Malicious PDF — malware analysis report

Static analysis result for SHA-256 2b3b5c6f113a6515…

MALICIOUS

PDF

44.3 KB Created: 2019-02-13 02:16:54 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: 667074951625055c2b0150fe924b4c7b SHA-1: 9a0f2171a5ed76a581547606cf4e9e0c3e47f273 SHA-256: 2b3b5c6f113a65155cc25b4aefa7471632833e2d0fa1781f7171d9a18980f023
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine results or distribute further malicious content through the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/brain-tumors-the-american-journal-of-pathology.pdf
    • http://www.gorillawalker.com/the-u-s-nuclear-arsenal-a-history-of-weapons-and.pdf
    • http://www.gorillawalker.com/bare-confessions-bare-love-book-two.pdf
    • http://www.gorillawalker.com/auto-body-repair-technology-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/my-math-grade-5-vol-1.pdf
    • http://www.gorillawalker.com/walking-in-bulgaria-s-national-parks-cicerone-guides.pdf
    • http://www.gorillawalker.com/baby-einstein-alphabooks.pdf
    • http://www.gorillawalker.com/interpersonal-communication-human-relationships-7th-edition.pdf
    • http://www.gorillawalker.com/emergency-workers.pdf
    • http://www.gorillawalker.com/basic-essentials-snowboarding-2nd-basic-essentials-series.pdf
    • http://www.gorillawalker.com/friendship-with-the-holy-spirit.pdf
    • http://www.gorillawalker.com/technical-studies-for-the-cornet.pdf
    • http://www.gorillawalker.com/defeat-pain-meditations-to-transform-pain-to-peace.pdf
    • http://www.gorillawalker.com/we-ll-never-forget-you-roberto-clemente.pdf
    • http://www.gorillawalker.com/mouse-the-cat-and-grandmother-s-hat-the.pdf
    • http://www.gorillawalker.com/the-price-of-dissent-testimonies-to-political-repression-in-america.pdf
    • http://www.gorillawalker.com/triumph-bonneville-gold-portfolio-1959-1983.pdf
    • http://www.gorillawalker.com/adventure-guide-to-canada-s-atlantic-provinces.pdf
    • http://www.gorillawalker.com/cartas-suenos-y-otros-textos-de-remedios-varo-biblioteca-era.pdf
    • http://www.gorillawalker.com/league-of-extraordinary-gentleman-century-2009.pdf
    • http://www.gorillawalker.com/sociolog-a-de-la-empresa-del-marco-hist-rico-a.pdf
    • http://www.gorillawalker.com/beyond-barn-finds-the-baroness-and-the-mercedes-and-49.pdf
    • http://www.gorillawalker.com/pmp-exam-system-system-5-hour-review-6-000-question.pdf
    • http://www.gorillawalker.com/stick-it-to-your-ex-a-mini-voodoo-kit.pdf
    • http://www.gorillawalker.com/brink-s-modern-internal-auditing-a-common-body-of-knowledge.pdf
    • http://www.gorillawalker.com/changing-direction-a-practical-approach-to-directing-actors-in-film.pdf
    • http://www.gorillawalker.com/baghdad-sketches-journeys-through-iraq-the-freya-stark-collection.pdf
    • http://www.gorillawalker.com/4-dada-suicides-selected-texts-of-arthur-cravan-jacques-rigaut.pdf
    • http://www.gorillawalker.com/elementary-statistics-a-step-by-step-approach-5th-edition-fifth.pdf
    • http://www.gorillawalker.com/sport-physiology-for-coaches.pdf
    • http://www.gorillawalker.com/small-town-big-miracle-how-love-came-to-the-least.pdf
    • http://www.gorillawalker.com/tiaras-and-pink-frosting.pdf
    • http://www.gorillawalker.com/robert-silverberg-s-many-trapdoors-critical-essays-on-his-science.pdf
    • http://www.gorillawalker.com/criminal-evidence-and-technology-studies-set-2-volumes-paperback-chinese.pdf
    • http://www.gorillawalker.com/75-melodious-and-progressive-studies-complete-op-36-violin.pdf
    • http://www.gorillawalker.com/knowledge-management-for-teams-and-projects-chandos-knowledge-management.pdf
    • http://www.gorillawalker.com/talk-yuh-talk-interviews-with-anglophone-caribbean-poets.pdf
    • http://www.gorillawalker.com/missing-time-313-volume-1.pdf
    • http://www.gorillawalker.com/the-representations-of-the-overseas-world-in-the-de-bry.pdf
    • http://www.gorillawalker.com/anti-imperial-metropolis-interwar-paris-and-the-seeds-of-third.pdf
    • http://www.gorillawalker.com/baby-ein
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.