Malicious PDF — malware analysis report

Static analysis result for SHA-256 effd6ac35818fd69…

MALICIOUS

PDF

43.5 KB Created: 2019-03-17 07:04:36 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: d93433a71fc4f73512ce63bd27e81424 SHA-1: 771ee94090c6fc9bdb7ebffeca56f8587503b90e SHA-256: effd6ac35818fd690a0895e180f95770e0d7a40fc1b50b25646247343e75f2b9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The presence of numerous links to various PDF files hosted on 'gorillawalker.com' suggests an attempt to create a link farm. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/father-s-journal.pdf
    • http://www.gorillawalker.com/aisc-manual-of-steel-construction-allowable-stress-design-aisc-316.pdf
    • http://www.gorillawalker.com/the-art-of-aromatherapy-a-guide-to-using-essential-oils.pdf
    • http://www.gorillawalker.com/dread-history.pdf
    • http://www.gorillawalker.com/the-analysis-and-use-of-financial-statements.pdf
    • http://www.gorillawalker.com/japan-in-the-world-shidehara-kijuro-pacifism-and-the-abolition.pdf
    • http://www.gorillawalker.com/structural-damping-applications-in-seismic-response-modification-advances-in-earthquake.pdf
    • http://www.gorillawalker.com/tracking-wild-boar-hunters-osteology-of-wild-boar-in-mesolithic.pdf
    • http://www.gorillawalker.com/attention-deficit-democracy.pdf
    • http://www.gorillawalker.com/business-math-plus-new-mymathlab-with-pearson-etext-access-card.pdf
    • http://www.gorillawalker.com/a-secret-to-keep.pdf
    • http://www.gorillawalker.com/america-latina-en-sus-ideas-serie-america-latina-en-su.pdf
    • http://www.gorillawalker.com/climbing-out-of-bed.pdf
    • http://www.gorillawalker.com/river-of-dreams-the-story-of-the-hudson-river.pdf
    • http://www.gorillawalker.com/a-tiny-family.pdf
    • http://www.gorillawalker.com/the-theory-and-practice-of-item-response-theory-methodology-in.pdf
    • http://www.gorillawalker.com/the-world-around-us-smelling-dover-coloring-books.pdf
    • http://www.gorillawalker.com/pablo-picasso-suite-vollard.pdf
    • http://www.gorillawalker.com/spawn-origins-volume-19-tp.pdf
    • http://www.gorillawalker.com/sex-among-the-rabble-an-intimate-history-of-gender-and.pdf
    • http://www.gorillawalker.com/account-of-an-expedition-from-pittsburgh-to-the-rocky-mountains.pdf
    • http://www.gorillawalker.com/dark-enlightenment-the-historical-sociological-and-discursive-contexts-of-contemporary.pdf
    • http://www.gorillawalker.com/the-first-letter-to-the-corinthians-the-pillar-new-testament.pdf
    • http://www.gorillawalker.com/the-fabric-of-cultures-fashion-identity-and-globalization.pdf
    • http://www.gorillawalker.com/hr-metrics-the-world-class-way.pdf
    • http://www.gorillawalker.com/the-confucian-kingship-in-korea.pdf
    • http://www.gorillawalker.com/the-secrets-of-wildflowers-a-delightful-feast-of-little-known.pdf
    • http://www.gorillawalker.com/managing-imitation-strategies.pdf
    • http://www.gorillawalker.com/john-coltrane-john-coltrane.pdf
    • http://www.gorillawalker.com/history-of-new-mexico-from-the-spanish-conquest-to-the.pdf
    • http://www.gorillawalker.com/kaplan-test-prep-and-admissions-oat-review-notes.pdf
    • http://www.gorillawalker.com/manual-de-control-de-gestion-incluye-casos-pr-cticos-spanish.pdf
    • http://www.gorillawalker.com/a-gameday-menu-and-food-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/deep-and-meaningful-diaries-from-planet-janet.pdf
    • http://www.gorillawalker.com/high-yield-behavioral-science-high-yield-series.pdf
    • http://www.gorillawalker.com/mcts-guide-to-configuring-microsoft-windows-server-2008-active-directory.pdf
    • http://www.gorillawalker.com/it-s-fun-to-be-a-grandma-heartlite-stories.pdf
    • http://www.gorillawalker.com/organize-your-brain-stress-less-do-more-self-improvement-habits.pdf
    • http://www.gorillawalker.com/guardians-of-time-the-after-cilmeri-series-book-9.pdf
    • http://www.gorillawalker.com/complete-guide-to-size-specification-and-technical-design-2nd-edition.pdf
    • http://www.gorillawalker.com/structural-damping-applications-in-seismic-res
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.