Malicious PDF — malware analysis report

Static analysis result for SHA-256 32fd3a7f367d87b2…

MALICIOUS

PDF

42.5 KB Created: 2018-12-14 20:38:01 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: e71f24e1336da67949a5d350a9f396b7 SHA-1: 2c71c47843909ae6f408104ba66593b0a27f8615 SHA-256: 32fd3a7f367d87b2cc4812ca424ed6e5858048ce015f931d5966a7e6866def75
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, indicating a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was unreadable, limiting the ability to determine the exact user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-bike-book-complete-bicycle-maintenance-haynes-by-mark-storey.pdf
    • http://www.gorillawalker.com/zionism.pdf
    • http://www.gorillawalker.com/the-kansas-city-medical-index-lancet-volume-10-no-12.pdf
    • http://www.gorillawalker.com/clouds-clarendon-paperbacks.pdf
    • http://www.gorillawalker.com/sigur-r-s-s-33-1-3.pdf
    • http://www.gorillawalker.com/natural-supplements-for-diabetes-practical-and-proven-health-suggestions-for.pdf
    • http://www.gorillawalker.com/the-secret-madonna-the-jesus-thief-series-book-2.pdf
    • http://www.gorillawalker.com/inside-the-magic-kingdom-seven-keys-to-disney-s-success.pdf
    • http://www.gorillawalker.com/a-visual-history-of-costume-the-fourteenth-fifteenth-centuries.pdf
    • http://www.gorillawalker.com/critical-thinking-an-introduction.pdf
    • http://www.gorillawalker.com/science-and-destabilization-in-the-modern-american-gothic-lovecraft-matheson.pdf
    • http://www.gorillawalker.com/the-sowing-and-the-dawning-termination-dedication-and-transformation-in.pdf
    • http://www.gorillawalker.com/cuisine-of-the-water-gods-the-authentic-seafood-and-vegetable.pdf
    • http://www.gorillawalker.com/christmas-gifts-of-good-taste-1991-edition.pdf
    • http://www.gorillawalker.com/conquered-hearts-the-collection-paperback.pdf
    • http://www.gorillawalker.com/fondue-lifestyle-box-sets.pdf
    • http://www.gorillawalker.com/killing-jesus-a-history-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/sheryl-swoopes-all-star-basketball-player-making-their-mark.pdf
    • http://www.gorillawalker.com/the-colombian-civil-war.pdf
    • http://www.gorillawalker.com/bolivia-basics-a-short-course-or-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/outrageously-fun-solos-for-the-formerly-bored-piano-student-book.pdf
    • http://www.gorillawalker.com/cinco-monitos-brincando-en-la-cama-five-little-monkeys-jumping.pdf
    • http://www.gorillawalker.com/all-s-fair-love-war-and-running-for-president.pdf
    • http://www.gorillawalker.com/ye-shall-be-as-gods-humanism-and-christianity-the-battle.pdf
    • http://www.gorillawalker.com/esorcisti-e-psichiatri-fede-e-vita-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/truth-predication.pdf
    • http://www.gorillawalker.com/applying-sport-psychology-four-perspectives.pdf
    • http://www.gorillawalker.com/history-of-seyd-said-sultan-of-muscat-together-with-an.pdf
    • http://www.gorillawalker.com/body-scenes.pdf
    • http://www.gorillawalker.com/cuo-luan-nian-hua-chi-kuang-book-one-volume-1.pdf
    • http://www.gorillawalker.com/student-learning-outside-the-classroom-transcending-artificial-boundaries-j-b.pdf
    • http://www.gorillawalker.com/the-dynamical-theory-of-gases-cambridge-library-collection-physical-sciences.pdf
    • http://www.gorillawalker.com/rejoice-a-soulful-celebration-for-christmas-choral-book.pdf
    • http://www.gorillawalker.com/russian-natural-gas-availability-energy-environmental-programme.pdf
    • http://www.gorillawalker.com/boo-kitty.pdf
    • http://www.gorillawalker.com/book-of-exalted-deeds-dungeons-dragons-d20-3-5-fantasy.pdf
    • http://www.gorillawalker.com/cambodia-energy-policy-laws-and-regulation-handbook-volume-1.pdf
    • http://www.gorillawalker.com/the-privatisation-of-british-rail.pdf
    • http://www.gorillawalker.com/ethical-theories-in-islam-islamic-philosophy-theology-and-science-texts.pdf
    • http://www.gorillawalker.com/spice-and-the-devil-s-cave.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.