Malicious PDF — malware analysis report

Static analysis result for SHA-256 5ea5e1691e423f23…

MALICIOUS

PDF

40.1 KB Created: 2019-03-17 07:46:46 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: bc0ff3548e13f08394f7302b835eb0dd SHA-1: 034f2787f600f6444d05c50cfe154ccc5da0b9c6 SHA-256: 5ea5e1691e423f2358b4ddbbc875d77ea379be1011926ab97938480232b2f628
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/body-self-and-soul-sustaining-integration.pdf
    • http://www.gorillawalker.com/almayer-s-folly.pdf
    • http://www.gorillawalker.com/quack-and-count.pdf
    • http://www.gorillawalker.com/turkey-insight-guides-paperback.pdf
    • http://www.gorillawalker.com/the-intellectual-and-social-organization-of-the-sciences.pdf
    • http://www.gorillawalker.com/the-ultimate-cheatsheet-to-residency-interviews-kindle-edition.pdf
    • http://www.gorillawalker.com/parenting-for-prevention-how-to-raise-a-child-to-say.pdf
    • http://www.gorillawalker.com/henri-rousseau-s-jungle-book-adventures-in-art.pdf
    • http://www.gorillawalker.com/the-butterflies-of-costa-rica-and-their-natural-history-vol.pdf
    • http://www.gorillawalker.com/plumbing-do-it-yourself-for-dummies.pdf
    • http://www.gorillawalker.com/medicare-new-directions-in-quality-assurance-proceedings.pdf
    • http://www.gorillawalker.com/secrets-of-mayan-science-religion.pdf
    • http://www.gorillawalker.com/symphony-no-8-in-full-score-dover-music-scores.pdf
    • http://www.gorillawalker.com/to-be-with-you-forever-and-ever-28.pdf
    • http://www.gorillawalker.com/letting-god-come-close-an-approach-to-the-ignatian-spiritual.pdf
    • http://www.gorillawalker.com/prudent-lending-restored-securitization-after-the-mortgage-meltdown.pdf
    • http://www.gorillawalker.com/program-evaluation-an-introduction.pdf
    • http://www.gorillawalker.com/life-skills-for-girls-connecting-teens-and-parents.pdf
    • http://www.gorillawalker.com/cuba-from-columbus-to-castro.pdf
    • http://www.gorillawalker.com/estegosaurio-stegosaurus-dinosaurios-y-animales-prehistoricos-dinosaurs-and-prehistoric-animals.pdf
    • http://www.gorillawalker.com/flex-ability-more-pops-clarinet-bass-clarinet-flex-ability-series.pdf
    • http://www.gorillawalker.com/moroccan-classic-cookery.pdf
    • http://www.gorillawalker.com/angularjs-interview-questions-answers.pdf
    • http://www.gorillawalker.com/cleanrooms-facilities-and-practices.pdf
    • http://www.gorillawalker.com/daughter-of-china-a-true-story-of-love-and-betrayal.pdf
    • http://www.gorillawalker.com/streets-of-washington-d-c-rand-mcnally-streets-of.pdf
    • http://www.gorillawalker.com/what-do-you-know-about-the-sun-i-like-space.pdf
    • http://www.gorillawalker.com/miss-mary-mack-a-hand-clapping-rhyme.pdf
    • http://www.gorillawalker.com/understanding-intensive-interaction-context-and-concepts-for-professionals-and-families.pdf
    • http://www.gorillawalker.com/biomechatronics-in-medicine-and-healthcare.pdf
    • http://www.gorillawalker.com/african-perspectives-on-colonialism-the-johns-hopkins-symposia-in-comparative.pdf
    • http://www.gorillawalker.com/astronomy-in-minutes-200-key-concepts-explained-in-an-instant.pdf
    • http://www.gorillawalker.com/coaching-wrestling-successfully-coaching-successfully-series.pdf
    • http://www.gorillawalker.com/all-that-matters.pdf
    • http://www.gorillawalker.com/the-eu-the-un-and-collective-security-making-multilateralism-effective.pdf
    • http://www.gorillawalker.com/inventors-book.pdf
    • http://www.gorillawalker.com/a-critical-lexicon-and-condordance-to-the-english-and-greek.pdf
    • http://www.gorillawalker.com/umar-makers-of-islamic-civilization.pdf
    • http://www.gorillawalker.com/two-in-one-angry-birds-star-wars-angry-birds-star.pdf
    • http://www.gorillawalker.com/the-odd-quilting-tales-of-carl-quiltman.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.