Malicious PDF — malware analysis report

Static analysis result for SHA-256 07384456d33921d2…

MALICIOUS

PDF

39.8 KB Created: 2018-11-23 08:01:29 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.16)
MD5: cc695937d3a3588415bc73e15b786836 SHA-1: 2c7364e7704582e893d58fabd248366e0a739162 SHA-256: 07384456d33921d2023a3e35de96d5ab0e13a758af59b0365784ffd6fd1e5587
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. While no scripts were explicitly extracted, the embedded URLs suggest an attempt to redirect the user to a potentially malicious website or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/keyboarding-and-word-processing-essentials-lessons-1-55-19th-ed.pdf
    • http://www.gorillawalker.com/managing-human-resources.pdf
    • http://www.gorillawalker.com/fall-of-sky-city-devices-of-war-volume-1.pdf
    • http://www.gorillawalker.com/crash-ride-power-station-volume-2.pdf
    • http://www.gorillawalker.com/records-of-the-congregational-church-in-turkey-hills.pdf
    • http://www.gorillawalker.com/spontaneous-evolution-our-positive-future-and-a-way-to-get.pdf
    • http://www.gorillawalker.com/dead-end-kids-gang-girls-and-the-boys-they-know.pdf
    • http://www.gorillawalker.com/the-fallow-season-of-hugo-hunter.pdf
    • http://www.gorillawalker.com/the-sum-of-no-equation-europ-ische-hochschulschriften-european-university.pdf
    • http://www.gorillawalker.com/a-students-guide-to-spectroscopy.pdf
    • http://www.gorillawalker.com/barron-s-texes.pdf
    • http://www.gorillawalker.com/switching-and-finite-automata-theory-computer-science.pdf
    • http://www.gorillawalker.com/the-1992-los-angeles-riots-perspectives-on-modern-world-history.pdf
    • http://www.gorillawalker.com/spanish-conversation-book-beginner-ii-spanish-dialogues-spanish-conversation-book.pdf
    • http://www.gorillawalker.com/armies-of-the-aztec-and-inca-empires-other-native-peoples.pdf
    • http://www.gorillawalker.com/water-resources-an-integrated-approach-kindle-edition.pdf
    • http://www.gorillawalker.com/the-manual-of-photography.pdf
    • http://www.gorillawalker.com/teddy-bears-past-and-present-vol-2-teddy-bears-past.pdf
    • http://www.gorillawalker.com/he-turned-my-wife-into-a-hucow-dairy-inc-hucow.pdf
    • http://www.gorillawalker.com/adagio-cantabile-large-print-sheet-music.pdf
    • http://www.gorillawalker.com/architectural-graphic-standards-9ed.pdf
    • http://www.gorillawalker.com/of-foreign-build.pdf
    • http://www.gorillawalker.com/wild-boy-the-real-life-of-the-savage-of-aveyron.pdf
    • http://www.gorillawalker.com/the-detective-s-dragon.pdf
    • http://www.gorillawalker.com/vic-and-blood-the-continuing-adventures-of-a-boy-and.pdf
    • http://www.gorillawalker.com/gender-machine-trap-part-three-cuckolding-paybacks-kindle-edition.pdf
    • http://www.gorillawalker.com/what-s-on-your-mind.pdf
    • http://www.gorillawalker.com/the-little-black-book-of-martinis-the-essential-guide-to.pdf
    • http://www.gorillawalker.com/witchcraft-and-hysteria-in-elizabethan-london-edward-jorden-and-the.pdf
    • http://www.gorillawalker.com/the-baptism.pdf
    • http://www.gorillawalker.com/vietnam-remembered-today-kindle-edition.pdf
    • http://www.gorillawalker.com/city-of-mirrors-a-novel.pdf
    • http://www.gorillawalker.com/photoreactive-organic-thin-films.pdf
    • http://www.gorillawalker.com/sicilienne-op-78-for-cello-violin-and-piano-1893.pdf
    • http://www.gorillawalker.com/the-best-of-polish-cooking-best-of-polish-cooking-expande.pdf
    • http://www.gorillawalker.com/america-and-the-vietnam-war-re-examining-the-culture-and.pdf
    • http://www.gorillawalker.com/the-properties-of-gases-and-liquids-kindle-edition.pdf
    • http://www.gorillawalker.com/eine.pdf
    • http://www.gorillawalker.com/brahms-johannes-sonata-no-2-in-f-major-op-99.pdf
    • http://www.gorillawalker.com/comfy-shorts-five-quick-reads.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.