Malicious PDF — malware analysis report

Static analysis result for SHA-256 f942105574233b29…

MALICIOUS

PDF

45.3 KB Created: 2018-11-14 11:20:40 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: ad738ea295c852b21c87868cbcbc4234 SHA-1: 78eb0512ac5c4f80bcbebd47ef3ad54fed6911fe SHA-256: f942105574233b29dcc6e2ec052cd7a3ce89e2ad3db004b4efcda13066b27418
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents hosted on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact final payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dvd-text-specific-for-stewart-redlin-watson-s-algebra-and.pdf
    • http://www.gorillawalker.com/modulated-temperature-differential-scanning-calorimetry-theoretical-and-practical-applications-in.pdf
    • http://www.gorillawalker.com/the-secret-life-of-ealing-studios-the-story-of-a.pdf
    • http://www.gorillawalker.com/wilmington-north-carolina-including-its-history-bellamy-mansion-the-uss.pdf
    • http://www.gorillawalker.com/walking-in-the-shoes-of-a-prophet-a-role-of.pdf
    • http://www.gorillawalker.com/hotel-du-pont-a-snapshot-in-time-volume-5.pdf
    • http://www.gorillawalker.com/the-lateral-lawyer-opportunities-and-pitfalls-for-the-law-firm.pdf
    • http://www.gorillawalker.com/we-re-not-leaving-9-11-responders-tell-their-stories.pdf
    • http://www.gorillawalker.com/aging-of-the-brain-and-dementia.pdf
    • http://www.gorillawalker.com/history-and-freedom-lectures-1964-1965.pdf
    • http://www.gorillawalker.com/medical-secrets-5e.pdf
    • http://www.gorillawalker.com/trail-of-the-spellmans-document-5.pdf
    • http://www.gorillawalker.com/developer-s-workshop-to-com-and-visual-basic-6-0.pdf
    • http://www.gorillawalker.com/understanding-industrial-designed-experiments-third-edition.pdf
    • http://www.gorillawalker.com/neural-network-based-shock-absorber-model-with-a-thermodynamical-coupling.pdf
    • http://www.gorillawalker.com/confessions-of-an-economic-hit-man-kindle-edition.pdf
    • http://www.gorillawalker.com/aria-for-alto-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/pocket-rocket.pdf
    • http://www.gorillawalker.com/livestock-feeds-and-feeding-6th-edition.pdf
    • http://www.gorillawalker.com/field-guide-to-soft-tissue-pain-diagnosis-and-management-field.pdf
    • http://www.gorillawalker.com/battleground-fact-fantasy-in-palestine.pdf
    • http://www.gorillawalker.com/seeing-the-unseen-responses-to-fitz-james-o-brien-s.pdf
    • http://www.gorillawalker.com/beginning-jazz-guitar-the-complete-jazz-guitar-method-beginning-intermediate.pdf
    • http://www.gorillawalker.com/i-can-read-music-a-note-reading-book-for-viola.pdf
    • http://www.gorillawalker.com/flamecaster-shattered-realms.pdf
    • http://www.gorillawalker.com/complete-baking.pdf
    • http://www.gorillawalker.com/a-growing-suspicion-a-rebecca-mystery-american-girl-rebecca-mysteries.pdf
    • http://www.gorillawalker.com/the-evolution-of-women-s-participation-in-the-summer-olympic.pdf
    • http://www.gorillawalker.com/bundle-tibbetts-criminological-theory-a-text-reader-2e-hay-self.pdf
    • http://www.gorillawalker.com/ottoman-empire-and-its-successors.pdf
    • http://www.gorillawalker.com/women-and-political-participation-a-reference-handbook-political-participation-in.pdf
    • http://www.gorillawalker.com/subjective-probability-the-real-thing.pdf
    • http://www.gorillawalker.com/kinderszenen-op-15-arrangement-for-orchestra-tuba-part-qty-3.pdf
    • http://www.gorillawalker.com/naruto-ccg-fateful-reunion-booster-blister-pack.pdf
    • http://www.gorillawalker.com/archaologie-offenbart-caciliens-romisches-kultbild-im-blick-einer-epoche-studies.pdf
    • http://www.gorillawalker.com/how-great-our-joy-keyboard-handbell-score-handbell-sheet-music.pdf
    • http://www.gorillawalker.com/i-am-a-little-bat-barron-s-little-animal-series.pdf
    • http://www.gorillawalker.com/alternatives-to-economic-globalization-a-better-world-is-possible.pdf
    • http://www.gorillawalker.com/dress-and-ethnicity-change-across-space-and-time-ethnicity-and.pdf
    • http://www.gorillawalker.com/the-biology-of-freshwater-wetlands-biology-of-habitats.pdf
    • http://www.gorillawalker.com/walkin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.