Malicious PDF — malware analysis report

Static analysis result for SHA-256 acf6a632bf0d5af0…

MALICIOUS

PDF

44.8 KB Created: 2019-01-06 08:03:51 +03:00 Authoring application: LaTeX with hyperref package (via pdfeTeX-1.10b)
MD5: e01862c2db83c1009d29d3a163aa8c51 SHA-1: b5fee0c5d4931ad66ab27c481689bdead20496ef SHA-256: acf6a632bf0d5af031b235e0359c17766fdb0a0f3878c67c833bf85eda9387f9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rock-wood-pack-bound-to-be-mated-bound-to-be.pdf
    • http://www.gorillawalker.com/guerrilla-marketing-goes-green-winning-strategies-to-improve-your-profits.pdf
    • http://www.gorillawalker.com/camiones-de-volteo-dump-trucks-maquinas-de-construccion-construction-machines.pdf
    • http://www.gorillawalker.com/molecular-basis-of-virology-acs.pdf
    • http://www.gorillawalker.com/river-running.pdf
    • http://www.gorillawalker.com/astonishing-apples.pdf
    • http://www.gorillawalker.com/heat-a-graphic-reality-check-for-teens-dealing-with-sexuality.pdf
    • http://www.gorillawalker.com/details-men-s-style-manual-the-ultimate-guide-for-making.pdf
    • http://www.gorillawalker.com/zooborns-cats-the-cutest-kittens-and-cubs-from-zoos-around.pdf
    • http://www.gorillawalker.com/leading-change-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/preaching-in-the-inventive-age.pdf
    • http://www.gorillawalker.com/real-world-kanban-do-less-accomplish-more-with-lean-thinking.pdf
    • http://www.gorillawalker.com/verlaufskurven-und-crossover-statistische-analyse-von-verlaufskurven-im-zwei-stichproben.pdf
    • http://www.gorillawalker.com/article-beaux-arts-institute-of-design-judgement-of-march-13th.pdf
    • http://www.gorillawalker.com/moses-ark-stories-from-the-bible.pdf
    • http://www.gorillawalker.com/wallace-stevens-the-poetics-of-modernism-cambridge-studies-in-american.pdf
    • http://www.gorillawalker.com/preface-to-the-presidency-selected-speeches-of-bill-clinton-1974.pdf
    • http://www.gorillawalker.com/the-egyptians-how-they-made-things-work.pdf
    • http://www.gorillawalker.com/carillon-rondeau-handbell-3-5-sheet-music.pdf
    • http://www.gorillawalker.com/comparing-mythologies-charles-r-bronfman-lecture-in-canadian-studies.pdf
    • http://www.gorillawalker.com/jane-eyre.pdf
    • http://www.gorillawalker.com/axure-for-mobile-second-edition.pdf
    • http://www.gorillawalker.com/medical-terminology-word-builder-and-communications-workbook.pdf
    • http://www.gorillawalker.com/beasts-of-the-field-a-narrative-history-of-california-farmworkers.pdf
    • http://www.gorillawalker.com/farmers-and-farm-workers-movements-social-protest-in-american-agriculture.pdf
    • http://www.gorillawalker.com/romany-remedies-and-recipes.pdf
    • http://www.gorillawalker.com/dark-sparkler.pdf
    • http://www.gorillawalker.com/needlework-designs-forevers-design-line-book-21-knitted-pretzel-sweaters.pdf
    • http://www.gorillawalker.com/the-ancient-egyptians.pdf
    • http://www.gorillawalker.com/applied-hydrogeology-of-fractured-rocks-second-edition.pdf
    • http://www.gorillawalker.com/el-libro-verde-spanish-edition.pdf
    • http://www.gorillawalker.com/turkish-myth-and-muslim-symbol-the-battle-of-manzikert.pdf
    • http://www.gorillawalker.com/reference-and-information-services-in-the-21st-century-an-introduction.pdf
    • http://www.gorillawalker.com/radioactivity-introduction-and-history.pdf
    • http://www.gorillawalker.com/collected-works-of-c-g-jung-experimental-researches-vol-2.pdf
    • http://www.gorillawalker.com/impressions-of-africa-oneworld-classics.pdf
    • http://www.gorillawalker.com/dinosaurs-home-reference-library.pdf
    • http://www.gorillawalker.com/perinatal-and-pediatric-respiratory-care-3th-third-edition.pdf
    • http://www.gorillawalker.com/historical-tables-fiscal-year-2016-budget-of-the-united-states.pdf
    • http://www.gorillawalker.com/macaroon-recipes-the-ultimate-macaroon-recipe-cookbook.pdf
    • http://www.gorillawalker.com/details-men-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.