Malicious PDF — malware analysis report

Static analysis result for SHA-256 349b1e610a3164ae…

MALICIOUS

PDF

34.8 KB Created: 2019-05-18 21:18:00 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.4)
MD5: 9f470d32f19fb0fd84d817c77f4bc1c3 SHA-1: 8bbcac4304443bd65bd93402b1bd6da726a2f443 SHA-256: 349b1e610a3164ae504d69f91a1770a3da4444d67985661df53036c5a3c2c85b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a significant number of external links to other PDF documents. This behavior is indicative of a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links suggests a malicious intent to either distribute content or potentially lead users to malicious sites through indirect means.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/partnerships-and-the-community-legal-service-a-discussion-paper.pdf
    • http://www.gorillawalker.com/same-and-different-kindergarten-bound.pdf
    • http://www.gorillawalker.com/lonely-planet-best-of-amsterdam.pdf
    • http://www.gorillawalker.com/young-che-memories-of-che-guevara-by-his-father.pdf
    • http://www.gorillawalker.com/florida-national-geographic-map-recreation-atlas.pdf
    • http://www.gorillawalker.com/the-queen-of-spades-op-68-tomsky-s-song-if.pdf
    • http://www.gorillawalker.com/theory-of-geostationary-satellites.pdf
    • http://www.gorillawalker.com/work-family-enrichment.pdf
    • http://www.gorillawalker.com/water-and-ice-climate-change.pdf
    • http://www.gorillawalker.com/accelerated-life-models-modeling-and-statistical-analysis.pdf
    • http://www.gorillawalker.com/heureusement-que-vous-tes-l-c-cile-pisode-2-french.pdf
    • http://www.gorillawalker.com/recent-advances-in-applied-nonlinear-dynamics-with-numerical-analysis-fractional.pdf
    • http://www.gorillawalker.com/concerto-no-20-in-d-minor-for-the-piano-schirmer.pdf
    • http://www.gorillawalker.com/i-will-be-king-over-you-the-rhetoric-of-divine.pdf
    • http://www.gorillawalker.com/her-own-place-a-novel-southern-revivals.pdf
    • http://www.gorillawalker.com/abc-etymological-dictionary-of-old-chinese-abc-chinese-dictionary-series.pdf
    • http://www.gorillawalker.com/electronic-discovery-deskbook-litigation-law-library.pdf
    • http://www.gorillawalker.com/off-to-today-s-adventure-stories-from-a-duck-and.pdf
    • http://www.gorillawalker.com/espanol-mundial-2-bk-2.pdf
    • http://www.gorillawalker.com/the-futures-the-rise-of-the-speculator-and-the-origins.pdf
    • http://www.gorillawalker.com/2012-dale-earnhardt-jr-nascar-wall-calendar.pdf
    • http://www.gorillawalker.com/yo-te-cuento-un-cuento-y-t.pdf
    • http://www.gorillawalker.com/itsuwaribito-vol-14.pdf
    • http://www.gorillawalker.com/what-if.pdf
    • http://www.gorillawalker.com/schradieck-school-of-violin-technics-op-1-book-1-transcribed.pdf
    • http://www.gorillawalker.com/manhattan-review-gmat-critical-reasoning-guide-5th-edition-turbocharge-your.pdf
    • http://www.gorillawalker.com/unmasking-the-psychopath-antisocial-personality-and-related-symptoms-norton-professional.pdf
    • http://www.gorillawalker.com/secrets-to-raising-capital-how-to-get-the-money-you.pdf
    • http://www.gorillawalker.com/top-10-st-petersburg-eyewitness-top-10-travel-guide.pdf
    • http://www.gorillawalker.com/gay-straight-alliances-a-handbook-for-students-educators-and-parents.pdf
    • http://www.gorillawalker.com/the-marakaios-marriage-the-marakaios-brides.pdf
    • http://www.gorillawalker.com/battle-hymn-of-the-tiger-mother-kindle-edition.pdf
    • http://www.gorillawalker.com/electron-transfer-in-inorganic-organic-and-biological-systems-advances-in.pdf
    • http://www.gorillawalker.com/the-process-of-human-development-a-holistic-life-span-approach.pdf
    • http://www.gorillawalker.com/a-marriage-under-the-terror-kindle-edition.pdf
    • http://www.gorillawalker.com/90-minutes-at-entebbe-the-full-inside-story-of-the.pdf
    • http://www.gorillawalker.com/the-complete-dictionary-and-thesaurus.pdf
    • http://www.gorillawalker.com/a-boy-called-mouse.pdf
    • http://www.gorillawalker.com/feng-shui-principles-for-building-and-remodeling-creating-a-space.pdf
    • http://www.gorillawalker.com/piggy-s-pancake-parlor-action-packs.pdf
    • http://www.gorillawalker.com/accelerated-life-models-modeling
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.