Malicious PDF — malware analysis report

Static analysis result for SHA-256 264c4cf28f4eb6cf…

MALICIOUS

PDF

44.0 KB Created: 2018-12-15 08:34:33 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: 118ab8c3a5adbe6c7800f6cb0b4b6ff4 SHA-1: dd14cd997e13fa5386f70b243c1f9c3dfbcb8360 SHA-256: 264c4cf28f4eb6cf433ce4ff6e6eb3da31e7d01fc0dc44df5af5a03c9f020a3d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and exhibits a link farm pattern, containing numerous external links to PDF files hosted on www.gorillawalker.com. This suggests a tactic to distribute malicious content or engage in SEO abuse. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/catalogue-of-an-exhibition-illustrative-of-a-centenary-of-artistic.pdf
    • http://www.gorillawalker.com/hal-leonard-steve-miller-for-ukulele.pdf
    • http://www.gorillawalker.com/diving-with-the-exo-26-full-face-mask-a-manual.pdf
    • http://www.gorillawalker.com/a-new-cenozoic-deep-sea-genus-abyssocythere-crustacea-ostracoda-trachyleberididae.pdf
    • http://www.gorillawalker.com/crisis-preaching-personal-and-public.pdf
    • http://www.gorillawalker.com/uruguay-and-paraguay-1-1-200-000-travel-map-waterproof.pdf
    • http://www.gorillawalker.com/alphabet.pdf
    • http://www.gorillawalker.com/health-as-communication-nexus-a-service-learning-approach.pdf
    • http://www.gorillawalker.com/teens-with-autism-apps-ideas-for-lessons-common-core-reading.pdf
    • http://www.gorillawalker.com/casino-accounting-and-financial-management-second-edition.pdf
    • http://www.gorillawalker.com/energy-systems-engineering-evaluation-and-implementation-second-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/geo-metrics-iii-the-application-of-geometric-dimensioning-and-tolerancing.pdf
    • http://www.gorillawalker.com/our-family-archive-super-simple-tools-to-create-a-digital.pdf
    • http://www.gorillawalker.com/hiv-aids-and-sexuality.pdf
    • http://www.gorillawalker.com/the-grain-of-wheat-dynamics-of-spiritual-growth.pdf
    • http://www.gorillawalker.com/southern-cooking-recipes-50-top-southern-recipes-and-classic-favorites.pdf
    • http://www.gorillawalker.com/deregulation-and-the-future-of-commercial-television-david-hume-papers.pdf
    • http://www.gorillawalker.com/osteoporosis-diagnosis-and-management-kindle-edition.pdf
    • http://www.gorillawalker.com/totally-unofficial-the-autobiography-of-raphael-lemkin.pdf
    • http://www.gorillawalker.com/witness-for-peace-a-story-of-resistance.pdf
    • http://www.gorillawalker.com/a-bridge-from-darkness-to-light-thirteen-young-photographers-explore.pdf
    • http://www.gorillawalker.com/no-more-stars-the-man-who-lived-forever.pdf
    • http://www.gorillawalker.com/christmas-in-the-air-sparkling-carol-duets-for-organ-piano.pdf
    • http://www.gorillawalker.com/port-management-and-operations.pdf
    • http://www.gorillawalker.com/amor-y-reverencia.pdf
    • http://www.gorillawalker.com/making-tracks-an-american-rail-odyssey.pdf
    • http://www.gorillawalker.com/barack-obama-a-biography-for-children.pdf
    • http://www.gorillawalker.com/portugal-eyewitness-travel-guides.pdf
    • http://www.gorillawalker.com/what-your-year-5-child-needs-to-know-fundamentals-of.pdf
    • http://www.gorillawalker.com/staying-centered-curriculum-leadership-in-a-turbulent-era.pdf
    • http://www.gorillawalker.com/magic-lantern-guides-nikon-d5000.pdf
    • http://www.gorillawalker.com/roster-of-revolutionary-soldiers-in-georgia-and-other-states-volume.pdf
    • http://www.gorillawalker.com/the-end-of-the-novel-of-love.pdf
    • http://www.gorillawalker.com/julius-caesar-the-annotated-shakespeare.pdf
    • http://www.gorillawalker.com/bioanalytical-separations-volume-4-handbook-of-analytical-separations.pdf
    • http://www.gorillawalker.com/the-true-confessions-of-an-albino-terrorist.pdf
    • http://www.gorillawalker.com/digital-holography-and-interferometric-metrology-of-optical-fibres-digital-holographic.pdf
    • http://www.gorillawalker.com/dianomics-the-economics-of-diabetes-a-powerful-economic-strategy-for.pdf
    • http://www.gorillawalker.com/global-olympics-historical-and-sociological-studies-of-the-modern-games.pdf
    • http://www.gorillawalker.com/pspice-for-digital-communications-engineering-synthesis-lectures-on-digital-circuits.pdf
    • http://www.gorillawalker.com/health-as-communication-nexus-a-service-learning-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.