Malicious PDF — malware analysis report

Static analysis result for SHA-256 ef3be55111df6784…

MALICIOUS

PDF

41.7 KB Created: 2018-11-23 20:58:37 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via AFPL Ghostscript 8.51)
MD5: b7b17c4767954d6d3b789f6df444228f SHA-1: 1103ff9625f42d038493dd37a1f908b36998ad29 SHA-256: ef3be55111df67848d37d6a3efac0cd25e51672abc701f7beb34875caf8f2b7b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a website, likely for SEO manipulation or to host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mid-life.pdf
    • http://www.gorillawalker.com/turning-the-brat-into-a-bimbo.pdf
    • http://www.gorillawalker.com/chronicle-financial-aid-guide-for-1993-94-school-year.pdf
    • http://www.gorillawalker.com/how-to-brief-a-case-quickstudy-law.pdf
    • http://www.gorillawalker.com/a-field-with-the-eleventh-army-corps-at-chancellorsville-a.pdf
    • http://www.gorillawalker.com/the-potato-cookbook-from-thinning-to-sinning-deliciously-from-soups.pdf
    • http://www.gorillawalker.com/irving-babbitt-man-and-teacher.pdf
    • http://www.gorillawalker.com/curious-cats-and-digging-dogs.pdf
    • http://www.gorillawalker.com/del-texto-a-la-accion-ensayos-de-hermeneutica-ii-spanish.pdf
    • http://www.gorillawalker.com/cosmetic-product-testing-a-modern-psychophysical-approach-cosmetic-science-and.pdf
    • http://www.gorillawalker.com/a-sister-s-promise.pdf
    • http://www.gorillawalker.com/the-holy-piby-the-blackman-s-bible.pdf
    • http://www.gorillawalker.com/rough-guide-to-venice-rough-guide-travel-guides.pdf
    • http://www.gorillawalker.com/attila-bassoon-1-and-2-parts-a5474.pdf
    • http://www.gorillawalker.com/graphic-activity-appliance-fine-orthodontic-treatment-series-chinese-edition.pdf
    • http://www.gorillawalker.com/smiles-to-go.pdf
    • http://www.gorillawalker.com/panama-spanish-edition.pdf
    • http://www.gorillawalker.com/myths-of-babylonia-and-assyria-forgotten-books.pdf
    • http://www.gorillawalker.com/international-dietetics-and-nutritional-terminology-pocket-guide.pdf
    • http://www.gorillawalker.com/michael-bolton-greatest-hits-1985-1995-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/image-and-identity-reflections-on-canadian-film-and-culture.pdf
    • http://www.gorillawalker.com/mrcp-examination-part-2-a-candidate-s-revision-notes-masterpass.pdf
    • http://www.gorillawalker.com/art-design-a-source-book.pdf
    • http://www.gorillawalker.com/henry-sidgwick-later-utilitarian-political-philosophy.pdf
    • http://www.gorillawalker.com/fun-with-grammar-75-quick-activities-games-that-help-kids.pdf
    • http://www.gorillawalker.com/shooting-stands-of-eastern-massachusetts-1929.pdf
    • http://www.gorillawalker.com/screenwriting-for-film-television-by-miller-william-1997-paperback.pdf
    • http://www.gorillawalker.com/nano-lithography-iste-hardcover-2011-author-stefan-landis.pdf
    • http://www.gorillawalker.com/maine-atlas-gazetteer.pdf
    • http://www.gorillawalker.com/south-american-adventures-pitman-s-travel-series.pdf
    • http://www.gorillawalker.com/the-adult-years-mastering-the-art-of-self-renewal.pdf
    • http://www.gorillawalker.com/the-land-hero-of-1812-or-campaigning-with-general-jackson.pdf
    • http://www.gorillawalker.com/think-outside-the-box-brain-benders.pdf
    • http://www.gorillawalker.com/children-and-pollution-why-scientists-disagree.pdf
    • http://www.gorillawalker.com/star-force-rescue-sf71-star-force-origin-series.pdf
    • http://www.gorillawalker.com/did-senator-larry-campbell-reveal-the-true-sentiment-of-rcmp.pdf
    • http://www.gorillawalker.com/the-seasons-vocal-score-new-english-german.pdf
    • http://www.gorillawalker.com/what-am-i-thinking.pdf
    • http://www.gorillawalker.com/century-21-computer-applications-keyboarding.pdf
    • http://www.gorillawalker.com/radar-and-the-atmosphere-artech-house-radar-library.pdf
    • http://www.gorillawalker.com/cosmetic-product-testing-a-modern-psychophysical-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.