Malicious PDF — malware analysis report

Static analysis result for SHA-256 17244bb236f15fda…

MALICIOUS

PDF

43.1 KB Created: 2018-12-15 20:00:26 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: ad70095c94823ea70a7f71645a73210a SHA-1: b939105a8f7c67a533f8af60a23bd6fa8fce98f5 SHA-256: 17244bb236f15fdac633718479c9e275cc53a3aef9d7d94298e7bec1e3203280
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing for a link farm, with 32 external PDF links embedded. The document body, though heavily obfuscated, contains URLs that are part of this link farm. This suggests the document's primary purpose is to direct users to a large number of external resources, likely for SEO manipulation or to host malicious content. No scripts were extracted, but the presence of embedded URLs and the link farm heuristic indicate a malicious intent to redirect users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/american-flaneur-the-cosmic-physiognomy-of-edgar-allan-poe-studies.pdf
    • http://www.gorillawalker.com/worst-tattoos-ever-kindle-edition.pdf
    • http://www.gorillawalker.com/stone-horse-mustang-mountain.pdf
    • http://www.gorillawalker.com/le-banquet.pdf
    • http://www.gorillawalker.com/life-after-aids-restoring-health-naturally.pdf
    • http://www.gorillawalker.com/international-financial-reporting-standards-this-work-professes-to-assist-finance.pdf
    • http://www.gorillawalker.com/blue-lights-in-the-night.pdf
    • http://www.gorillawalker.com/power-of-vitamin-d-a-vitamin-d-book-that-contains.pdf
    • http://www.gorillawalker.com/the-flowers-of-tarbes-or-terror-in-literature.pdf
    • http://www.gorillawalker.com/running-with-the-demon-the-word-and-the-void-trilogy.pdf
    • http://www.gorillawalker.com/ancient-athens.pdf
    • http://www.gorillawalker.com/christianity-and-barthianism-paperback.pdf
    • http://www.gorillawalker.com/the-turn-of-the-screw-and-the-aspern-papers-penguin.pdf
    • http://www.gorillawalker.com/kansas-city-attractions-the-comprehensive-handbook-on-how-to-enjoy.pdf
    • http://www.gorillawalker.com/tattoo-beautiful.pdf
    • http://www.gorillawalker.com/pro-single-page-application-development-using-backbone-js-and-asp.pdf
    • http://www.gorillawalker.com/marcel-duchamp-in-the-infinitive.pdf
    • http://www.gorillawalker.com/rome-and-religion-in-the-medieval-world-studies-in-honor.pdf
    • http://www.gorillawalker.com/god-and-the-end-of-satan-dieu-and-la-fin.pdf
    • http://www.gorillawalker.com/vagen.pdf
    • http://www.gorillawalker.com/finding-passion-in-the-nursing-home-how-to-love-your.pdf
    • http://www.gorillawalker.com/writer-s-repertoire.pdf
    • http://www.gorillawalker.com/the-vinland-sagas-penguin-classics.pdf
    • http://www.gorillawalker.com/one-brave-cowboy.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-supreme-court-quotations.pdf
    • http://www.gorillawalker.com/easy-russian-phrase-book-new-edition-over-700-phrases-for.pdf
    • http://www.gorillawalker.com/april-and-the-dragon-lady.pdf
    • http://www.gorillawalker.com/shadow-yoga-chaya-yoga-the-principles-of-hatha-yoga.pdf
    • http://www.gorillawalker.com/august-macke-oriental-journey-2013.pdf
    • http://www.gorillawalker.com/europaisches-medienrecht-fernsehen-und-seine-gemeinschaftsrechtliche-regelung-european-media-law.pdf
    • http://www.gorillawalker.com/the-storm-whale.pdf
    • http://www.gorillawalker.com/the-battle-of-hussainiwala-and-qaiser-i-hind-the-1971.pdf
    • http://www.gorillawalker.com/soil-physics-selected-topics-developments-in-geotechnical-engineering.pdf
    • http://www.gorillawalker.com/texes-115-mathematics-4-8-w-cd-rom-texes-teacher.pdf
    • http://www.gorillawalker.com/inhomogeneous-cosmological-models.pdf
    • http://www.gorillawalker.com/arabic-behind-enemy-lines-saved-by-a-secret-weapon-arabic.pdf
    • http://www.gorillawalker.com/blank-cookbook-my-favorite-recipes-create-your-own-cookbook-keep.pdf
    • http://www.gorillawalker.com/healing-back-pain-the-mind-body-connection-by-sarno-john.pdf
    • http://www.gorillawalker.com/united-states-authors-series-gloria-naylor-twayne-s-united-states.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.