Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e04f3f338abf9a7…

MALICIOUS

PDF

44.5 KB Created: 2018-11-26 20:07:03 +03:00 Authoring application: LaTeX with hyperref and pdfscreen (via Mac OS X 10.5.7 Quartz PDFContext)
MD5: 65fe5e4c3c6ef2f76a843fcc7fdd5b1f SHA-1: b621e85cd17415e7c4ff49a15231e72ad804c702 SHA-256: 1e04f3f338abf9a7185c2ed4d3d578db8c82bcee251f7f99d3546eed018ab981
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. While no scripts were extracted, the sheer volume of links suggests a malicious intent, likely to manipulate search engine results or redirect users to malicious sites. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/les-cartes-pilates-50-exercices-pour-fortifier-et-tonifier-votre.pdf
    • http://www.gorillawalker.com/beginning-life-contemporary-issues-in-science.pdf
    • http://www.gorillawalker.com/the-smiths-louder-than-bombs.pdf
    • http://www.gorillawalker.com/architectural-engineering-design-template-to-compile-the-example-water-supply.pdf
    • http://www.gorillawalker.com/encyclopedia-of-real-estate-terms-based-on-american-english-practice.pdf
    • http://www.gorillawalker.com/our-kiss.pdf
    • http://www.gorillawalker.com/adrift-seventy-six-days-lost-at-sea.pdf
    • http://www.gorillawalker.com/shreveport-s-historic-oakland-cemetery-spirits-of-pioneers-and-heroes.pdf
    • http://www.gorillawalker.com/how-is-soil-made-everybody-digs-soil.pdf
    • http://www.gorillawalker.com/the-physiology-of-taste.pdf
    • http://www.gorillawalker.com/ultimate-obstacle-race-training-crush-the-world-s-toughest-courses.pdf
    • http://www.gorillawalker.com/u-s-virgin-islands-alive.pdf
    • http://www.gorillawalker.com/a-sketch-of-the-life-and-labours-of-george-whitefield.pdf
    • http://www.gorillawalker.com/the-landscape-of-reform-civic-pragmatism-and-environmental-thought-in.pdf
    • http://www.gorillawalker.com/the-art-of-godmachine.pdf
    • http://www.gorillawalker.com/nonlocal-bifurcations-mathematical-surveys-and-monographs.pdf
    • http://www.gorillawalker.com/power-electronics-handbook.pdf
    • http://www.gorillawalker.com/manual-of-darkroom-technique-who-basic-radiological-system.pdf
    • http://www.gorillawalker.com/sanit-e-web-come-internet-ha-cambiato-il-modo-di.pdf
    • http://www.gorillawalker.com/a-networking-book.pdf
    • http://www.gorillawalker.com/terrible-horrible-edie-new-york-review-children-s-collection.pdf
    • http://www.gorillawalker.com/the-betrayal-bond-breaking-free-of-exploitive-relationships.pdf
    • http://www.gorillawalker.com/yoga-darshana-sutras-of-patanjali-with-bhasya-of-vyasa.pdf
    • http://www.gorillawalker.com/around-oxford-philip-s-cycle-tours.pdf
    • http://www.gorillawalker.com/ntfps-trade-and-its-contribution-to-local-livelihood-the-case.pdf
    • http://www.gorillawalker.com/an-interactive-introduction-to-mathematical-analysis.pdf
    • http://www.gorillawalker.com/search-engine-marketing-inc-driving-search-traffic-to-your-company.pdf
    • http://www.gorillawalker.com/lonely-planet-bali-et-lombok-lonely-planet-travel-guides-french.pdf
    • http://www.gorillawalker.com/sea-and-smoke-world-class-dishes-from-an-untamed-island.pdf
    • http://www.gorillawalker.com/dr-buynak-s-1-2-3-diabetes-diabetes-diet.pdf
    • http://www.gorillawalker.com/the-global-bakery-cakes-from-the-world-s-kitchens.pdf
    • http://www.gorillawalker.com/miss-smilla-s-feeling-for-snow-the-making-of-a.pdf
    • http://www.gorillawalker.com/george-w-smalley-forty-years-a-foreign-correspondent.pdf
    • http://www.gorillawalker.com/governing-at-the-top-building-a-board-superintendent-strategic-governing.pdf
    • http://www.gorillawalker.com/30-second-ancient-rome-the-50-most-important-achievements-of.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-3-money-maker-s-system-win.pdf
    • http://www.gorillawalker.com/complete-funk-bass.pdf
    • http://www.gorillawalker.com/dining-room-kitchen-design-300-cases.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-surgery-for-the-colon-rectum-and.pdf
    • http://www.gorillawalker.com/expert-economic-testimony-reference-guides-for-judges-and-attorneys-kindle.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.