Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac9d19742efe1d0d…

MALICIOUS

PDF

33.9 KB Created: 2020-02-20 05:09:05 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.10b)
MD5: c5a2c0446c73f2e1ab1c9ac30632fa95 SHA-1: 9a56c6a8281a69a1354d08fe785e22032b939150 SHA-256: ac9d19742efe1d0d7a789e32b07c2fff888e2bb26798b2f4ef703469da62a4f3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the domain www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content through the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jewish-philosophy-in-the-middle-ages-emunot-jewish-philosophy-and.pdf
    • http://www.gorillawalker.com/frank-cho-women-drawings-illustrations-volume-2-tp.pdf
    • http://www.gorillawalker.com/theories-for-direct-social-work-practice-sw-390n-2-theories.pdf
    • http://www.gorillawalker.com/using-festivals-to-inspire-and-engage-young-children-a-month.pdf
    • http://www.gorillawalker.com/the-holes-in-your-nose.pdf
    • http://www.gorillawalker.com/student-solutions-manual-standalone-for-intermediate-algebra.pdf
    • http://www.gorillawalker.com/you-don-t-want-to-read-what-this-man-has.pdf
    • http://www.gorillawalker.com/the-smurfs-anthology-2.pdf
    • http://www.gorillawalker.com/meretneith.pdf
    • http://www.gorillawalker.com/blood-moon-rising.pdf
    • http://www.gorillawalker.com/pedestrian-and-evacuation-dynamics.pdf
    • http://www.gorillawalker.com/an-arson-a-wig-and-a-murder-the-patsy-kessinger.pdf
    • http://www.gorillawalker.com/being-imprisoned-punishment-adaptation-and-desistance-palgrave-studies-in-prisons.pdf
    • http://www.gorillawalker.com/ritual-fire-dance-from-the-ballet-el-amor-brujo-for.pdf
    • http://www.gorillawalker.com/understanding-the-holy-spirit-made-easy-made-easy-bible-made.pdf
    • http://www.gorillawalker.com/das-ultimative-fitness-minuten-rezepte-kochbuch.pdf
    • http://www.gorillawalker.com/consulting-the-vault-com-career-guide-to-consulting-vault-guide.pdf
    • http://www.gorillawalker.com/cultural-exchange-jews-christians-and-art-in-the-medieval-marketplace.pdf
    • http://www.gorillawalker.com/introductory-chemistry-annotated-instructors-edition.pdf
    • http://www.gorillawalker.com/13-words-with-the-letter-f-by-mohammed-raj-abdullah.pdf
    • http://www.gorillawalker.com/state-of-fear-low-price-cd.pdf
    • http://www.gorillawalker.com/the-king-s-daughter-a-novel-of-the-first-tudor.pdf
    • http://www.gorillawalker.com/by-the-gods-beloved.pdf
    • http://www.gorillawalker.com/just-the-way-you-are-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/persecutions-of-the-greeks-in-turkey-since-the-beginning-of.pdf
    • http://www.gorillawalker.com/teach-yourself-developing-your-child-s-creativity.pdf
    • http://www.gorillawalker.com/an-inquiry-into-the-nature-and-causes-of-the-wealth.pdf
    • http://www.gorillawalker.com/journey-on-the-estrada-real-encounters-in-the-mountains-of.pdf
    • http://www.gorillawalker.com/screening-of-poplar-biomass-for-bio-active-compounds-a-simple.pdf
    • http://www.gorillawalker.com/pathfinding-through-multiple-personality-a-comprehensive-treatment-handbook-for-dissociative.pdf
    • http://www.gorillawalker.com/black-enterprise-lessons-from-the-top-success-strategies-from-america.pdf
    • http://www.gorillawalker.com/cinderella-sidelined-kindle-edition.pdf
    • http://www.gorillawalker.com/the-politically-correct-book-of-holiday-songs-for-clarinet.pdf
    • http://www.gorillawalker.com/frommer-s-easyguide-to-new-orleans-2014-easy-guides.pdf
    • http://www.gorillawalker.com/jesse-jackson-black-americans-of-achievement-econo-clad.pdf
    • http://www.gorillawalker.com/farm-magnet-book-farmyard-tales.pdf
    • http://www.gorillawalker.com/icd-9-cm-standard-for-hospitals-volumes-1-2-3.pdf
    • http://www.gorillawalker.com/backward-bowwow-dc-super-pets.pdf
    • http://www.gorillawalker.com/10-ways-to-reboot-your-mind-for-success.pdf
    • http://www.gorillawalker.com/the-baha-i-faith-in-africa-studies-of-religion-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.