Malicious PDF — malware analysis report

Static analysis result for SHA-256 4608fd285a8aae3a…

MALICIOUS

PDF

40.8 KB Created: 2018-12-15 08:53:52 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: f25ebcf09b101dbc79c315accd412211 SHA-1: 8b96e4a228bd3ca14f2b609ac6f737955019f00c SHA-256: 4608fd285a8aae3a8c3966aae64feb86519103042b0789b36ddd40b080178edf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a high volume of content, which can include malicious payloads. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/is-there-a-horse-in-your-house-super-chubbies.pdf
    • http://www.gorillawalker.com/watch-on-the-rhine-die-wacht-am-rhein-legacy-of.pdf
    • http://www.gorillawalker.com/healthcare-information-management-systems-a-practical-guide-computers-in-health.pdf
    • http://www.gorillawalker.com/jewish-responses-to-early-christians.pdf
    • http://www.gorillawalker.com/occupational-epidemiology-second-edition.pdf
    • http://www.gorillawalker.com/nurses-survival-handbook.pdf
    • http://www.gorillawalker.com/margarita-mania.pdf
    • http://www.gorillawalker.com/thoughts-of-the-cure-of-ars.pdf
    • http://www.gorillawalker.com/political-theory-and-the-displacement-of-politics-contestations-cornell-studies.pdf
    • http://www.gorillawalker.com/florence-everyman-guides.pdf
    • http://www.gorillawalker.com/a-dictionary-of-nonprofit-terms-and-concepts-philanthropic-and-nonprofit.pdf
    • http://www.gorillawalker.com/the-buddha-s-path.pdf
    • http://www.gorillawalker.com/light-his-fire-how-to-keep-your-man-passionately-and.pdf
    • http://www.gorillawalker.com/come-ottenere-un-prestito-con-la-cessione-del-quinto-trucchi.pdf
    • http://www.gorillawalker.com/vertigo-pushkin-vertigo.pdf
    • http://www.gorillawalker.com/al-margen-del-cable-mexico-1937-1941-la-pajarita-de.pdf
    • http://www.gorillawalker.com/chern-numbers-and-rozansky-witten-invariants-of-compact-hyper-kahler.pdf
    • http://www.gorillawalker.com/simple-southwest-cooking.pdf
    • http://www.gorillawalker.com/fatherneed-why-father-care-is-as-essential-as-mother-care.pdf
    • http://www.gorillawalker.com/peanut-butter-playdates-prozac-tales-from-a-modern-mom.pdf
    • http://www.gorillawalker.com/financing-terrorism-case-studies.pdf
    • http://www.gorillawalker.com/cupula-i-la-puros-la-c-pula-spanish-edition.pdf
    • http://www.gorillawalker.com/foundations-of-mental-health-care-5e.pdf
    • http://www.gorillawalker.com/the-gift-of-a-child.pdf
    • http://www.gorillawalker.com/the-principles-of-bee-improvement.pdf
    • http://www.gorillawalker.com/taj-mahal-wonders-of-the-world.pdf
    • http://www.gorillawalker.com/mastering-knockoutjs-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-and-science-of-dealing-with-difficult-people.pdf
    • http://www.gorillawalker.com/j-d-okhai-ojeikere-photographs.pdf
    • http://www.gorillawalker.com/video-editing-and-post-production-professional-guide-fourth-edition.pdf
    • http://www.gorillawalker.com/agriculture-and-national-development-views-on-the-nineteenth-century-henry.pdf
    • http://www.gorillawalker.com/servicing-black-thugs-the-inmate-the-straight-guy-clubhouse-book.pdf
    • http://www.gorillawalker.com/how-to-be-filled-with-the-holy-spirit.pdf
    • http://www.gorillawalker.com/the-great-upheaval-america-and-the-birth-of-the-modern.pdf
    • http://www.gorillawalker.com/pregnancy-yoga-for-beginners.pdf
    • http://www.gorillawalker.com/cami-o-perigoso-dangerous-road-merl-n-galician-edition.pdf
    • http://www.gorillawalker.com/torque-converters-or-transmissions.pdf
    • http://www.gorillawalker.com/understanding-judith-butler-understanding-contemporary-culture-series.pdf
    • http://www.gorillawalker.com/big-bear-s-big-boat.pdf
    • http://www.gorillawalker.com/cataloging-made-easy-how-to-organize-your-congregation-s-library.pdf
    • http://www.gorillawalker.com/nurses-survival-handboo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.