Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e4c0dd87d15adb3…

MALICIOUS

PDF

33.1 KB Created: 2019-12-13 09:00:10 +03:00 Authoring application: LaTeX with hyperref and pdfscreen (via Mac OS X 10.5.7 Quartz PDFContext)
MD5: 65f6c70e9a5a0a6e07808159c03eb0f2 SHA-1: 3b694a35a037b0cc80739be61f228040bb089192 SHA-256: 1e4c0dd87d15adb3f8f2feb748324f6a24454e15e10f1566bfba8861e92a68c2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by an ML classifier as malicious. Static analysis revealed a large number of embedded external links pointing to PDF files on the domain www.gorillawalker.com. This suggests a link farm or redirection tactic to distribute malicious content, potentially leading users to phishing or malware download sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ferrari-250-gto.pdf
    • http://www.gorillawalker.com/the-importance-of-being-wilde-english-language-teaching.pdf
    • http://www.gorillawalker.com/devon-and-cornwall-official-tourist-map.pdf
    • http://www.gorillawalker.com/italianissimo-1.pdf
    • http://www.gorillawalker.com/triangle-system-noteboom-marshall-gambit-and-other-semi-slav-triangle.pdf
    • http://www.gorillawalker.com/2001-los-angeles-restaurants-los-angeles-restaurants-gayot.pdf
    • http://www.gorillawalker.com/pure-curry-unique-jazz-settings-of-favorite-hymns-fred-bock.pdf
    • http://www.gorillawalker.com/vitali-chaconne-in-g-for-viola-piano-published-by-international.pdf
    • http://www.gorillawalker.com/10-minute-puppets.pdf
    • http://www.gorillawalker.com/transition-metal-carbides-and-nitrides-refractory-materials-monograph.pdf
    • http://www.gorillawalker.com/c-mo-te-va-intro-nivel-rojo-student-edition-glencoe.pdf
    • http://www.gorillawalker.com/18-a-super-fun-and-cheap-outbound-travel-points-paperback.pdf
    • http://www.gorillawalker.com/tombigbee-river-steamboats-the-rollodores-dead-heads-and-side-wheelers.pdf
    • http://www.gorillawalker.com/social-work-and-the-law.pdf
    • http://www.gorillawalker.com/lucifer-s-flood.pdf
    • http://www.gorillawalker.com/the-ultimate-pop-rock-fake-book-c-edition-fake-books.pdf
    • http://www.gorillawalker.com/how-to-write-your-thesis-with-scrivener-for-windows-kindle.pdf
    • http://www.gorillawalker.com/my-first-dinosaur-touch-and-feel-my-first-touch-feel.pdf
    • http://www.gorillawalker.com/bookkeeping-made-simple-ledger.pdf
    • http://www.gorillawalker.com/beyond-the-third-dimension-geometry-computer-graphics-and-higher-dimensions.pdf
    • http://www.gorillawalker.com/normal-and-pathological-anatomy-of-the-shoulder.pdf
    • http://www.gorillawalker.com/project-management-in-practice.pdf
    • http://www.gorillawalker.com/business-professional-ethics.pdf
    • http://www.gorillawalker.com/modern-real-estate-practice-in-texas-tenth-edition.pdf
    • http://www.gorillawalker.com/atrocity-propaganda-1914-1919-international-propaganda-and-communications.pdf
    • http://www.gorillawalker.com/beautiful-girls-2014-wall-calendar.pdf
    • http://www.gorillawalker.com/how-to-blog-a-book-write-publish-and-promote-your.pdf
    • http://www.gorillawalker.com/the-lost-princess-kindle-edition.pdf
    • http://www.gorillawalker.com/drawing-and-designing-with-confidence-a-step-by-step-guide.pdf
    • http://www.gorillawalker.com/microdevices-in-biology-and-medicine-artech-house-methods-in-bioengineering.pdf
    • http://www.gorillawalker.com/false-starts-the-rhetoric-of-failure-and-the-making-of.pdf
    • http://www.gorillawalker.com/staying-safe-in-an-unsafe-world-a-guide-for-college.pdf
    • http://www.gorillawalker.com/conducting-meaningful-experiments-40-steps-to-becoming-a-scientist.pdf
    • http://www.gorillawalker.com/the-radicalism-of-the-american-revolution.pdf
    • http://www.gorillawalker.com/at-the-movies-bk-3-dan-coates-popular-piano-library.pdf
    • http://www.gorillawalker.com/halliday-s-introduction-to-functional-grammar.pdf
    • http://www.gorillawalker.com/9787502255114-fundamentals-of-computer-application-secondary-vocational-education-planning-materials.pdf
    • http://www.gorillawalker.com/the-ensign-of-peace-shewing-how-the-health-both-of.pdf
    • http://www.gorillawalker.com/magic-in-the-shadows-shadowrun.pdf
    • http://www.gorillawalker.com/more-than-black-multiracial-identity-and-the-new-racial-order.pdf
    • http://www.gorillawalker.com/how-to-write-yo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.