Malicious PDF — malware analysis report

Static analysis result for SHA-256 c904320a329f927f…

MALICIOUS

PDF

44.4 KB Created: 2018-12-14 20:02:11 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.17)
MD5: 8039d2d521b08b2564eea1aa0db8758d SHA-1: 713e1d38eff50d40fbd906521f78932a6de741d2 SHA-256: c904320a329f927f91c7a5c46773a4d5fdce781ae0313bc4868a11bd1a855a2e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hey-duck.pdf
    • http://www.gorillawalker.com/the-virgin-mary-in-the-perceptions-of-women.pdf
    • http://www.gorillawalker.com/alice-s-adventures-in-wonderland-alice-no-pais-das-maravilhas.pdf
    • http://www.gorillawalker.com/emanuel-law-outlines-constitutional-law.pdf
    • http://www.gorillawalker.com/gideon-discipleship-lessons-from-the-bronze-age-jesuswalk-bible-study.pdf
    • http://www.gorillawalker.com/science-fiction-aurum-film-encyclopedia.pdf
    • http://www.gorillawalker.com/wisconsin-manufacturers-directory-2014.pdf
    • http://www.gorillawalker.com/how-to-make-money-in-real-estate-with-government-loans.pdf
    • http://www.gorillawalker.com/zoroastrian-hell-visions-tours-and-descriptions-of-the-infernal-otherworld.pdf
    • http://www.gorillawalker.com/beauties-of-tennyson-epic-audio-collection.pdf
    • http://www.gorillawalker.com/whale-in-the-sky.pdf
    • http://www.gorillawalker.com/pakistan-a-dream-gone-sour-jubilee-series.pdf
    • http://www.gorillawalker.com/nueva-historia-de-la-guerra-fr-a-spanish-edition.pdf
    • http://www.gorillawalker.com/incarnation-new-and-selected-poems-for-spiritual-reflectionnew-and-selected.pdf
    • http://www.gorillawalker.com/the-tragedy-paper.pdf
    • http://www.gorillawalker.com/the-rapture-question-kindle-edition.pdf
    • http://www.gorillawalker.com/photo-gallery-of-nagoya-in-japan-photo-books-photo-album.pdf
    • http://www.gorillawalker.com/correspondencia-comercial-spanish-edition.pdf
    • http://www.gorillawalker.com/pattern-recognition-and-neural-networks.pdf
    • http://www.gorillawalker.com/long-beach-state-a-brief-history.pdf
    • http://www.gorillawalker.com/creo-parametric-1-0-for-designers.pdf
    • http://www.gorillawalker.com/spy-games.pdf
    • http://www.gorillawalker.com/ultimate-spanish-beginner-intermediate-coursebook-ultimate-beginner-intermediate.pdf
    • http://www.gorillawalker.com/theosis-sino-christian-theology-and-the-second-chinese-enlightenment-heaven.pdf
    • http://www.gorillawalker.com/fun-and-educational-places-to-go-with-kids-and-adults.pdf
    • http://www.gorillawalker.com/the-shi-a-of-samarra-the-heritage-and-politics-of.pdf
    • http://www.gorillawalker.com/space-blog-crabtree-connections.pdf
    • http://www.gorillawalker.com/the-chick-magnet-cookbook-more-than-seventy-seductive-recipes-to.pdf
    • http://www.gorillawalker.com/welch-ein-gl.pdf
    • http://www.gorillawalker.com/medical-school-essays-that-made-a-difference-4th-edition-graduate.pdf
    • http://www.gorillawalker.com/weather-analysis.pdf
    • http://www.gorillawalker.com/safety-shutdown-systems-design-analysis-and-justification.pdf
    • http://www.gorillawalker.com/the-kind-diet-a-simple-guide-to-feeling-great-losing.pdf
    • http://www.gorillawalker.com/my-wife-the-bimbo-2-my-best-friend-s-bimbo.pdf
    • http://www.gorillawalker.com/the-naughty-nightstand-reader-a-collection-of-erotic-short-stories.pdf
    • http://www.gorillawalker.com/assessment-in-special-education-a-practical-approach-student-value-edition.pdf
    • http://www.gorillawalker.com/dynamics-of-structural-systems.pdf
    • http://www.gorillawalker.com/la-amante-gourmet-the-gourmet-lover-spanish-edition.pdf
    • http://www.gorillawalker.com/geek-nation-how-indian-science-is-taking-over-the-world.pdf
    • http://www.gorillawalker.com/steam-museum-of-the-great-western-railway.pdf
    • http://www.gorillawalker.com/science-fic
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.