Malicious PDF — malware analysis report

Static analysis result for SHA-256 8a571242d391ee6e…

MALICIOUS

PDF

39.4 KB Created: 2018-12-02 10:58:03 +03:00 Authoring application: LaTeX with hyperref package (via pdfeTeX-1.10b)
MD5: d10221405fd7e61be3358954e7deefd1 SHA-1: e0c037f40a980628b81e774782c39a7429d82c6d SHA-256: 8a571242d391ee6e242cdad9d6cfca21927984ea6fdbe06a333f142dc5981982
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seven-sonatas-and-largo-vol-2-sonatas-iv-vii-largo.pdf
    • http://www.gorillawalker.com/i-meet-jesus-he-tells-me-i-love-you.pdf
    • http://www.gorillawalker.com/basic-craps-for-beginners-john-patrick-s-learn-to-win.pdf
    • http://www.gorillawalker.com/alfa-romeo-ballantine-s-illustrated-history-of-the-car-marque.pdf
    • http://www.gorillawalker.com/korea-it-wasn-t-all-chinese-and-frostbite-hardcover.pdf
    • http://www.gorillawalker.com/the-halo-effect-how-volunteering-to-help-others-can-lead.pdf
    • http://www.gorillawalker.com/the-tables-of-the-law.pdf
    • http://www.gorillawalker.com/uncommon-cowboys-vol-3.pdf
    • http://www.gorillawalker.com/istanbul-kotralari.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-24-housing-and-urban-development.pdf
    • http://www.gorillawalker.com/paul-goes-fishing.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-microbiology.pdf
    • http://www.gorillawalker.com/everything-purple-god-s-great-and-glorious-earth.pdf
    • http://www.gorillawalker.com/aviation-maintenance-management-southern-illinois-university-press-series-in-aviation.pdf
    • http://www.gorillawalker.com/do-crocs-kiss-a-lift-the-flap-book.pdf
    • http://www.gorillawalker.com/chile-mapa-turistico-carretero-spanish-edition.pdf
    • http://www.gorillawalker.com/the-awakening-the-way-to-freedom-volume-3.pdf
    • http://www.gorillawalker.com/functional-independence-skills-handbook-fish-assessment-and-curriculum-for-individuals.pdf
    • http://www.gorillawalker.com/elliptic-curves-number-theory-and-cryptography-discrete-mathematics-and-its.pdf
    • http://www.gorillawalker.com/across-a-dark-highland-shore-hot-highlands-romance-volume-2.pdf
    • http://www.gorillawalker.com/steel-blue-collar-wolves-3-mating-season-collection.pdf
    • http://www.gorillawalker.com/bicycle-your-france-secret-burgundy.pdf
    • http://www.gorillawalker.com/wrestling-physical-conditioning-encyclopedia.pdf
    • http://www.gorillawalker.com/ni-cabron-ni-bonito-simplemente-caballero-spanish-edition.pdf
    • http://www.gorillawalker.com/earth-and-sky-first-discoveries.pdf
    • http://www.gorillawalker.com/the-woman-s-yoga-book-asana-and-pranayama-for-all.pdf
    • http://www.gorillawalker.com/mechanics-of-materials-9th-edition.pdf
    • http://www.gorillawalker.com/preventing-herpes-labialis-what-matters-an-article-from-family-practice.pdf
    • http://www.gorillawalker.com/zombie-tales-vol-3-good-eatin.pdf
    • http://www.gorillawalker.com/berlitz-turkish-for-your-trip.pdf
    • http://www.gorillawalker.com/learning-to-sew-how-to-library-cherry-lake.pdf
    • http://www.gorillawalker.com/warship-pictorial-no-21-kriegsmarine-prinz-eugen.pdf
    • http://www.gorillawalker.com/mann-on-the-legal-aspect-of-money.pdf
    • http://www.gorillawalker.com/grand-can-131-on-of-the-colorado.pdf
    • http://www.gorillawalker.com/san-antonio-outpost-of-empires.pdf
    • http://www.gorillawalker.com/the-color-of-death-sir-john-fielding-mysteries.pdf
    • http://www.gorillawalker.com/virtual-desire-perfect-heroes.pdf
    • http://www.gorillawalker.com/stan-lee-s-how-to-draw-superheroes-turtleback-school-library.pdf
    • http://www.gorillawalker.com/i-m-ready-for-maths-time-tables-flash-cards.pdf
    • http://www.gorillawalker.com/prentice-hall-literature-penguin-edition-readers-notebook-english-versiograde-9.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.