Malicious PDF — malware analysis report

Static analysis result for SHA-256 8ffbe3874703ce8d…

MALICIOUS

PDF

45.2 KB Created: 2019-02-12 19:46:39 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: fac3f8b0febbc286adab6ab646b7529c SHA-1: de6dc97e38f8a169d5fc5de65fd7e783595fa610 SHA-256: 8ffbe3874703ce8df6f139328d29ea4fd0caf5521f7292a2dba973da312c76fe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content via numerous URLs hosted on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/leapfrog-leapreader-interactive-world-map-works-with-tag-by-leapfrog.pdf
    • http://www.gorillawalker.com/beating-the-devil-out-of-them-corporal-punishment-in-american.pdf
    • http://www.gorillawalker.com/a-book-of-discovery.pdf
    • http://www.gorillawalker.com/an-introduction-to-collective-bargaining-industrial-relations.pdf
    • http://www.gorillawalker.com/the-demon-king-a-seven-realms-novel-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/modern-violin-methods-by-hersey-1902.pdf
    • http://www.gorillawalker.com/spanish-language-television-in-the-united-states-fifty-years-of.pdf
    • http://www.gorillawalker.com/gold-guides-chateaux-of-the-loire-bonechi-gold-guides.pdf
    • http://www.gorillawalker.com/superfood-smoothies-superfoods-with-smoothies-for-weightloss.pdf
    • http://www.gorillawalker.com/the-chemistry-of-optically-active-sulfur-compounds.pdf
    • http://www.gorillawalker.com/film-on-paper-the-inner-life-of-movies.pdf
    • http://www.gorillawalker.com/digital-principles-and-applications.pdf
    • http://www.gorillawalker.com/intellectual-property-text-and-essential-cases.pdf
    • http://www.gorillawalker.com/transmission-network-protection-theory-and-practice-power-engineering-willis.pdf
    • http://www.gorillawalker.com/operations-with-fractions-unit-6-ramp-up-mathematics-1.pdf
    • http://www.gorillawalker.com/secrets-of-peruvian-cuisine-spiral-bound.pdf
    • http://www.gorillawalker.com/many-pass-on-naic-meeting-set-in-hawaii-national-association.pdf
    • http://www.gorillawalker.com/happy-grandma-s-crossword-books-volume-24.pdf
    • http://www.gorillawalker.com/energy-insights-series.pdf
    • http://www.gorillawalker.com/mothcatcher-and-halloween-costume.pdf
    • http://www.gorillawalker.com/radiologic-science-for-technologists-physics-biology-and-protection-10e.pdf
    • http://www.gorillawalker.com/history-family-flip-quiz-family-flip-quiz-series.pdf
    • http://www.gorillawalker.com/the-violence-of-emotions-bion-and-post-bionian-psychoanalysis-the.pdf
    • http://www.gorillawalker.com/vencedores-en-la-derrota-novela-basada-en-hechos-reales-spanish.pdf
    • http://www.gorillawalker.com/making-radio-a-practical-guide-to-working-in-radio-in.pdf
    • http://www.gorillawalker.com/venice-baedeker-guide-baedeker-guides.pdf
    • http://www.gorillawalker.com/ultraviolet-radiation-an-authoritative-scientific-review-of-environmental-and-health.pdf
    • http://www.gorillawalker.com/la-celestina-ebook-epub-cl.pdf
    • http://www.gorillawalker.com/community-participation-methods-in-design-and-planning.pdf
    • http://www.gorillawalker.com/wealth-grow-it-and-protect-it-updated-and-revised-paperback.pdf
    • http://www.gorillawalker.com/scissors-paper-stone-expressions-of-memory-in-contemporary-photographic-art.pdf
    • http://www.gorillawalker.com/paving-with-pervious-concrete.pdf
    • http://www.gorillawalker.com/secret-society-secret-society-of-the-world-of-conspiracy-theories.pdf
    • http://www.gorillawalker.com/the-one-true-sacrifice-of-dragons-and-wolves-1-siren.pdf
    • http://www.gorillawalker.com/communication-and-the-mentally-ill-patient-developmental-and-linguistic-approaches.pdf
    • http://www.gorillawalker.com/comeback-a-mother-and-daughter-s-journey-through-hell-and.pdf
    • http://www.gorillawalker.com/strap-on-surprise-strap-on-menage-erotica.pdf
    • http://www.gorillawalker.com/centaurus-for-b-flat-cornet-or-trumpet-with-piano-accompaniment.pdf
    • http://www.gorillawalker.com/t-shirt-makeovers-20-transformations-for-fabulous-fashions.pdf
    • http://www.gorillawalker.com/operational-control-of-coagulation-and-filtration-processes-m37-awwa-manual.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.