-people
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.