Malicious PDF — malware analysis report

Static analysis result for SHA-256 e293c61d546328f1…

MALICIOUS

PDF

42.9 KB Created: 2018-11-26 20:09:07 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: d166ac2402d72fd0cb6b077be9ebe566 SHA-1: 06ffc4afb620b1e938db3e15a05eb776f606fb8d SHA-256: e293c61d546328f1b1edfc414d98f6f0283c064f7a0cc795c1965d51140becf5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large number of external links, constituting a link farm. The embedded URLs point to various PDF documents hosted on the domain www.gorillawalker.com. This suggests the primary purpose is to manipulate search engine results or to act as a distribution point for other malicious content, rather than delivering a direct payload within this file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/toygasms-the-insider-s-guide-to-sex-toys-and-techniques.pdf
    • http://www.gorillawalker.com/jagger-a-stepbrother-romance-book-three.pdf
    • http://www.gorillawalker.com/who-built-the-pyramid.pdf
    • http://www.gorillawalker.com/oxford-first-thesaurus-2007.pdf
    • http://www.gorillawalker.com/brilliant-cover-letters-what-you-need-to-know-to-write.pdf
    • http://www.gorillawalker.com/help-to-zion-s-travellers.pdf
    • http://www.gorillawalker.com/mujeres-con-trastornos-por-d.pdf
    • http://www.gorillawalker.com/collaborative-policing-police-academics-professionals-and-communities-working-together-for.pdf
    • http://www.gorillawalker.com/focusing-the-familiar.pdf
    • http://www.gorillawalker.com/the-book-of-fly-patterns.pdf
    • http://www.gorillawalker.com/the-art-of-american-car-design-the-profession-and-personalities.pdf
    • http://www.gorillawalker.com/sports-broadcasting.pdf
    • http://www.gorillawalker.com/proceedings-of-the-29th-colloquium-on-the-law-of-outer.pdf
    • http://www.gorillawalker.com/hot-and-wet-in-the-sauna-bw-wm-romance.pdf
    • http://www.gorillawalker.com/what-i-meant-to-say-was-well-known-quotes-revised.pdf
    • http://www.gorillawalker.com/hamish-fulton-keep-moving.pdf
    • http://www.gorillawalker.com/the-washington-manual-cardiology-subspecialty-consult-washington-manual-subspecialty-consult.pdf
    • http://www.gorillawalker.com/bermuda-98-the-complete-guide-with-seaside-golf-secluded-beaches.pdf
    • http://www.gorillawalker.com/how-to-answer-interview-questions-kindle-edition.pdf
    • http://www.gorillawalker.com/pokemon-fire-red-leaf-green-prima-official-game-guide.pdf
    • http://www.gorillawalker.com/pocket-guide-to-bach-flower-essences-crossing-press-pocket-guides.pdf
    • http://www.gorillawalker.com/to-the-top-step-into-reading.pdf
    • http://www.gorillawalker.com/tales-from-shakespeare-penguin-classics.pdf
    • http://www.gorillawalker.com/english-persian-law-dictionary-a-dictionary-of-legal-political-and.pdf
    • http://www.gorillawalker.com/old-trolleybuses-shire-library.pdf
    • http://www.gorillawalker.com/the-hutchinson-gcse-chemistry-factfinder.pdf
    • http://www.gorillawalker.com/arthur-and-the-seventh-inning-stretcher-arthur-good-sports-2.pdf
    • http://www.gorillawalker.com/resonant-power-converters.pdf
    • http://www.gorillawalker.com/miracle-babies-and-other-happy-endings-for-couples-with-fertility.pdf
    • http://www.gorillawalker.com/r-verie-by-claude-debussy-for-solo-piano-1890-cd76.pdf
    • http://www.gorillawalker.com/elise-historical-romance-novel-brocade-collection-book-7-kindle-edition.pdf
    • http://www.gorillawalker.com/aviation-and-climate-change-lessons-for-european-policy-routledge-studies.pdf
    • http://www.gorillawalker.com/macmillan-field-guide-to-bird-identification.pdf
    • http://www.gorillawalker.com/l-applicazione-della-norma-iso-9001-2008-italian-edition.pdf
    • http://www.gorillawalker.com/working-toward-freedom-slave-society-and-domestic-economy-in-the.pdf
    • http://www.gorillawalker.com/decision-making-with-the-analytic-network-process-economic-political-social.pdf
    • http://www.gorillawalker.com/comic-genius-portraits-of-funny-people.pdf
    • http://www.gorillawalker.com/competencia-gramatical-en-uso-b2-libro-de-claves-spanish-edition.pdf
    • http://www.gorillawalker.com/race-to-win-the-7-essential-skills-of-the-complete.pdf
    • http://www.gorillawalker.com/principles-of-paleontology.pdf
    • http://www.gorillawalker.com/collaborative-policing-police-academics-professionals-and-communities-working-together-for.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.