Malicious PDF — malware analysis report

Static analysis result for SHA-256 a757423c9301aef2…

MALICIOUS

PDF

34.0 KB Created: 2019-12-09 09:31:34 +03:00 Authoring application: TeX (via pdfTeX-0.14f)
MD5: 5d55618a25cd0da37ea4b84fdd337dca SHA-1: 56df4e232164f6e31cca684eeb15b281168fc795 SHA-256: a757423c9301aef26adecf1364c9165f717ef952438c4f35e438f4a6b6c1f020
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain gorillawalker.com. This is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-a-world-listening-1-amazing-stories-from-around-the.pdf
    • http://www.gorillawalker.com/free-agent-manual-the-rules-and-tools-for-your-solo.pdf
    • http://www.gorillawalker.com/cinq-melodies-populaires-grecques-five-greek-folk-melodies-avec-accomp.pdf
    • http://www.gorillawalker.com/the-beatles-beatles-for-sale-guitar-recorded-versions.pdf
    • http://www.gorillawalker.com/essentials-of-clinical-pulmonology.pdf
    • http://www.gorillawalker.com/systems-of-conservation-laws-1-hyperbolicity-entropies-shock-waves-v.pdf
    • http://www.gorillawalker.com/mortality-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/dead-mountain-the-untold-true-story-of-the-dyatlov-pass.pdf
    • http://www.gorillawalker.com/radio-network-planning-and-optimisation-for-umts.pdf
    • http://www.gorillawalker.com/skiing-true-books-sports.pdf
    • http://www.gorillawalker.com/photographic-impressionists-of-spain-a-history-of-the-aesthetics-and.pdf
    • http://www.gorillawalker.com/flat-water-tuesday-a-novel.pdf
    • http://www.gorillawalker.com/the-tiger-and-the-dried-persimmon-korean-folk-tales.pdf
    • http://www.gorillawalker.com/tattoo-skinographics.pdf
    • http://www.gorillawalker.com/leed-v4-accredited-professional-bd-c-exam-study-guide-complete.pdf
    • http://www.gorillawalker.com/moving-metropolis.pdf
    • http://www.gorillawalker.com/halo-silentium.pdf
    • http://www.gorillawalker.com/au-contraire-figuring-out-the-french.pdf
    • http://www.gorillawalker.com/te-odiar-toda-la-vida-spanish-edition.pdf
    • http://www.gorillawalker.com/tratamiento-de-oclusi-n-y-afecciones-temporomandibulares-evolve.pdf
    • http://www.gorillawalker.com/who-needs-love-when-you-have-a-cyborg-lover-naughty.pdf
    • http://www.gorillawalker.com/global-warming-understanding-the-forecast.pdf
    • http://www.gorillawalker.com/manual-of-small-animal-endocrinology-bsava-british-small-animal-veterinary.pdf
    • http://www.gorillawalker.com/runaway-soul.pdf
    • http://www.gorillawalker.com/on-the-three-types-of-juristic-thought-contributions-in-political.pdf
    • http://www.gorillawalker.com/property-and-liability-insurance-circular-he-224.pdf
    • http://www.gorillawalker.com/a-da-act-iii-finale-tu-amonasro-bassoon-1-and.pdf
    • http://www.gorillawalker.com/erotic-art-from-the-17th-to-the-20th-century-the.pdf
    • http://www.gorillawalker.com/alfred-essential-drum-fills.pdf
    • http://www.gorillawalker.com/still-breathin-the-wisdom-and-teachings-of-a-perfectly-flawed.pdf
    • http://www.gorillawalker.com/evangelization-in-china-challenges-and-prospects.pdf
    • http://www.gorillawalker.com/divine-guidance-the-baccalaureate-sermon-in-lebanon-valley-college-delivered.pdf
    • http://www.gorillawalker.com/infrared-fiber-optics-spie-tutorial-text-vol-tt02-tutorial-text.pdf
    • http://www.gorillawalker.com/maybe-i-m-amazed-jazz-play-along-volume-97.pdf
    • http://www.gorillawalker.com/cosmological-enigmas-pulsars-quasars-and-other-deep-space-questions.pdf
    • http://www.gorillawalker.com/masters-of-wisdom-gandhi-radical-wisdom-for-a-changing-world.pdf
    • http://www.gorillawalker.com/natural-solutions-of-sexual-disorders-say-no-to-erectile-dysfunction.pdf
    • http://www.gorillawalker.com/genius-of-shakespeare-tenth-anniversary-edition.pdf
    • http://www.gorillawalker.com/the-trivia-book-of-rock-n-roll-music-the-80s.pdf
    • http://www.gorillawalker.com/alfred-first-division-band-method-part-2-trombone.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.