Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e4a055e6f295511…

MALICIOUS

PDF

40.6 KB Created: 2019-03-18 02:04:36 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: d7a7667b101e39c0ae425a6658ff5fb8 SHA-1: 4703f262ad303032cdd954da27e4015c9ac0a93b SHA-256: 9e4a055e6f29551153b9bb00c2685fc796f6038067e66607069c635acda56e5a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external PDF links, suggesting the document's purpose is to redirect users to numerous other PDF files hosted on 'gorillawalker.com'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/william-burroughs-the-algebra-of-need-critical-appraisals-series.pdf
    • http://www.gorillawalker.com/gambling-for-georgetown-a-jake-logan-private-tutor-mystery.pdf
    • http://www.gorillawalker.com/echo-planar-imaging-theory-technique-and-application.pdf
    • http://www.gorillawalker.com/agnew-s-masterworks-in-lithography-pierre-bonnard-1867-1947-edouard.pdf
    • http://www.gorillawalker.com/woman-under-monasticism-chapters-on-saint-lore-and-convent-life.pdf
    • http://www.gorillawalker.com/mental-floss-split-decision-trivia-so-tempting-you-won-t.pdf
    • http://www.gorillawalker.com/reader-as-detective-level-b.pdf
    • http://www.gorillawalker.com/the-virgin-encyclopedia-of-stage-and-film-musicals-virgin-encyclopedia.pdf
    • http://www.gorillawalker.com/socrates-in-90-minutes-philosophers-in-90-minutes-series.pdf
    • http://www.gorillawalker.com/dorothy-dehner-a-retrospective-of-sculpture-drawings-and-paintings-an.pdf
    • http://www.gorillawalker.com/marketing-industrial-spanish-edition.pdf
    • http://www.gorillawalker.com/a-taste-of-topology-universitext.pdf
    • http://www.gorillawalker.com/without-permission-a-spiritual-journey-to-healing.pdf
    • http://www.gorillawalker.com/art-of-storyboard.pdf
    • http://www.gorillawalker.com/country-tales.pdf
    • http://www.gorillawalker.com/vending-machines-in-philippines-market-snapshot-to-2015-download-pdf.pdf
    • http://www.gorillawalker.com/tabe-secrets-study-guide-tabe-exam-review-for-the-test.pdf
    • http://www.gorillawalker.com/equity-and-trusts-150-leading-cases.pdf
    • http://www.gorillawalker.com/with-all-josie-s-heart-mills-boon-love-inspired.pdf
    • http://www.gorillawalker.com/investment-management-law-and-regulation.pdf
    • http://www.gorillawalker.com/small-animal-clinical-hematology.pdf
    • http://www.gorillawalker.com/psychology-and-gynaecological-problems.pdf
    • http://www.gorillawalker.com/far-out-fashion-bringing-1960s-and-1970s-flair-to-your.pdf
    • http://www.gorillawalker.com/keeping-luke-s-secret.pdf
    • http://www.gorillawalker.com/prince2-2009-planning-and-control-using-microsoft-project-2010.pdf
    • http://www.gorillawalker.com/girl-on-a-mission-kindle-edition.pdf
    • http://www.gorillawalker.com/nothing-but-the-girl-the-blatant-lesbian-image-a-portfolio.pdf
    • http://www.gorillawalker.com/fatal-desire-women-sexuality-and-the-english-stage-1660-1720.pdf
    • http://www.gorillawalker.com/reports-of-the-united-states-tax-court-volume-132-january.pdf
    • http://www.gorillawalker.com/simulating-innovation-computer-based-tools-for-rethinking-innovation.pdf
    • http://www.gorillawalker.com/kaplan-ap-biology.pdf
    • http://www.gorillawalker.com/the-boer-war-1899-1902.pdf
    • http://www.gorillawalker.com/heavenly-poems-god-s-poems-of-relationships-volume-4.pdf
    • http://www.gorillawalker.com/guerrilla-marketing-for-writers-100-no-cost-low-cost-weapons.pdf
    • http://www.gorillawalker.com/basis-toeic-catch-korean-edition.pdf
    • http://www.gorillawalker.com/a-deadly-secret-the-strange-disappearance-of-kathie-durst-berkley.pdf
    • http://www.gorillawalker.com/the-painted-chamber-at-westminster.pdf
    • http://www.gorillawalker.com/philosophy-of-history.pdf
    • http://www.gorillawalker.com/hadrian-s-wall-path-british-walking-guide-planning-places-to.pdf
    • http://www.gorillawalker.com/guidebook-to-murder-a-tourist-trap-mystery-1-kindle-edition.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.