Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec862371f680fd8e…

MALICIOUS

PDF

41.4 KB Created: 2019-03-17 10:57:06 +03:00 Authoring application: dvips(k) 5.96 Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.57)
MD5: 90bef966721c2d59903c0ea333fbe788 SHA-1: 48d39818c1dab15e2d063f1f3455b2eb7f1f26a4 SHA-256: ec862371f680fd8e80ad8f163fff709eb38097eb31207eb5a62f9ccc3eaf85cb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/saving-the-griffin.pdf
    • http://www.gorillawalker.com/the-first-48-hours-spiritual-caregivers-as-first-responders.pdf
    • http://www.gorillawalker.com/a-practical-dictionary-of-german-usage.pdf
    • http://www.gorillawalker.com/traffic-engineering-handbook-5th-edition.pdf
    • http://www.gorillawalker.com/colloquial-polish-the-complete-course-for-beginners-colloquial-series-cd.pdf
    • http://www.gorillawalker.com/creative-paint-workshop-for-mixed-media-artists-experimental-techniques-for.pdf
    • http://www.gorillawalker.com/decorative-arts-1900s-1910s-varia.pdf
    • http://www.gorillawalker.com/faruqui-s-english-to-arabic-law-dictionary.pdf
    • http://www.gorillawalker.com/ranger-s-apprentice-book-9-halt-s-peril.pdf
    • http://www.gorillawalker.com/architectural-details-2003.pdf
    • http://www.gorillawalker.com/quantum-radar-synthesis-lectures-on-quantum-computing.pdf
    • http://www.gorillawalker.com/fight-like-a-girl-learning-curve-tp.pdf
    • http://www.gorillawalker.com/materials-data-for-cyclic-loading-5-volume-set-msm-vol.pdf
    • http://www.gorillawalker.com/gender-violence-and-law-routledge-research-in-gender-and-society.pdf
    • http://www.gorillawalker.com/the-devil-we-don-t-know-the-dark-side-of.pdf
    • http://www.gorillawalker.com/super-safari-level-2-presentation-plus-dvd-rom.pdf
    • http://www.gorillawalker.com/molecular-nuclear-medicine-2nd-edition-fine-graduate-teaching-books-molecular.pdf
    • http://www.gorillawalker.com/kids-have-you-seen-my-backpack-and-other-inspirational-stories.pdf
    • http://www.gorillawalker.com/2-corinthians-an-exegetical-and-theological-exposition-of-holy-scripture.pdf
    • http://www.gorillawalker.com/lilies-that-fester-bretta-solomon-gardening-mysteries-kindle-edition.pdf
    • http://www.gorillawalker.com/game-of-thrones-2015-16-month-engagement-calendar.pdf
    • http://www.gorillawalker.com/dinosaurs-first-discovery.pdf
    • http://www.gorillawalker.com/life-s-a-bitch.pdf
    • http://www.gorillawalker.com/attention-memory-and-executive-function.pdf
    • http://www.gorillawalker.com/16-x-16-monster-wordoku-125-new-cranium-crushing-monstrously.pdf
    • http://www.gorillawalker.com/awesome-blossom-a-flower-power-book.pdf
    • http://www.gorillawalker.com/crops-and-methods-for-soil-improvement.pdf
    • http://www.gorillawalker.com/jingle-bell-harbor-a-bell-harbor-novella.pdf
    • http://www.gorillawalker.com/last-days-of-glory-the-death-of-queen-victoria.pdf
    • http://www.gorillawalker.com/the-essential-wedding-collection-2-or-3-octaves.pdf
    • http://www.gorillawalker.com/field-of-nightmares-kindle-edition.pdf
    • http://www.gorillawalker.com/driven-to-distraction-recognizing-and-coping-with-attention-deficit-disorder.pdf
    • http://www.gorillawalker.com/master-the-sat-2014-peterson-s-master-the-sat-kindle.pdf
    • http://www.gorillawalker.com/universe-dr-einstein.pdf
    • http://www.gorillawalker.com/brand-mascots-and-other-marketing-animals.pdf
    • http://www.gorillawalker.com/daily-strength-for-daily-needs.pdf
    • http://www.gorillawalker.com/the-butler-s-ghost.pdf
    • http://www.gorillawalker.com/the-gods-games-volume-1-2-graphic-edition-the-gods.pdf
    • http://www.gorillawalker.com/an-introduction-to-criminal-evidence-cases-and-concepts.pdf
    • http://www.gorillawalker.com/lost-and-found-a-samantha-classic-volume-2-american-girl.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.