Malicious PDF — malware analysis report

Static analysis result for SHA-256 e733af0218cf698b…

MALICIOUS

PDF

31.6 KB Created: 2020-01-17 13:27:01 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: 0387a64908273aad45a329be98979f47 SHA-1: a7f77c6dc450be171b2cd3b3e9158ff40509f18a SHA-256: e733af0218cf698b951b0d26db2f8883dc9ed49c16418d4a021d81af4013a17b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a link farm or SEO abuse. The primary purpose appears to be to direct users to a collection of URLs hosted on www.gorillawalker.com. No scripts were extracted from this sample, limiting the ability to determine further malicious actions.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-black-echo-the-black-ice.pdf
    • http://www.gorillawalker.com/world-health-systems-challenges-and-perspectives.pdf
    • http://www.gorillawalker.com/malaga-torremolinos-a-spanish-budget-holiday-the-illustrated-diaries-of.pdf
    • http://www.gorillawalker.com/cornerstones-for-college-success-books-a-la-carte-edition-plus.pdf
    • http://www.gorillawalker.com/how-to-take-nighttime-pictures-kindle-edition.pdf
    • http://www.gorillawalker.com/diaspora-a-novel.pdf
    • http://www.gorillawalker.com/promoting-electronic-commerce-consultation-on-draft-legislation-and-the-government.pdf
    • http://www.gorillawalker.com/post-colonial-syria-and-lebanon-the-decline-of-arab-nationalism.pdf
    • http://www.gorillawalker.com/asesinato-en-la-familia-la-verdadera-historia-de-los-asesinatos.pdf
    • http://www.gorillawalker.com/how-to-draw-people-in-simple-steps.pdf
    • http://www.gorillawalker.com/hypersonic-aerodynamics.pdf
    • http://www.gorillawalker.com/the-social-engineer-s-playbook-a-practical-guide-to-pretexting.pdf
    • http://www.gorillawalker.com/phallos.pdf
    • http://www.gorillawalker.com/squirtin-for-certain-a-sexy-milf-medical-play-erotica-kindle.pdf
    • http://www.gorillawalker.com/current-diagnosis-and-treatment-emergency-medicine-lange-current-series.pdf
    • http://www.gorillawalker.com/rum-runners-and-renegades-amazing-stories.pdf
    • http://www.gorillawalker.com/school-of-the-supernatural-live-the-supernatural-life-that-god.pdf
    • http://www.gorillawalker.com/lauchlin-of-the-bad-heart.pdf
    • http://www.gorillawalker.com/the-dynamics-of-art-psychotherapy-wiley-series-on-personality-processes.pdf
    • http://www.gorillawalker.com/the-story-of-fake-books-bootlegging-songs-to-musicians-studies.pdf
    • http://www.gorillawalker.com/new-orleans-jazz-piano-solos-series-vol-21.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-shakespeare-stories.pdf
    • http://www.gorillawalker.com/order-chaos-order-the-transition-from-classical-to-quantum-physics.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-6675-330-12-p.pdf
    • http://www.gorillawalker.com/violin-activity-book-1-by-kendra-law.pdf
    • http://www.gorillawalker.com/everything-i-wish-someone-had-told-me-about-high-school.pdf
    • http://www.gorillawalker.com/final-cut-pro-x-cookbook.pdf
    • http://www.gorillawalker.com/boundary-waters-canoe-area-minnesota-see-the-usa-library-binding.pdf
    • http://www.gorillawalker.com/turtle-jumps-mandarin-trade-version-chinese-edition.pdf
    • http://www.gorillawalker.com/colacao-las-mejores-recetas-best-recipes-spanish-edition.pdf
    • http://www.gorillawalker.com/concerto-no-1-op-19-for-violin-and-piano.pdf
    • http://www.gorillawalker.com/lactic-acid-tolerance-training.pdf
    • http://www.gorillawalker.com/el-pueblo-que-no-queria-crecer-spanish-edition.pdf
    • http://www.gorillawalker.com/texas-business-and-commerce-code-2014-with-tables-and-index.pdf
    • http://www.gorillawalker.com/helicopter-analysis.pdf
    • http://www.gorillawalker.com/paint-the-sea-in-oils-using-special-effects.pdf
    • http://www.gorillawalker.com/the-comprehensive-guide-to-military-monitoring.pdf
    • http://www.gorillawalker.com/dhaal-chaawal-palidu-a-collection-of-bohra-recipes.pdf
    • http://www.gorillawalker.com/colombia-countries-cultures.pdf
    • http://www.gorillawalker.com/pele-deus-perdoa-o-senhor-logan-n-o-duologia-pele.pdf
    • http://www.gorillawalker.com/how-to-draw-people-in-simple-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.