Malicious PDF — malware analysis report

Static analysis result for SHA-256 24a49f72c1dced3b…

MALICIOUS

PDF

46.6 KB Created: 2018-12-15 08:53:24 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.9)
MD5: e1d2fc4dcb7d6412164d0aa36700aa50 SHA-1: a5080683257489c95fb245c3babd2ee10c4d5464 SHA-256: 24a49f72c1dced3bccd78734b8d9f3d722fcc85458e9bcf58bee1d9af0df6517
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to various book titles, suggesting a potential SEO spam or content redirection scheme. No scripts were extracted, limiting further analysis of the payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/impregnating-the-maid-interracial-breeding-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/beckett-waiting-for-godot-plays-in-production.pdf
    • http://www.gorillawalker.com/eir-enfermero-interno-residente-test-de-autoevaluaci-n-spanish-edition.pdf
    • http://www.gorillawalker.com/islamic-revival-in-british-india-deoband-1860-1900-oxford-india.pdf
    • http://www.gorillawalker.com/motor-bicycle-building-1906.pdf
    • http://www.gorillawalker.com/copeia-official-publication-of-the-american-society-of-ichthyologists-and.pdf
    • http://www.gorillawalker.com/judah-s-sceptre-and-joseph-s-birthright-an-analysis-of.pdf
    • http://www.gorillawalker.com/the-almost-nearly-perfect-people-behind-the-myth-of-the.pdf
    • http://www.gorillawalker.com/chevrolet-el-camino-photo-history-including-gmc-sprint-caballero.pdf
    • http://www.gorillawalker.com/ulrich-jasper-seetzen-s-reisen-durch-syrien-pal-stina-ph.pdf
    • http://www.gorillawalker.com/demanding-democracy-reform-and-reaction-in-costa-rica-and-guatemala.pdf
    • http://www.gorillawalker.com/deploying-next-generation-multicast-enabled-applications-label-switched-multicast-for.pdf
    • http://www.gorillawalker.com/manual-de-mantenimiento-avanzado-de-piscinas-spanish-edition.pdf
    • http://www.gorillawalker.com/tex-mex-from-scratch.pdf
    • http://www.gorillawalker.com/watsuji-tetsuro-s-rinrigaku-ethics-in-japan-suny-series-in.pdf
    • http://www.gorillawalker.com/resolving-social-conflicts-and-field-theory-in-social-science.pdf
    • http://www.gorillawalker.com/research-for-health-policy.pdf
    • http://www.gorillawalker.com/change-up-mystery-at-the-world-series-the-sports-beat.pdf
    • http://www.gorillawalker.com/liberty-s-children-stories-of-eleven-revolutionary-war-children.pdf
    • http://www.gorillawalker.com/the-undergroundtrader-com-guide-to-electronic-trading.pdf
    • http://www.gorillawalker.com/tissue-economies-blood-organs-and-cell-lines-in-late-capitalism.pdf
    • http://www.gorillawalker.com/connect-access-card-for-social-inequality-patterns-and-processes.pdf
    • http://www.gorillawalker.com/shifting-obsessions-three-essays-on-the-politics-of-anticorruption.pdf
    • http://www.gorillawalker.com/multiculturalism-and-the-politics-of-guilt-toward-a-secular-theocracy.pdf
    • http://www.gorillawalker.com/knocked-up-taboo-style-fertile-fun-book-7.pdf
    • http://www.gorillawalker.com/recalling-deeds-immortal-florida-monuments-to-the-civil-war.pdf
    • http://www.gorillawalker.com/cambridge-igcse-r-and-international-certificate-german-foreign-language-teacher.pdf
    • http://www.gorillawalker.com/tastes-treasures-a-storytelling-cookbook-of-historic-arizona.pdf
    • http://www.gorillawalker.com/nightwing-vol-5-setting-son-the-new-52.pdf
    • http://www.gorillawalker.com/selections-fom-the-black-book-2.pdf
    • http://www.gorillawalker.com/manual-of-critical-care-nursing-pageburst-e-book-on-vitalsource.pdf
    • http://www.gorillawalker.com/madness-on-the-couch-blaming-the-victim-in-the-heyday.pdf
    • http://www.gorillawalker.com/salsa-the-rhythm-of-latin-music-performance-in-world-music.pdf
    • http://www.gorillawalker.com/life-magazine-december-22-1947.pdf
    • http://www.gorillawalker.com/snake-hunter-the-nick-sullivan-series-volume-6.pdf
    • http://www.gorillawalker.com/de-umbris-idearum-on-the-shadows-of-ideas.pdf
    • http://www.gorillawalker.com/general-chemistry-4th-edition.pdf
    • http://www.gorillawalker.com/north-sea-requiem-joanne-ross.pdf
    • http://www.gorillawalker.com/narrative-of-the-voyages-and-services-of-the-nemesis-from.pdf
    • http://www.gorillawalker.com/i-will-sing-the-wondrous-story-a-history-of-baptist.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.