Malicious PDF — malware analysis report

Static analysis result for SHA-256 514e98b7c9708b03…

MALICIOUS

PDF

30.7 KB Created: 2020-03-12 17:17:38 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: a0f6dd82618d8e53e8f18576420e0872 SHA-1: 15209140ed31a08af340929d796373946a2bb4bd SHA-256: 514e98b7c9708b032fe82b67f1a247d046e24dd45d212436d713aa9c10b6c6ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. The embedded URLs suggest a link farm designed to manipulate search engine results or redirect users to potentially malicious content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/collision-book-four-in-the-secret-world-chronicle.pdf
    • http://www.gorillawalker.com/reformed-dogmatics-abridged-in-one-volume.pdf
    • http://www.gorillawalker.com/anatomy-of-orofacial-structures-7e-anatomy-of-orofacial-structures-brand.pdf
    • http://www.gorillawalker.com/ultimate-play-along-for-bass-vol-1-level-1-book.pdf
    • http://www.gorillawalker.com/taboo-the-collection.pdf
    • http://www.gorillawalker.com/six-miles-high.pdf
    • http://www.gorillawalker.com/women-s-traveller-95-damron-women-s-traveller.pdf
    • http://www.gorillawalker.com/videonale-13-festival-for-contemporary-video-art.pdf
    • http://www.gorillawalker.com/textbook-and-color-atlas-of-tooth-impactions-diagnosis-treatment-prevention.pdf
    • http://www.gorillawalker.com/water-technology-and-society-learning-the-lessons-of-river-management.pdf
    • http://www.gorillawalker.com/there-s-a-fine-fine-line-from-avenue-q-avenue.pdf
    • http://www.gorillawalker.com/race-in-ralph-ellison-s-invisible-man-social-issues-in.pdf
    • http://www.gorillawalker.com/military-mountaineering.pdf
    • http://www.gorillawalker.com/fundamental-method-for-mallets-book-1.pdf
    • http://www.gorillawalker.com/true-true-believers.pdf
    • http://www.gorillawalker.com/optoelectronics-and-fiber-optic-technology.pdf
    • http://www.gorillawalker.com/boundaries-of-the-soul-the-practice-of-jung-s-psychology.pdf
    • http://www.gorillawalker.com/the-silver-short-line-a-history-of-the-virginia-and.pdf
    • http://www.gorillawalker.com/on-the-origin-of-species.pdf
    • http://www.gorillawalker.com/a-concordance-to-the-plays-of-william-congreve-the-cornell.pdf
    • http://www.gorillawalker.com/dean-smith-a-tribute.pdf
    • http://www.gorillawalker.com/after-timur-qur-ans-of-the-15th-and-16th-centuries.pdf
    • http://www.gorillawalker.com/mojave-crossing-louis-l-amour.pdf
    • http://www.gorillawalker.com/just-because-i-am-a-child-s-book-of-affirmation.pdf
    • http://www.gorillawalker.com/a-key-to-the-heart-a-collection-of-afghan-folk.pdf
    • http://www.gorillawalker.com/appelrouth-tutoring-services-sat-vocabulary-flash-cards.pdf
    • http://www.gorillawalker.com/say-what-you-mean-get-what-you-want.pdf
    • http://www.gorillawalker.com/digitizing-audiovisual-and-nonprint-materials-the-innovative-librarian-s-guide.pdf
    • http://www.gorillawalker.com/statistics-sparkcharts.pdf
    • http://www.gorillawalker.com/the-last-afrikaner-leaders-a-supreme-test-of-power.pdf
    • http://www.gorillawalker.com/andrew-can-ski-even-with-c-p.pdf
    • http://www.gorillawalker.com/multidimensional-continued-fractions.pdf
    • http://www.gorillawalker.com/slouching-towards-bethlehem-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/kaplan-gmat-2011-premier-with-cd-rom-text-only-by.pdf
    • http://www.gorillawalker.com/the-rise-and-fall-of-the-plantation-complex-essays-in.pdf
    • http://www.gorillawalker.com/applied-psychology-in-human-resource-management-6th-edition.pdf
    • http://www.gorillawalker.com/property-valuation.pdf
    • http://www.gorillawalker.com/tentacles-of-ink-lovecraftian-erotica.pdf
    • http://www.gorillawalker.com/why-we-drive-the-past-present-and-future-of-automobiles.pdf
    • http://www.gorillawalker.com/zagat-survey-1998-update-atlanta-restaurants.pdf
    • http://www.gorillawalker.com/race-in-ralph-ellison-s-inv
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.