Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee61121df1dde85f…

MALICIOUS

PDF

33.1 KB Created: 2019-12-14 02:42:29 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.16)
MD5: dc0267bbe9d271db45a40a0a57d14c49 SHA-1: 2c24b4fd647b41eab0af29c813c02c8582167afc SHA-256: ee61121df1dde85f6fe4af0f590ecf814f22bd95b461aa2d1e8eaa1771797238
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/smell-of-sawdust-the.pdf
    • http://www.gorillawalker.com/the-wahls-protocol-a-radical-new-way-to-treat-all.pdf
    • http://www.gorillawalker.com/recorder-express-soprano-recorder-method-for-classroom-or-individual-use.pdf
    • http://www.gorillawalker.com/adventures-of-a-girl-in-space-008.pdf
    • http://www.gorillawalker.com/design-new-england-magazine-kitchen-bath-january-february-2012.pdf
    • http://www.gorillawalker.com/the-making-of-urban-japan-cities-and-planning-from-edo.pdf
    • http://www.gorillawalker.com/niv-standard-lesson-commentary-2010-2011.pdf
    • http://www.gorillawalker.com/abc-of-medical-law.pdf
    • http://www.gorillawalker.com/handbook-for-teacher-educators-transfer-translate-or-transform.pdf
    • http://www.gorillawalker.com/god-s-armorbearer-1-2-the-daily-journey.pdf
    • http://www.gorillawalker.com/the-art-of-pantomime.pdf
    • http://www.gorillawalker.com/rethinking-european-jewish-history-littman-library-of-jewish-civilization.pdf
    • http://www.gorillawalker.com/future-of-work.pdf
    • http://www.gorillawalker.com/study-and-master-life-sciences-grade-12-learner-s-book.pdf
    • http://www.gorillawalker.com/afterimage-of-the-revolution-cumann-na-ngaedheal-and-irish-politics.pdf
    • http://www.gorillawalker.com/clouds-and-rain.pdf
    • http://www.gorillawalker.com/2000-census-of-population-and-housing-texas-population-and-housing.pdf
    • http://www.gorillawalker.com/women-activism-and-social-change-stretching-boundaries-routledge-research-in.pdf
    • http://www.gorillawalker.com/the-team-that-stopped-moving.pdf
    • http://www.gorillawalker.com/zwei-welten-seal-of-the-king-volume-1-german-edition.pdf
    • http://www.gorillawalker.com/sex-ratios-concepts-and-research-methods.pdf
    • http://www.gorillawalker.com/mechanics-an-intensive-course.pdf
    • http://www.gorillawalker.com/nclex-pn-flashcard-book-premium-edition-with-cd-nursing-test.pdf
    • http://www.gorillawalker.com/emma-and-sara-learn-about-harvest-time.pdf
    • http://www.gorillawalker.com/atopic-dermatitis-psoriasis-treatment-korean-edition.pdf
    • http://www.gorillawalker.com/residential-design-using-autocad-2008.pdf
    • http://www.gorillawalker.com/menopause-the-end-of-fertility-an-article-from-a-friend.pdf
    • http://www.gorillawalker.com/pearl-harbor-1941.pdf
    • http://www.gorillawalker.com/painting-portraits-and-figures-in-watercolor-painting-portraits-figures-i.pdf
    • http://www.gorillawalker.com/the-liberated-imagination-thinking-christianly-about-the-arts.pdf
    • http://www.gorillawalker.com/blyssful-lies-the-blyss-trilogy.pdf
    • http://www.gorillawalker.com/best-of-both-worlds-canada-allows-its-immigrants-to-have.pdf
    • http://www.gorillawalker.com/orchid-of-the-bayou-a-deaf-woman-faces-blindness.pdf
    • http://www.gorillawalker.com/nafta-and-free-trade-in-the-americas-in-a-nutshell.pdf
    • http://www.gorillawalker.com/circular-v-280.pdf
    • http://www.gorillawalker.com/the-innate-mind-volume-2-culture-and-cognition-evolution-and.pdf
    • http://www.gorillawalker.com/the-trivium-in-college-composition-and-reading.pdf
    • http://www.gorillawalker.com/michelin-green-guide-corse-corsica-in-french-french-edition.pdf
    • http://www.gorillawalker.com/language-and-communication-disorders-in-children-5th-edition.pdf
    • http://www.gorillawalker.com/taming-ryder-souls-of-the-knight-book-2.pdf
    • http://www.gorillawalker.com/rethinking-european-jew
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.