Malicious PDF — malware analysis report

Static analysis result for SHA-256 e28924c07b6890e7…

MALICIOUS

PDF

44.2 KB Created: 2018-11-30 20:02:42 +03:00 Authoring application: LaTeX with hyperref and pdfscreen (via Mac OS X 10.5.7 Quartz PDFContext)
MD5: e1080f9c53f193d45d5df0dddc32abc5 SHA-1: 1f8188cb4ff34060e004cdf4cadee81d4b57dd3d SHA-256: e28924c07b6890e7e510fd9ac12fef739ea4970ecd58d0d5f6d03b4536109684
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links to PDF files hosted on www.gorillawalker.com. This indicates a likely SEO manipulation or link farm attack pattern. No scripts were extracted from this sample, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mein-bett-ist-nicht-zum-schlafen-da-german-edition.pdf
    • http://www.gorillawalker.com/broadway-below-the-sidewalk-concert-saloons-of-old-new-york.pdf
    • http://www.gorillawalker.com/start-up-guide-for-the-technopreneur-website-financial-planning-decision.pdf
    • http://www.gorillawalker.com/john-grisham-collection-set-of-9-books-the-innocent-men.pdf
    • http://www.gorillawalker.com/civil-litigation-connecticut-massachusetts-new-jersey-new-york-and-rhode.pdf
    • http://www.gorillawalker.com/close-encounters-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ninety-nine-names-of-allah.pdf
    • http://www.gorillawalker.com/prakruti-your-ayurvedic-constitution.pdf
    • http://www.gorillawalker.com/20-years-of-style-the-world-according-to-paper.pdf
    • http://www.gorillawalker.com/the-boys-the-story-of-732-young-concentration-camp-survivors.pdf
    • http://www.gorillawalker.com/lord-and-peasant-in-russia-from-the-ninth-to-the.pdf
    • http://www.gorillawalker.com/urban-youth-and-photovoice-visual-ethnography-in-action.pdf
    • http://www.gorillawalker.com/lighthouses-of-canada-2014-mini-calendar.pdf
    • http://www.gorillawalker.com/the-firebrand.pdf
    • http://www.gorillawalker.com/the-ultimate-maze-book.pdf
    • http://www.gorillawalker.com/continuous-ambulatory-peritoneal-dialysis-in-the-usa-final-report-of.pdf
    • http://www.gorillawalker.com/amish-witness-amish-romance-suspense-mystery-amish-love-stories-series.pdf
    • http://www.gorillawalker.com/78-tax-tips-for-canadians-for-dummies.pdf
    • http://www.gorillawalker.com/leonardo-da-vinci-lives-of-the-artists.pdf
    • http://www.gorillawalker.com/standard-specifications-for-public-works-construction-1997-greenbook.pdf
    • http://www.gorillawalker.com/native-river-the-columbia-remembered.pdf
    • http://www.gorillawalker.com/human-resource-essentials-your-guide-to-starting-and-running-the.pdf
    • http://www.gorillawalker.com/prealgebra-introductory-algebra-4th-edition.pdf
    • http://www.gorillawalker.com/henry-klumb-principios-para-una-arquitectura-de-integracion-spanish-edition.pdf
    • http://www.gorillawalker.com/bound-by-the-enemy-his-willing-slave-reluctant-gay-bdsm.pdf
    • http://www.gorillawalker.com/an-assessment-of-the-archeological-resources-to-be-affected-by.pdf
    • http://www.gorillawalker.com/new-york-jeopardy-answers-and-questions-about-our-state.pdf
    • http://www.gorillawalker.com/america-burning-revisited-national-workshop-tyson-s-corner-virginia.pdf
    • http://www.gorillawalker.com/lean-in-by-sheryl-sandberg-a-30-minute-summary-women.pdf
    • http://www.gorillawalker.com/barbary-shore-a-novel.pdf
    • http://www.gorillawalker.com/fixed-term-parliaments-bill-second-report-of-session-2010-11.pdf
    • http://www.gorillawalker.com/the-piano-keys-kindle-edition.pdf
    • http://www.gorillawalker.com/ancient-meteorology-sciences-of-antiquity-series.pdf
    • http://www.gorillawalker.com/jubilee-reflections-rich-and-poor-in-christian-perspective.pdf
    • http://www.gorillawalker.com/acis-and-galatea-a-serenata-in-vocal-score-vocal-score.pdf
    • http://www.gorillawalker.com/popol-vuh-antiguas-leyendas-del-maya-quiche.pdf
    • http://www.gorillawalker.com/so-you-want-to-take-physics-a-preparatory-course.pdf
    • http://www.gorillawalker.com/therapeutic-uses-of-botulinum-toxin-musculoskeletal-medicine.pdf
    • http://www.gorillawalker.com/landscape-artist-s-drawing-bible-artist-s-bibles.pdf
    • http://www.gorillawalker.com/taekwon-do-origins-of-the-art-bok-man-kim-s.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.