Malicious PDF — malware analysis report

Static analysis result for SHA-256 514c77845cc753e4…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:11:19 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx)
MD5: d6adb11c575241b266f08df6b5802d0b SHA-1: 04225abfa14c4fb640c36a782c2dda80ba389e2f SHA-256: 514c77845cc753e4117ef50a106e597d5759ab51c3caaade9730cdaf4dafe253
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain www.gorillawalker.com. This is indicative of a link farm, likely used for SEO manipulation or to distribute additional malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/contemporary-s-american-civics-and-government-student-edition.pdf
    • http://www.gorillawalker.com/colon-cancer-moving-closer-to-a-cure-an-article-from.pdf
    • http://www.gorillawalker.com/regime-paleo-pour-le-crossfit-votre-corps-l-ultime-machine.pdf
    • http://www.gorillawalker.com/the-outworlds-war-torrent-volume-1.pdf
    • http://www.gorillawalker.com/working-the-kinks-out-deep-penetration-kindle-edition.pdf
    • http://www.gorillawalker.com/berthe-morisot-230-impressionist-paintings-french-impressionism-kindle-edition.pdf
    • http://www.gorillawalker.com/cpt-2014-express-reference-coding-card-obstetrics.pdf
    • http://www.gorillawalker.com/im-schatten-der-lombardis-thriller-allgemeine-reihe-bastei-l-bbe.pdf
    • http://www.gorillawalker.com/the-late.pdf
    • http://www.gorillawalker.com/the-paralegal-resource-manual.pdf
    • http://www.gorillawalker.com/ancient-cuzco-heartland-of-the-inca-joe-r-and-teresa.pdf
    • http://www.gorillawalker.com/carly-s-voice-breaking-through-autism.pdf
    • http://www.gorillawalker.com/survival-101-everything-you-need-to-know-for-wilderness-survival.pdf
    • http://www.gorillawalker.com/selected-poems.pdf
    • http://www.gorillawalker.com/what-s-up-with-the-hard-core-jewish-people-an.pdf
    • http://www.gorillawalker.com/applied-industrial-ergonomics-manual-1995-copy.pdf
    • http://www.gorillawalker.com/be-your-own-tactics-coach-wiley-nautical.pdf
    • http://www.gorillawalker.com/iec-60335-2-49-ed-4-0-b-2005-household.pdf
    • http://www.gorillawalker.com/new-headway-intermediate-class-audio-cds.pdf
    • http://www.gorillawalker.com/czerny-germer-volume-1-50-selected-studies.pdf
    • http://www.gorillawalker.com/the-summoning.pdf
    • http://www.gorillawalker.com/the-soundscapes-of-australia.pdf
    • http://www.gorillawalker.com/claiming-the-caribou.pdf
    • http://www.gorillawalker.com/winter-journal-thorndike-press-large-print-biography-series.pdf
    • http://www.gorillawalker.com/lonely-planet-madrid-condensed-lonely-planet-pocket-guide-madrid.pdf
    • http://www.gorillawalker.com/motorhome-living-for-beginners-how-to-live-the-simple-stress.pdf
    • http://www.gorillawalker.com/drop-zone-sicily-allied-airborne-strike-july-1943.pdf
    • http://www.gorillawalker.com/proposed-ethics-opinion-on-outsourcing-ethics-advisory-opinion-on-dealing.pdf
    • http://www.gorillawalker.com/firebirds-an-anthology-of-original-fantasy-and-science-fiction.pdf
    • http://www.gorillawalker.com/every-step-a-lotus-shoes-for-bound-feet.pdf
    • http://www.gorillawalker.com/christmas-a-cooks-tour.pdf
    • http://www.gorillawalker.com/lebenslust-4-jahre-in-rio-de-janeiro-an-der-copacabana.pdf
    • http://www.gorillawalker.com/guide-to-the-use-of-the-wind-load-provisions-of.pdf
    • http://www.gorillawalker.com/stonewall-jackson-and-the-american-civil-war-2-volume-set.pdf
    • http://www.gorillawalker.com/textual-masculinity-and-the-exchange-of-women-in-renaissance-venice.pdf
    • http://www.gorillawalker.com/sheet-metal-technology.pdf
    • http://www.gorillawalker.com/common-core-connections-math-grade-3.pdf
    • http://www.gorillawalker.com/nationalism-and-ethnic-conflict-in-indonesia-cambridge-asia-pacific-studies.pdf
    • http://www.gorillawalker.com/handbook-of-small-animal-gastroenterology-1e.pdf
    • http://www.gorillawalker.com/solo-pieces-for-the-advanced-alto-recorder.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.