Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a31501fb5a47363…

MALICIOUS

PDF

41.8 KB Created: 2018-12-07 18:30:20 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: 7e4696ec1e3e5a332cdc3405ffdecaca SHA-1: 866875bd1a25c3d6fdd283c45eba991b33bbe9c1 SHA-256: 9a31501fb5a47363f40dbbcfe18d9b1821e240d47f5a72dd9fa74c1d34311ec0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious files. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bullying-emily-breaks-free-children-s-book.pdf
    • http://www.gorillawalker.com/a-compass-to-fulfillment-passion-and-spirituality-in-life-and.pdf
    • http://www.gorillawalker.com/either-side-of-the-strand-alysha-forrest-book-4.pdf
    • http://www.gorillawalker.com/protecting-the-polar-marine-environment-law-and-policy-for-pollution.pdf
    • http://www.gorillawalker.com/essential-calculus-early-transcendentals.pdf
    • http://www.gorillawalker.com/usted-primero-se.pdf
    • http://www.gorillawalker.com/infants-and-children-plus-new-mydevelopmentlab-with-pearson-etext-valuepack.pdf
    • http://www.gorillawalker.com/liderazgo-y-postmodernidad-spanish-edition.pdf
    • http://www.gorillawalker.com/smoke-signals.pdf
    • http://www.gorillawalker.com/active-directory-cookbook-cookbooks-o-reilly-kindle-edition.pdf
    • http://www.gorillawalker.com/love-under-two-quarterbacks-the-lusty-texas-collection-siren-publishing.pdf
    • http://www.gorillawalker.com/gratitude-and-trust-six-affirmations-that-will-change-your-life.pdf
    • http://www.gorillawalker.com/studying-the-usual-suspects-instructor-s-edition-studying-films.pdf
    • http://www.gorillawalker.com/ink-a-stepbrother-romance.pdf
    • http://www.gorillawalker.com/fallout-3-collector-s-edition-prima-official-game-guide.pdf
    • http://www.gorillawalker.com/demonology-of-the-early-christian-world-symposium-series.pdf
    • http://www.gorillawalker.com/pacifism-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/the-ice-seduction-romantic-suspense-bestselling-devoted-series-volume-1.pdf
    • http://www.gorillawalker.com/the-fulfillment-of-all-desire.pdf
    • http://www.gorillawalker.com/and-mother-came-too.pdf
    • http://www.gorillawalker.com/the-land-of-my-fathers-a-son-s-return-to.pdf
    • http://www.gorillawalker.com/bound-into-the-blood-the-hounds-of-annwn-volume-4.pdf
    • http://www.gorillawalker.com/pass-ultrasound-physics-exam-study-guide-review-volume-i-kindle.pdf
    • http://www.gorillawalker.com/medicina-natural-tratamiento-natural-de-las-enfermedades-spanish-edition.pdf
    • http://www.gorillawalker.com/numismagia-vol-2-spanish-edition.pdf
    • http://www.gorillawalker.com/mental-health-and-student-conduct-issues-on-the-college-campus.pdf
    • http://www.gorillawalker.com/changing-military-patterns-of-the-great-plains-indians-17th-century.pdf
    • http://www.gorillawalker.com/bogie-and-me-the-love-story-of-humphrey-bogart-and.pdf
    • http://www.gorillawalker.com/como-ensear-matematicas-a-su-bebe-spanish-edition.pdf
    • http://www.gorillawalker.com/international-tables-for-crystallography-vol-g-definition-and-exchange-of.pdf
    • http://www.gorillawalker.com/decisiones-celeberrimi-sequanorum-senatus-dolani-romanian-edition.pdf
    • http://www.gorillawalker.com/who-was-louis-braille.pdf
    • http://www.gorillawalker.com/tele-nurse-telephone-triage-protocols.pdf
    • http://www.gorillawalker.com/australia-national-geographic-adventure-map.pdf
    • http://www.gorillawalker.com/101-modelling-poses-posing-guide-for-models-and-photographers-kindle.pdf
    • http://www.gorillawalker.com/longer-sa-for-2-part-treble-voices-sa-with-piano.pdf
    • http://www.gorillawalker.com/inspirations-from-france-italy.pdf
    • http://www.gorillawalker.com/thermodynamics-for-dummies-kindle-edition.pdf
    • http://www.gorillawalker.com/the-individual-sex-and-society.pdf
    • http://www.gorillawalker.com/watercolor-still-life-dk-art-school.pdf
    • http://www.gorillawalker.com/infa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.