Malicious PDF — malware analysis report

Static analysis result for SHA-256 11b752634e6a3ade…

MALICIOUS

PDF

43.0 KB Created: 2018-11-14 08:21:06 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.17)
MD5: 7afc1ecf0978b30f21cef950c8032d9b SHA-1: fc443f9a9134e865b63de5f90b598f0c740f0d0f SHA-256: 11b752634e6a3ade1d47d6ace2d6a7c8416867e2a82333f2887a48432c9c9912
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of embedded URLs pointing to external PDF files, triggering a critical heuristic for a 'PDF_SEO_LINK_FARM'. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine rankings or potentially serve as a lure for further malicious activity. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mosby-s-color-atlas-and-text-of-pediatrics-and-child.pdf
    • http://www.gorillawalker.com/philadelphia-the-best-of-everything-search-word-pro-travel-series.pdf
    • http://www.gorillawalker.com/macbeth-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/fit-guys-volume-one-volume-1.pdf
    • http://www.gorillawalker.com/alien-salvation-clans-of-kalquor-book-4.pdf
    • http://www.gorillawalker.com/alcidamas-greek-texts.pdf
    • http://www.gorillawalker.com/nuclear-medicine-in-clinical-oncology-current-status-and-future-aspects.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-jerusalem-rough-guide-to.pdf
    • http://www.gorillawalker.com/william-bradford-leaders-of-the-colonial-era.pdf
    • http://www.gorillawalker.com/tantric-bliss-when-consciousness-entered-energy.pdf
    • http://www.gorillawalker.com/witness-the-selected-poems-of-mario-benedetti.pdf
    • http://www.gorillawalker.com/african-american-life-in-sumner-county-tn-images-of-america.pdf
    • http://www.gorillawalker.com/stalin-volume-i-paradoxes-of-power-1878-1928-unabridged-audible.pdf
    • http://www.gorillawalker.com/pavo-por-la-cena-de-gracias-no-gracias-turkey-for.pdf
    • http://www.gorillawalker.com/de-m-tullii-ciceronis-oratione-in-toga-candida-habita-dissertatio.pdf
    • http://www.gorillawalker.com/powdered-coal-as-a-fuel.pdf
    • http://www.gorillawalker.com/the-maestro-plays.pdf
    • http://www.gorillawalker.com/mitchell-ruff-an-american-profile-in-jazz.pdf
    • http://www.gorillawalker.com/a-dictionary-of-kathakali.pdf
    • http://www.gorillawalker.com/by-bob-dancer-video-poker-for-the-intelligent-beginner-paperback.pdf
    • http://www.gorillawalker.com/i-try-not-to-drive-past-cemeteries-the-ghosts-of.pdf
    • http://www.gorillawalker.com/etnograf-a-y-observaci-n-participante-en-investigaci-n-cualitativa.pdf
    • http://www.gorillawalker.com/traveling-graces-a-little-book-of-plane-prayers.pdf
    • http://www.gorillawalker.com/electric-machines-steady-state-operation-steady-state-operation-series-in.pdf
    • http://www.gorillawalker.com/trading-the-measured-move-a-path-to-trading-success-in.pdf
    • http://www.gorillawalker.com/texas-real-estate.pdf
    • http://www.gorillawalker.com/chinese-stories-from-the-fifties.pdf
    • http://www.gorillawalker.com/how-to-start-a-home-based-desktop-publishing-business-home.pdf
    • http://www.gorillawalker.com/moon-northern-california-biking-moon-outdoors.pdf
    • http://www.gorillawalker.com/hawaiian-dictionary-revised-enlarged-edition.pdf
    • http://www.gorillawalker.com/idol-to-icon-the-creation-of-celebrity-brands.pdf
    • http://www.gorillawalker.com/corporate-communication-a-guide-to-theory-and-practice.pdf
    • http://www.gorillawalker.com/comunicaciones-unificadas-con-elastix-vol-1-spanish-edition.pdf
    • http://www.gorillawalker.com/standards-of-emergency-nursing-practice.pdf
    • http://www.gorillawalker.com/claiming-his-fire.pdf
    • http://www.gorillawalker.com/full-court-fever-all-star-sports-stories-basketball.pdf
    • http://www.gorillawalker.com/the-dance-orissi.pdf
    • http://www.gorillawalker.com/climate-change-and-aviation-issues-challenges-and-solutions-earthscan-climate.pdf
    • http://www.gorillawalker.com/anatomy-of-a-motor-vehicle-stop-essentials-of-safe-traffic.pdf
    • http://www.gorillawalker.com/in-the-lands-of-the-enchanted-moorish-maiden-islamic-art.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.