Malicious PDF — malware analysis report

Static analysis result for SHA-256 04d8f112b734d33f…

MALICIOUS

PDF

33.2 KB Created: 2019-12-09 21:37:53 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.10b)
MD5: 2c34cce6e7b849e5a03a4992cab6d9e3 SHA-1: 18e4f5bd69a396c0f6517aa6a019e609d16d1a55 SHA-256: 04d8f112b734d33fd66ab2606a8ccc06b293a9054fe2348f5050be94b6b5824f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests an attempt to manipulate search engine rankings or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/postwestern-cultures-literature-theory-space-postwestern-horizons.pdf
    • http://www.gorillawalker.com/psychiatric-mental-health-nursing-from-suffering-to-hope.pdf
    • http://www.gorillawalker.com/automotive-quality-systems-handbook-second-edition-iso-ts-16949-2002.pdf
    • http://www.gorillawalker.com/help-god-i-m-broke-kindle-edition.pdf
    • http://www.gorillawalker.com/of-the-people-a-history-of-the-united-states-concise.pdf
    • http://www.gorillawalker.com/the-airline-training-pilot.pdf
    • http://www.gorillawalker.com/the-thirty-seven-principles-of-enlightenment-kindle-edition.pdf
    • http://www.gorillawalker.com/toyer.pdf
    • http://www.gorillawalker.com/pull-up-a-sandbag-and-pass-me-a-lamp-or.pdf
    • http://www.gorillawalker.com/nora-roberts-in-the-garden-cd-collection-blue-dahlia-black.pdf
    • http://www.gorillawalker.com/constitutional-law-bar-exam-review.pdf
    • http://www.gorillawalker.com/the-sea-green-integer.pdf
    • http://www.gorillawalker.com/on-and-popping-the-beauty-shop-chronicles-kindle-edition.pdf
    • http://www.gorillawalker.com/seeds-of-contention-world-hunger-and-the-global-controversy-over.pdf
    • http://www.gorillawalker.com/hydrology-2020-an-integrating-science-to-meet-world-water-challenges.pdf
    • http://www.gorillawalker.com/the-bishop-bond.pdf
    • http://www.gorillawalker.com/ten-lessons-to-transform-your-marriage-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/neighbor-law-fences-trees-boundaries-noise-kindle-edition.pdf
    • http://www.gorillawalker.com/william-morris-2015-calendar-arts-crafts-designs-wal-calendar.pdf
    • http://www.gorillawalker.com/fall-from-grace-the-untold-story-of-michael-milken.pdf
    • http://www.gorillawalker.com/a-people-s-history-of-the-u-s-military.pdf
    • http://www.gorillawalker.com/handbook-of-korea.pdf
    • http://www.gorillawalker.com/the-grandees-america-s-sephardic-elite.pdf
    • http://www.gorillawalker.com/petite-preludes-for-instruments-french-horn.pdf
    • http://www.gorillawalker.com/readings-on-fahrenheit-451-greenhaven-press-literary-companion-to-american.pdf
    • http://www.gorillawalker.com/persian-travel-guides-zanjan-ardabil-and-gilan.pdf
    • http://www.gorillawalker.com/alchemy-lovecraft-s-library-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/poetry-quick-study-academic.pdf
    • http://www.gorillawalker.com/baby-tractor.pdf
    • http://www.gorillawalker.com/irish-songs.pdf
    • http://www.gorillawalker.com/tax-planning-for-royalties-strategies-tactics-to-reduce-tax.pdf
    • http://www.gorillawalker.com/health-through-balance-an-introduction-to-tibetan-medicine.pdf
    • http://www.gorillawalker.com/mixed-martial-arts-for-dummies-byshamrock.pdf
    • http://www.gorillawalker.com/intermediate-bach-for-cello-cello-and-piano-edited-by-charles.pdf
    • http://www.gorillawalker.com/private-wealth-and-public-education.pdf
    • http://www.gorillawalker.com/the-fifth-discipline-the-art-practice-of-the-learning-organization.pdf
    • http://www.gorillawalker.com/emergency-paediatric-care-cd-rom-the-practical-approach.pdf
    • http://www.gorillawalker.com/cold-hungry-and-in-the-dark-exploding-the-natural-gas.pdf
    • http://www.gorillawalker.com/native-science-natural-laws-of-interdependence-unknown-edition-by-cajete.pdf
    • http://www.gorillawalker.com/stories-from-the-folklore-of-russia-erotic-tales-of-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.