Malicious PDF — malware analysis report

Static analysis result for SHA-256 026b4dd368a46aa7…

MALICIOUS

PDF

41.1 KB Created: 2019-05-05 01:37:02 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: 4f30a1906864ec5099c81d0cfa3fb42a SHA-1: c6671cc9b42f722641cd82621549e31afc5211cc SHA-256: 026b4dd368a46aa7a96d42fbafabf49dcf5b76078796ba0487e0cc8cc1e1572e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, triggering a critical heuristic for a PDF link farm. The ML classifier also flagged the document as malicious. The document body is heavily obfuscated but contains references to these URLs, suggesting a coordinated effort to direct users to a specific domain for potentially malicious purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/viva-travel-guides-bolivia.pdf
    • http://www.gorillawalker.com/lonely-planet-trekking-in-the-indian-himalaya-travel-guide.pdf
    • http://www.gorillawalker.com/anima-vol-10.pdf
    • http://www.gorillawalker.com/medical-cell-biology-third-edition-medical-cell-biology-goodman.pdf
    • http://www.gorillawalker.com/the-baobab-tree-usborne-first-reading-digital.pdf
    • http://www.gorillawalker.com/brazil-east-coast-porto-de-salvador-sudoc-d-5-356.pdf
    • http://www.gorillawalker.com/handbook-of-usability-testing-how-to-plan-design-and-conduct.pdf
    • http://www.gorillawalker.com/marvin-s-shining-star.pdf
    • http://www.gorillawalker.com/is-it-okay-to-call-god-mother-considering-the-feminine.pdf
    • http://www.gorillawalker.com/the-driftless-area.pdf
    • http://www.gorillawalker.com/nacer-con-una-pregunta-en-el-coraz-n-spanish-edition.pdf
    • http://www.gorillawalker.com/the-digital-age-and-local-studies-chandos-series-for-information.pdf
    • http://www.gorillawalker.com/jonathan-swift-collection.pdf
    • http://www.gorillawalker.com/the-art-and-sound-of-the-bristol-underground-paperback-common.pdf
    • http://www.gorillawalker.com/la-hermosa-vampirizada-spanish-edition.pdf
    • http://www.gorillawalker.com/shaping-jazz-cities-labels-and-the-global-emergence-of-an.pdf
    • http://www.gorillawalker.com/detonate-tyrone-king-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/cancer-of-the-skin-v-1.pdf
    • http://www.gorillawalker.com/operative-dentistry-pathology-hard-tissues-of-the-teeth-oral-diagnosis.pdf
    • http://www.gorillawalker.com/the-sea-king-weathermages-of-mystral-book-2.pdf
    • http://www.gorillawalker.com/food-and-cooking-in-roman-britain-history-and-recipes.pdf
    • http://www.gorillawalker.com/the-cauldron-of-dreams-a-witch-s-book-of-divination.pdf
    • http://www.gorillawalker.com/developing-products-in-half-the-time.pdf
    • http://www.gorillawalker.com/kinematics-and-dynamics-of-lava-flows-special-paper-geological-society.pdf
    • http://www.gorillawalker.com/philadelphia-s-great-pride-her-city-hall.pdf
    • http://www.gorillawalker.com/that-devil-s-no-friend-of-mine.pdf
    • http://www.gorillawalker.com/from-boy-to-man-from-delinquency-to-crime-studies-in.pdf
    • http://www.gorillawalker.com/architecture-and-construction-building-pyramids-log-cabins-castles-igloos-bridges.pdf
    • http://www.gorillawalker.com/the-big-switch-the-war-that-came-early-book-three.pdf
    • http://www.gorillawalker.com/georgis-parasitolog.pdf
    • http://www.gorillawalker.com/urban-agriculture-ideas-and-designs-for-the-new-food-revolution.pdf
    • http://www.gorillawalker.com/the-history-of-the-standard-oil-company-volume-2.pdf
    • http://www.gorillawalker.com/fresh-interim-management-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/deadly-greetings-cardmaking-mystery-2-the-cardmaking-mysteries.pdf
    • http://www.gorillawalker.com/discovering-computers-microsoft-office-2013-a-fundamental-combined-approach-shelly.pdf
    • http://www.gorillawalker.com/icespeak.pdf
    • http://www.gorillawalker.com/liquid-chromatography-mass-spectrometry-ms-ms-and-time-of-flight.pdf
    • http://www.gorillawalker.com/paulo-mendes-da-rocha-fifty-years-projects-1957-2007.pdf
    • http://www.gorillawalker.com/lippincott-s-review-series-mental-health-and-psychiatric-nursing.pdf
    • http://www.gorillawalker.com/digest-of-laws-affecting-motor-carrier-liability-insurance-including-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.