Malicious PDF — malware analysis report

Static analysis result for SHA-256 5842523a02a8ce35…

MALICIOUS

PDF

45.3 KB Created: 2018-11-26 20:03:36 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: c89fc30aa91eb15a14458054661d6de9 SHA-1: 63a91e5c15f73b5cde7f3da032c344e106fe8b15 SHA-256: 5842523a02a8ce358c12244cd96bdda9ebcd8774cc64b9438edf0c4e230d6e69
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the domain www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to a multitude of other documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/executive-jets-enthusiast-color-series.pdf
    • http://www.gorillawalker.com/introduction-to-counseling-voices-from-the-field-hse-125-counseling.pdf
    • http://www.gorillawalker.com/the-mentor-magazine-february-1926-across-morocco.pdf
    • http://www.gorillawalker.com/kevin-bacon-drawspace-module-6-2-a5-kindle-edition.pdf
    • http://www.gorillawalker.com/health-agent.pdf
    • http://www.gorillawalker.com/empathy-factor-your-competitive-advantage-for-personal-team-business-success.pdf
    • http://www.gorillawalker.com/guerrilla-marketing-research-marketing-research-techniques-that-can-help-any.pdf
    • http://www.gorillawalker.com/mcsa-windows-server-2012-r2-complete-study-guide-exams-70.pdf
    • http://www.gorillawalker.com/least-privilege-security-for-windows-7-vista-and-xp.pdf
    • http://www.gorillawalker.com/aspects-of-victorian-lithography.pdf
    • http://www.gorillawalker.com/mi-nuevo-amor-cd.pdf
    • http://www.gorillawalker.com/leit-und-sicherungstechnik-mit-drahtloser-daten-bertragung-sicherheit-im-drahtlosen.pdf
    • http://www.gorillawalker.com/man-civilization-the-computer-photography-record-devices-paperback.pdf
    • http://www.gorillawalker.com/slumber-party-trilogy.pdf
    • http://www.gorillawalker.com/a-historical-commentary-on-herodotus-book-6-mnemosyne-bibliotheca-classica.pdf
    • http://www.gorillawalker.com/st-monica-and-the-power-of-persistent-prayer.pdf
    • http://www.gorillawalker.com/zombology-zombies-and-the-decline-of-the-west-and-guns.pdf
    • http://www.gorillawalker.com/the-long-journey-home-from-dak-to-the-story-of.pdf
    • http://www.gorillawalker.com/math-fundamentals-3-quickstudy-academic.pdf
    • http://www.gorillawalker.com/vegetables-whole-grains-and-their-derivatives-in-cancer-prevention-diet.pdf
    • http://www.gorillawalker.com/distortions-to-agricultural-incentives-a-global-perspective-1955-2007-trade.pdf
    • http://www.gorillawalker.com/tabernacle-in-the-wilderness-a-study-of-christ-in-the.pdf
    • http://www.gorillawalker.com/whatever-love-is-love-questioning-the-labels-we-give-ourselves.pdf
    • http://www.gorillawalker.com/das-paella-abc-spanische-original-rezepte-in-drei-schritten-kochen.pdf
    • http://www.gorillawalker.com/badeurlaub-in-thailand-german-edition.pdf
    • http://www.gorillawalker.com/like-hidden-fire-the-plot-to-bring-down-the-british.pdf
    • http://www.gorillawalker.com/the-child-eater-hardcover.pdf
    • http://www.gorillawalker.com/american-education-a-history.pdf
    • http://www.gorillawalker.com/treasury-of-the-true-dharma-eye-zen-master-dogen-s.pdf
    • http://www.gorillawalker.com/die-nigger-die-a-political-autobiography-of-jamil-abdullah-al.pdf
    • http://www.gorillawalker.com/art-in-baltimore-monuments-and-memorials.pdf
    • http://www.gorillawalker.com/my-first-communion-book-remembrance-book.pdf
    • http://www.gorillawalker.com/letters-to-freya-1939-1945.pdf
    • http://www.gorillawalker.com/lightning-physics-and-effects.pdf
    • http://www.gorillawalker.com/fractals-in-chemistry-oxford-chemistry-primers.pdf
    • http://www.gorillawalker.com/monuments-objects-histories-institutions-of-art-in-colonial-and-post.pdf
    • http://www.gorillawalker.com/quincy-finds-a-new-home-quincy-the-horse-books.pdf
    • http://www.gorillawalker.com/superbikes-classic-cars-and-bikes-collection.pdf
    • http://www.gorillawalker.com/state-of-the-art-in-dementia-care.pdf
    • http://www.gorillawalker.com/christ-the-lord-is-risen-today-vocal-score.pdf
    • http://www.gorillawalker.com/empathy-factor-your-competitive-advantage-for-personal-team-business-success
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.