Malicious PDF — malware analysis report

Static analysis result for SHA-256 5667c1435c805618…

MALICIOUS

PDF

42.8 KB Created: 2019-03-17 03:58:22 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.14)
MD5: 1b77b99b8806f1bd1c162a4e2c0a4316 SHA-1: f4b24d70951f5b07c61051540f6d35edef0d3139 SHA-256: 5667c1435c8056188656f7eb746e6b5bb7830faac97b80d8cfab94242bb07e97
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was identified as malicious by an ML classifier and contains a large number of external links, characteristic of a link farm. The embedded URLs point to various PDF documents on the 'gorillawalker.com' domain, suggesting a content aggregation or SEO manipulation scheme. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/his-son-her-secret-the-beaumont-heirs.pdf
    • http://www.gorillawalker.com/the-signature-of-god-the-handwriting-of-god.pdf
    • http://www.gorillawalker.com/creating-a-winning-e-business-travel-guides.pdf
    • http://www.gorillawalker.com/inteligencia-emocional-2-0-spanish-edition.pdf
    • http://www.gorillawalker.com/guide-to-information-on-eu-research-funding-eia-european-information.pdf
    • http://www.gorillawalker.com/vascular-plant-families.pdf
    • http://www.gorillawalker.com/the-great-cycle-predicting-and-profiting-from-crowd-behavior-the.pdf
    • http://www.gorillawalker.com/28th-annual-meeting-of-the-american-association-of-cost-engineers.pdf
    • http://www.gorillawalker.com/the-forbidden-city-places-in-history.pdf
    • http://www.gorillawalker.com/the-new-potluck.pdf
    • http://www.gorillawalker.com/mississippi-criminal-trial-practice.pdf
    • http://www.gorillawalker.com/the-incredible-discovery-of-lindsey-renee.pdf
    • http://www.gorillawalker.com/dermatologic-formulary-skin-cancer-unit-new-york-university.pdf
    • http://www.gorillawalker.com/wcfl-chicago-top-40-charts-1965-1976.pdf
    • http://www.gorillawalker.com/murder-on-second-street-the-jackson-ward-murders-sy-sanford.pdf
    • http://www.gorillawalker.com/geography-of-travel-tourism.pdf
    • http://www.gorillawalker.com/individuality-in-late-antiquity-ashgate-studies-in-philosophy-theology-in.pdf
    • http://www.gorillawalker.com/international-trade-and-economic-relations-in-a-nutshell.pdf
    • http://www.gorillawalker.com/a-dog-day.pdf
    • http://www.gorillawalker.com/pensar-rapido-pensar-despacio-psicologia-debolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/atlas-of-ophthalmology.pdf
    • http://www.gorillawalker.com/proceedings-of-the-workshop-high-precision-gravity-measurements-with-application.pdf
    • http://www.gorillawalker.com/hal-leonard-jim-croce-anthology-the-stories-behind-the-songs.pdf
    • http://www.gorillawalker.com/an-unexpected-minority-white-kids-in-an-urban-school.pdf
    • http://www.gorillawalker.com/bat-s-big-game.pdf
    • http://www.gorillawalker.com/2015-writer-s-market-the-most-trusted-guide-to-getting.pdf
    • http://www.gorillawalker.com/loula-and-mister-the-monster.pdf
    • http://www.gorillawalker.com/education-and-ecstasy.pdf
    • http://www.gorillawalker.com/unspoken-a-novel-woodlands-volume-2.pdf
    • http://www.gorillawalker.com/a-peculiar-pygmalion-a-very-pernicious-transformation-kindle-edition.pdf
    • http://www.gorillawalker.com/figures-of-speech-60-ways-to-turn-a-phrase.pdf
    • http://www.gorillawalker.com/the-complete-book-of-light-tackle-fishing.pdf
    • http://www.gorillawalker.com/a-quantitative-approach-to-commercial-damages-applying-statistics-to-the.pdf
    • http://www.gorillawalker.com/taken-by-the-tentacle-tentacle-erotica.pdf
    • http://www.gorillawalker.com/american-anecdotes-original-and-select.pdf
    • http://www.gorillawalker.com/peer-counseling-skills-and-perspectives.pdf
    • http://www.gorillawalker.com/mel-bay-a-treasury-of-favorite-songs-for-autoharp-guitar.pdf
    • http://www.gorillawalker.com/attention-deficit-hyperactivity-disorder-third-edition-a-clinical-workbook.pdf
    • http://www.gorillawalker.com/a-adrian-albert-collected-mathematical-papers-associative-algebras-and-riemann.pdf
    • http://www.gorillawalker.com/writing-successfully-science-pb.pdf
    • http://www.gorillawalker.com/28th-annual-meeting-of-the-american-associatio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.