Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dbacccf5feb0ba3…

MALICIOUS

PDF

44.5 KB Created: 2019-03-18 07:29:23 +03:00 Authoring application: LaTeX with hyperref package (via dvips + ps2pdf)
MD5: 6f2f28a02be2938f81088586c3c78f60 SHA-1: 43ffadc411b28cb9038ab21943e3e108633d2a75 SHA-256: 9dbacccf5feb0ba374a3146167a83c51e017776eecd9dfe81c823175c4defd0d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, likely used for SEO manipulation or to distribute potentially malicious content disguised as legitimate documents. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/graph-algebra-mathematical-modeling-with-a-systems-approach-quantitative-applications.pdf
    • http://www.gorillawalker.com/a-brief-introduction-to-criminal-law.pdf
    • http://www.gorillawalker.com/subversive-cross-stitch.pdf
    • http://www.gorillawalker.com/manuscript-paper-100-pages-six-wide-staves-for-all-instruments.pdf
    • http://www.gorillawalker.com/the-lyle-official-review-antiques-price-guide-1994.pdf
    • http://www.gorillawalker.com/the-associate-press-stylebook-2008-and-briefing-on-media-law.pdf
    • http://www.gorillawalker.com/by-ronald-w-dudek-high-yield-embryology-high-yield-series.pdf
    • http://www.gorillawalker.com/the-best-early-stories-of-f-scott-fitzgerald-modern-library.pdf
    • http://www.gorillawalker.com/achieve-career-success-2e-brief.pdf
    • http://www.gorillawalker.com/hints-of-effective-app-prototyping-hints-of-effective-app-prototyping.pdf
    • http://www.gorillawalker.com/violent-affect-literature-cinema-and-critique-after-representation.pdf
    • http://www.gorillawalker.com/the-power-of-speaking-god-s-word-how-to-preach.pdf
    • http://www.gorillawalker.com/this-next-new-year-chinese-english-bilingual-edition-chinese-edition.pdf
    • http://www.gorillawalker.com/then-bowa-said-to-schmidt-the-greatest-phillies-stories-ever.pdf
    • http://www.gorillawalker.com/celebrate-autumn-ages-5-8-a-christian-education-book.pdf
    • http://www.gorillawalker.com/cuentos-desde-aqu-spanish-edition.pdf
    • http://www.gorillawalker.com/the-dreamer-of-dreams-by-king-of-romania-consort-of.pdf
    • http://www.gorillawalker.com/w-jordans-nibelunge-volume-1-2-german-edition.pdf
    • http://www.gorillawalker.com/dunhuang-bian-sai-shi-ge-jiao-zhu-dunhuang-wen-xian.pdf
    • http://www.gorillawalker.com/the-yoga-bible.pdf
    • http://www.gorillawalker.com/make-your-story-really-stink-big-kindle-edition.pdf
    • http://www.gorillawalker.com/louis-i-kahn-beyond-time-and-style-a-life-in.pdf
    • http://www.gorillawalker.com/some-parts-are-not-for-sharing.pdf
    • http://www.gorillawalker.com/a-woman-s-guide-to-menopause-and-perimenopause-yale-university.pdf
    • http://www.gorillawalker.com/oxford-duden-german-dictionary-german-english-english-german.pdf
    • http://www.gorillawalker.com/all-access-a-starlet-novel.pdf
    • http://www.gorillawalker.com/recent-progress-on-earthquake-geology-environmental-science-engineering-and-technology.pdf
    • http://www.gorillawalker.com/where-hong-kong-cityguide-where-cityguides.pdf
    • http://www.gorillawalker.com/vlsi-placement-and-routing-the-pi-project-monographs-in-computer.pdf
    • http://www.gorillawalker.com/oceana-choral-score-archive-edition.pdf
    • http://www.gorillawalker.com/where-there-is-no-vet.pdf
    • http://www.gorillawalker.com/lloyd-s-law-reports-1988-v-2.pdf
    • http://www.gorillawalker.com/application-of-gaskinetics-to-some-flow-problems.pdf
    • http://www.gorillawalker.com/rebel-king-the-har-ships.pdf
    • http://www.gorillawalker.com/understanding-ballet-the-steps-of-the-dance-from-classroom-to.pdf
    • http://www.gorillawalker.com/geographic-information-systems-in-petroleum-exploration-and-development-aapg-computer.pdf
    • http://www.gorillawalker.com/amelia-bedelia-chapter-book-3-amelia-bedelia-road-trip.pdf
    • http://www.gorillawalker.com/military-propaganda-psychological-warfare-and-operations.pdf
    • http://www.gorillawalker.com/endocrine-management-of-prostatic-cancer-new-developments-in-biosciences-4.pdf
    • http://www.gorillawalker.com/power-interest-and-psychology-elements-of-a-social-materialist-understanding.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.