Malicious PDF — malware analysis report

Static analysis result for SHA-256 221f959a131175f7…

MALICIOUS

PDF

34.7 KB Created: 2019-12-13 17:11:33 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: f099792bd1e336665c16c1314df1cd2d SHA-1: 4a5266a16d890d26a3389bb583b0a6d688a88825 SHA-256: 221f959a131175f759b6958c99278517ee21fdda3c8d07704459cd52ddd0a975
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm. The primary heuristic indicates this is a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/the-last-gangster.pdf. The purpose appears to be directing users to a multitude of websites, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-last-gangster.pdf
    • http://www.gorillawalker.com/zlateh-the-goat.pdf
    • http://www.gorillawalker.com/eczema-treatment-guide-101-how-to-be-eczema-free-forever.pdf
    • http://www.gorillawalker.com/subduction-zone.pdf
    • http://www.gorillawalker.com/under-pressure-and-overwhelmed-coping-with-anxiety-in-college.pdf
    • http://www.gorillawalker.com/juicing-for-optimal-health-50-juicing-recipes-for-weight-loss.pdf
    • http://www.gorillawalker.com/modern-dc-to-dc-switchmode-power-converter-circuits-van-nostrand.pdf
    • http://www.gorillawalker.com/calves-baby-animals.pdf
    • http://www.gorillawalker.com/thomas-jefferson-on-democracy.pdf
    • http://www.gorillawalker.com/stability-of-ntaya-virus.pdf
    • http://www.gorillawalker.com/shaping-the-great-city-modern-architecture-in-central-europe-1890.pdf
    • http://www.gorillawalker.com/lecture-notes-endocrinology-and-diabetes.pdf
    • http://www.gorillawalker.com/desert-reader.pdf
    • http://www.gorillawalker.com/snow-babies-scholastic-reader-level-2.pdf
    • http://www.gorillawalker.com/melvin-belli-king-of-the-courtroom.pdf
    • http://www.gorillawalker.com/problems-and-solutions-on-atomic-nuclear-and-particle-physics-major.pdf
    • http://www.gorillawalker.com/classical-sheet-music-clair-de-lune-bergamasque-suite-c-debussy.pdf
    • http://www.gorillawalker.com/viral-diseases-of-the-fetus-and-newborn-major-problems-in.pdf
    • http://www.gorillawalker.com/birthday-parties.pdf
    • http://www.gorillawalker.com/computer-integrated-experimentation-environmental-and-energetics-series.pdf
    • http://www.gorillawalker.com/hydraulic-failure-analysis-fluids-components-and-system-effects.pdf
    • http://www.gorillawalker.com/cold-type.pdf
    • http://www.gorillawalker.com/the-new-meaning-of-educational-change-fourth-edition.pdf
    • http://www.gorillawalker.com/warrior-culture-of-the-u-s-marines.pdf
    • http://www.gorillawalker.com/the-michigan-estate-planning-book-a-complete-do-it-yourself.pdf
    • http://www.gorillawalker.com/national-geographic-december-1960-supplement-atlas-map-of-japan-and.pdf
    • http://www.gorillawalker.com/oxford-bookworms-library-sense-and-sensibility-level-5-1-800.pdf
    • http://www.gorillawalker.com/abrace-a-sus-clientes-el-metodo-probado-para-personalizar-las.pdf
    • http://www.gorillawalker.com/passporter-s-walt-disney-world-2009-the-unique-travel-guide.pdf
    • http://www.gorillawalker.com/austin-map.pdf
    • http://www.gorillawalker.com/volkswagen-r32-2008-repair-manual-on-dvd-rom-windows-2000.pdf
    • http://www.gorillawalker.com/histoire-du-paraguay-sous-les-j-suites-et-de-la.pdf
    • http://www.gorillawalker.com/time-nursery-board-books.pdf
    • http://www.gorillawalker.com/save-proceedings-international-conference-may-18-21-1986-miami-beach.pdf
    • http://www.gorillawalker.com/art-space-tokyo-an-intimate-guide-to-the-tokyo-art.pdf
    • http://www.gorillawalker.com/outrageously-alice.pdf
    • http://www.gorillawalker.com/diary-of-a-breeder-volume-2-a-virgin-s-choice.pdf
    • http://www.gorillawalker.com/spotlight-on-the-runway.pdf
    • http://www.gorillawalker.com/ensayo-acerca-de-una-mapoteca-chilena-sea-de-una-colecci.pdf
    • http://www.gorillawalker.com/exploring-christian-thought-nelson-s-christian-cornerstone-series.pdf
    • http://www.gorillawalker.com/shaping-the-great-city-modern-archit
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.