Malicious PDF — malware analysis report

Static analysis result for SHA-256 33223baf3b7859f0…

MALICIOUS

PDF

42.7 KB Created: 2018-11-14 11:22:40 +03:00 Authoring application: LaTeX with hyperref package (via dvips + ps2pdf)
MD5: dacfc6311f6232304c9a9b7e458cba3a SHA-1: 19d854e25fb8f4e095a0de923c9fb1264392d97d SHA-256: 33223baf3b7859f014f7387ade522083a95ff42227f85872f2e13da4206384c0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/merlin-the-pendragon-cycle.pdf
    • http://www.gorillawalker.com/gregg-shorthand-for-colleges-transcription-diamond-jubilee-series.pdf
    • http://www.gorillawalker.com/memoirs-and-travels-of-mauritius-augustus-count-de-benyowsky-consisting.pdf
    • http://www.gorillawalker.com/the-psychology-of-revolution.pdf
    • http://www.gorillawalker.com/the-social-life-of-trees-anthropological-perspectives-on-tree-symbolism.pdf
    • http://www.gorillawalker.com/beyond-the-gym-grade-1-physical-activity-lessons-for-the.pdf
    • http://www.gorillawalker.com/the-bronx-river-in-history-folklore.pdf
    • http://www.gorillawalker.com/the-lateral-logician-a-plethora-of-profound-puzzles.pdf
    • http://www.gorillawalker.com/matthew-barney-drawing-restraint-7.pdf
    • http://www.gorillawalker.com/ivy-global-s-new-sat-2016-practice-test-2-2nd.pdf
    • http://www.gorillawalker.com/tamoxifen-new-hope-in-the-fight-against-breast-cancer.pdf
    • http://www.gorillawalker.com/lego-ninjago-6-warriors-of-stone.pdf
    • http://www.gorillawalker.com/letters-to-santa-claus.pdf
    • http://www.gorillawalker.com/fastmap-minneapolis-st-paul.pdf
    • http://www.gorillawalker.com/children-s-books-the-farm-rhyming-picture-book-farm-animals.pdf
    • http://www.gorillawalker.com/random-geometrically-graph-directed-self-similar-multifractals-chapman-hall-crc.pdf
    • http://www.gorillawalker.com/models-craft-workshop.pdf
    • http://www.gorillawalker.com/on-the-road-with-janis-joplin-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/cote-d-or-saone-et-loire-2003-michelin-local-maps.pdf
    • http://www.gorillawalker.com/led-zeppelin-celebration-day-authentic-guitar-tab-sheet-music-songbook.pdf
    • http://www.gorillawalker.com/defying-male-civilization-women-in-the-spanish-civil-war-women.pdf
    • http://www.gorillawalker.com/happiness-and-place-why-life-is-better-outside-of-the.pdf
    • http://www.gorillawalker.com/mapping-the-world-maps-and-their-history.pdf
    • http://www.gorillawalker.com/masters-of-deception-escher-dal-the-artists-of-optical-illusion.pdf
    • http://www.gorillawalker.com/cooking-for-two-today.pdf
    • http://www.gorillawalker.com/organ-music.pdf
    • http://www.gorillawalker.com/we-are-the-music-makers-volume-ii-string-trios-a.pdf
    • http://www.gorillawalker.com/value-respect-and-attachment-the-seeley-lectures.pdf
    • http://www.gorillawalker.com/sonate-no-1-sheet-music.pdf
    • http://www.gorillawalker.com/handbook-on-ceo-board-relations-and-responsibilities.pdf
    • http://www.gorillawalker.com/achieving-accountability-in-higher-education-balancing-public-academic-and-market.pdf
    • http://www.gorillawalker.com/the-2009-import-and-export-market-for-overhead-traveling-cranes.pdf
    • http://www.gorillawalker.com/teacher-as-counselor-developing-the-helping-skills-you-need-survival.pdf
    • http://www.gorillawalker.com/the-claiming-episode-one-mf-voyeur-sex-club-the-millionaire.pdf
    • http://www.gorillawalker.com/complementary-holistic-medicine-for-prostate-cancer-it-s-your-life.pdf
    • http://www.gorillawalker.com/outsourcing-wars-comparing-risk-benefits-and-motivation-of-contractors-and.pdf
    • http://www.gorillawalker.com/rick-steves-snapshot-barcelona-rick-steves-snapshot.pdf
    • http://www.gorillawalker.com/the-global-fight-for-climate-justice-anticapitalist-responses-to-global.pdf
    • http://www.gorillawalker.com/liquid-heat-elymyntyl-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/history-of-the-world-prehistory-to-the-renaissance-hardcover.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.