Malicious PDF — malware analysis report

Static analysis result for SHA-256 85ebc68fa93a71f7…

MALICIOUS

PDF

43.4 KB Created: 2018-12-15 20:46:02 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: ac51060f28ee751785db77cce86778ce SHA-1: 9111fb88105fa88a9d4cca41d52d1464e3f38bfb SHA-256: 85ebc68fa93a71f7dfe0c2fe0dac880e945d2973bc2f1153476c41b537afc446
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a vast collection of documents hosted on gorillawalker.com, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/magnesium-technology-proceedings-of-the-conference-sponsored-and-organized-by.pdf
    • http://www.gorillawalker.com/three-shoes-in-a-pair-kindle-edition.pdf
    • http://www.gorillawalker.com/post-jungian-criticism-theory-and-practice-suny-series-in-psychoanalysis.pdf
    • http://www.gorillawalker.com/the-new-oxford-book-of-war-poetry-oxford-books-of.pdf
    • http://www.gorillawalker.com/ashes-in-the-wind-the-destruction-of-dutch-jewry.pdf
    • http://www.gorillawalker.com/matlab-for-psychologists.pdf
    • http://www.gorillawalker.com/tell-it-slant-study-guide.pdf
    • http://www.gorillawalker.com/roadmap-to-the-correct-prescription.pdf
    • http://www.gorillawalker.com/designing-forms-for-microsoft-office-infopath-and-forms-services-2007.pdf
    • http://www.gorillawalker.com/everything-is-hotsy-totsy-now-ukulele-ike-edwards-on-front.pdf
    • http://www.gorillawalker.com/it-s-all-over-now.pdf
    • http://www.gorillawalker.com/how-to-prepare-art-and-copy-for-offset-lithography.pdf
    • http://www.gorillawalker.com/an-introduction-to-cost-and-production-functions.pdf
    • http://www.gorillawalker.com/amerikabrevene-stjalne-amerikabrev-historien-bak-tyveriet-i-1896-samt-en.pdf
    • http://www.gorillawalker.com/the-antidote-happiness-for-people-who-can-t-stand-positive.pdf
    • http://www.gorillawalker.com/grand-central-arena.pdf
    • http://www.gorillawalker.com/secrets-about-men-every-woman-should-know.pdf
    • http://www.gorillawalker.com/the-demonata-6-demon-apocalypse.pdf
    • http://www.gorillawalker.com/latino-urbanism-the-politics-of-planning-policy-and-redevelopment.pdf
    • http://www.gorillawalker.com/true-crime-seventeen-real-girls-real-life-stories.pdf
    • http://www.gorillawalker.com/deep-future-the-next-100-000-years-of-life-on.pdf
    • http://www.gorillawalker.com/desperate-for-love.pdf
    • http://www.gorillawalker.com/el-burlador-de-sevilla-spanish-edition.pdf
    • http://www.gorillawalker.com/dynamo-5-volume-3-fresh-blood.pdf
    • http://www.gorillawalker.com/financial-planning-exposed-overcoming-myths-to-create-a-secure-future.pdf
    • http://www.gorillawalker.com/delirium-acute-confusional-states-in-palliative-medicine.pdf
    • http://www.gorillawalker.com/the-kitchen-witch-guide-to-the-timeless-art-of-herbal.pdf
    • http://www.gorillawalker.com/interstellar-erotic-diplomacy-1-first-contact.pdf
    • http://www.gorillawalker.com/essentials-of-psychology-psy-113-general-psychology.pdf
    • http://www.gorillawalker.com/folklore-of-prehistoric-sites-in-britain.pdf
    • http://www.gorillawalker.com/crime-and-the-media-the-postmodern-spectacle.pdf
    • http://www.gorillawalker.com/our-principal-promised-to-kiss-a-pig.pdf
    • http://www.gorillawalker.com/artwork-pencil-drawings-of-famous-people-101-pencil-sketches-of.pdf
    • http://www.gorillawalker.com/little-jewel.pdf
    • http://www.gorillawalker.com/aquarium-atlas-volume-3.pdf
    • http://www.gorillawalker.com/literature-and-science-in-the-nineteenth-century-an-anthology-oxford.pdf
    • http://www.gorillawalker.com/brimstone-pendergast-series-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/the-concept-of-the-beautiful.pdf
    • http://www.gorillawalker.com/ks2-science-year-three-workout-plant-life.pdf
    • http://www.gorillawalker.com/program-construction-international-summer-school-lecture-notes-in-computer-science.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.