Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8ebecca2bf44583…

MALICIOUS

PDF

44.3 KB Created: 2019-01-06 08:14:33 +03:00 Authoring application: dvips(k) 5.993 Copyright 2013 Radical Eye Software (via GPL Ghostscript 9.14)
MD5: 795acef9bb1f9b5195405d1ce2631dfd SHA-1: a7f7b3146323a4613c508f6b9faccdf9adb09275 SHA-256: f8ebecca2bf4458374bb0d5223c8cbcf50561194cffb2a6fd9a13e74ec0b4fba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs pointing to external PDF documents. This suggests a link farm or SEO poisoning attack, where the document's primary purpose is to redirect users to a multitude of other resources, potentially for malicious advertising or to obscure malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/determination-of-sulfuric-acid-oxalic-acid-and-their-matrix-effects.pdf
    • http://www.gorillawalker.com/rick-steves-spain-2014.pdf
    • http://www.gorillawalker.com/inherited-iras-what-every-practitioner-must-know.pdf
    • http://www.gorillawalker.com/george-muller-el-defensor-de-les-ninos-heroes-of-faith.pdf
    • http://www.gorillawalker.com/the-last-hurrah-a-celebration-of-hockey-s-greatest-season.pdf
    • http://www.gorillawalker.com/the-little-brown-compact-handbook-with-exercises-8th-edition-aaron.pdf
    • http://www.gorillawalker.com/whale-watching-sustainable-tourism-and-ecological-management.pdf
    • http://www.gorillawalker.com/paintball-strategies-and-tactics.pdf
    • http://www.gorillawalker.com/inside-out-barcelona-insideout-city-guides.pdf
    • http://www.gorillawalker.com/reasons-for-hope-instructive-experiences-in-rural-development-kumarian-press.pdf
    • http://www.gorillawalker.com/trucks-sticker-stories.pdf
    • http://www.gorillawalker.com/key-concepts-in-modern-indian-studies.pdf
    • http://www.gorillawalker.com/bath-time-beth-activity-books.pdf
    • http://www.gorillawalker.com/peer-rejection-developmental-processes-and-intervention-strategies-guilford-series-on.pdf
    • http://www.gorillawalker.com/android-tablets-for-seniors-in-easy-steps.pdf
    • http://www.gorillawalker.com/numicon-box-of-80-numicon-shapes.pdf
    • http://www.gorillawalker.com/holt-mathematics-homework-practice-workbook-course-3.pdf
    • http://www.gorillawalker.com/portfolios-in-the-classroom-tools-for-learning-and-instruction-stenhouse.pdf
    • http://www.gorillawalker.com/the-bookshop.pdf
    • http://www.gorillawalker.com/every-breath-you-take-a-novel-a-kristen-conner-mystery.pdf
    • http://www.gorillawalker.com/smart-and-sustainable-power-systems-operations-planning-and-economics-of.pdf
    • http://www.gorillawalker.com/depression-the-sun-always-rises-gospel-for-real-life.pdf
    • http://www.gorillawalker.com/all-in-one-piano-lessons-book-b-hal-leonard-student.pdf
    • http://www.gorillawalker.com/godsend-14-ass-to-kiss-godsend-series.pdf
    • http://www.gorillawalker.com/kaya-s-short-story-collection-american-girl.pdf
    • http://www.gorillawalker.com/perceiving-talking-faces-from-speech-perception-to-a-behavioral-principle.pdf
    • http://www.gorillawalker.com/die-fledermaus-act-iii-couplet-spiel-ich-audition-song-harp.pdf
    • http://www.gorillawalker.com/there-are-things-we-live-among-essays-on-the-object.pdf
    • http://www.gorillawalker.com/india-before-europe.pdf
    • http://www.gorillawalker.com/data-assimilation-a-mathematical-introduction-texts-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/phytochemical-ecology-proceedings-of-the-phytochemical-society-symposium-royal-holloway.pdf
    • http://www.gorillawalker.com/extending-the-table-a-guide-for-a-ministry-of-home.pdf
    • http://www.gorillawalker.com/corporate-power-and-responsibility-issues-in-the-theory-of-company.pdf
    • http://www.gorillawalker.com/writers-choices-grammar-to-improve-style.pdf
    • http://www.gorillawalker.com/empire-and-education-under-the-ottomans-politics-reform-and-resistance.pdf
    • http://www.gorillawalker.com/milking-the-rhino-dangerously-funny-lists.pdf
    • http://www.gorillawalker.com/keep-em-alive-the-bodyguard-s-trade.pdf
    • http://www.gorillawalker.com/geometric-and-spectral-analysis-contemporary-mathematics.pdf
    • http://www.gorillawalker.com/juxtapoz-hyperreal.pdf
    • http://www.gorillawalker.com/3rd-chance-chance-series-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.