Malicious PDF — malware analysis report

Static analysis result for SHA-256 c33eac42a65c4854…

MALICIOUS

PDF

42.5 KB Created: 2019-03-18 12:11:34 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: 68e618924aac8f6d30e1323cb2524b73 SHA-1: 4cdca416dcd40020cd26f58017e94d6a4b7da8b0 SHA-256: c33eac42a65c48549d4b16fa788506faca65c2bf695c870548ca93ad3113c1cc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1598 Gather Victim Identity Information T1204 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The embedded URLs point to various book titles on the domain 'gorillawalker.com'. This suggests a link farm or SEO manipulation tactic, potentially to distribute malware or phish users through seemingly legitimate document links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cyclopedia-of-applied-electricity-a-general-reference-work-on-direct.pdf
    • http://www.gorillawalker.com/seascape-other-poems.pdf
    • http://www.gorillawalker.com/fast-into-the-night-a-woman-her-dogs-and-their.pdf
    • http://www.gorillawalker.com/arctic-migrants-arctic-villagers-the-transformation-of-inuit-settlement-in.pdf
    • http://www.gorillawalker.com/toward-a-female-genealogy-of-transcendentalism.pdf
    • http://www.gorillawalker.com/tripura.pdf
    • http://www.gorillawalker.com/credit-smart-your-step-by-step-guide-to-establishing-or.pdf
    • http://www.gorillawalker.com/the-backwoods.pdf
    • http://www.gorillawalker.com/houses-of-new-orleans.pdf
    • http://www.gorillawalker.com/me-we-and-glee-how-to-have-a-great-attitude.pdf
    • http://www.gorillawalker.com/mounted-by-a-monster-the-complete-demon-stories-paranormal-boxed.pdf
    • http://www.gorillawalker.com/get-started-in-portuguese-absolute-beginner-course-the-essential-introduction.pdf
    • http://www.gorillawalker.com/sink-into-sleep-a-step-by-step-workbook-for-insomnia.pdf
    • http://www.gorillawalker.com/forever-in-the-shadow-of-hitler.pdf
    • http://www.gorillawalker.com/alkhati2a-the-sin-riwayat-ayyoub-volume-4-arabic-edition.pdf
    • http://www.gorillawalker.com/north-american-indians-and-alaska-natives-abstracts-of-the-psychological.pdf
    • http://www.gorillawalker.com/the-last-jews-of-kerala-the-two-thousand-year-history.pdf
    • http://www.gorillawalker.com/stories-of-the-prophets.pdf
    • http://www.gorillawalker.com/the-institutes-of-vishnu-kindle-edition.pdf
    • http://www.gorillawalker.com/shifting-out-of-park.pdf
    • http://www.gorillawalker.com/the-legend-of-dr-j.pdf
    • http://www.gorillawalker.com/john-stuart-mill-on-liberty-longman-library-of-primary-sources.pdf
    • http://www.gorillawalker.com/ulysses-in-hand-the-rosenbach-manuscript.pdf
    • http://www.gorillawalker.com/der-rheinfall-erhabene-natur-und-touristische-vermarktung-german-edition.pdf
    • http://www.gorillawalker.com/little-minnesota-100-towns-around-100.pdf
    • http://www.gorillawalker.com/selected-prose-1934-1996.pdf
    • http://www.gorillawalker.com/top-secret.pdf
    • http://www.gorillawalker.com/ada-plus-data-structures-with-3-5-disk.pdf
    • http://www.gorillawalker.com/opere-vol-1-studi-psichiatrici-italian-edition.pdf
    • http://www.gorillawalker.com/hindu-art.pdf
    • http://www.gorillawalker.com/trans-himalaya-discoveries-and-adventures-in-tibet.pdf
    • http://www.gorillawalker.com/4-album-leaves-op-28-for-solo-piano.pdf
    • http://www.gorillawalker.com/between-giants-the-battle-for-the-baltics-in-world-war.pdf
    • http://www.gorillawalker.com/introduction-to-vedic-knowledge-volume-4-the-secondary-vedas.pdf
    • http://www.gorillawalker.com/athens-with-kids-and-not-only.pdf
    • http://www.gorillawalker.com/civil-engineering-engineering-economics-engineering-press-at-oup.pdf
    • http://www.gorillawalker.com/the-bard-of-blood-kindle-edition.pdf
    • http://www.gorillawalker.com/the-history-of-the-county-of-bruce-and-of-the.pdf
    • http://www.gorillawalker.com/sheer-city-young-naked-women-autumn-belle-plays-in-bed.pdf
    • http://www.gorillawalker.com/a-photographic-atlas-of-histology-by-michael-j-leboffe-2003.pdf
    • http://www.gorillawalker.com/arctic-migrants-arctic-villagers-the-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.