Malicious PDF — malware analysis report

Static analysis result for SHA-256 3847ec379f3438a9…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 20:58:41 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: 4df6fc4903c4aed7f1b70a41ce27713a SHA-1: 8dc3eb37b34bdb014dce2244d275b6e53ef3b11b SHA-256: 3847ec379f3438a962ad22cfd5cfd3119cf55f959b8bf1e88962a38d9d069f7c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous external PDF documents, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/who-brings-forth-the-wind-kensington-chronicles-book-3.pdf
    • http://www.gorillawalker.com/society-state-and-market-a-guide-to-competing-theories-of.pdf
    • http://www.gorillawalker.com/the-industries-of-london-since-1861-city.pdf
    • http://www.gorillawalker.com/the-american-ethos-public-attitudes-toward-capitalism-and-democracy-twentieth.pdf
    • http://www.gorillawalker.com/your-voice-is-your-business.pdf
    • http://www.gorillawalker.com/reconciliation-assimilation-and-the-indigenous-peoples-of-austria.pdf
    • http://www.gorillawalker.com/the-throwaway-year-kindle-edition.pdf
    • http://www.gorillawalker.com/selznick-the-man-who-produced-gone-with-the-wind-hollywood.pdf
    • http://www.gorillawalker.com/laques-colecci-n-microfilosofia-n-1-spanish-edition.pdf
    • http://www.gorillawalker.com/their-unexpected-mate-paranormal-protection-unit-1-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/think-outside-the-cell-an-entrepreneur-s-guide-for-the.pdf
    • http://www.gorillawalker.com/public-service-commission-for-the-first-district-to-new-york.pdf
    • http://www.gorillawalker.com/great-moments-in-medicine-the-stories-and-paintings-in-the.pdf
    • http://www.gorillawalker.com/5-compensation-law-manual-personal-injury-compensation-paperback.pdf
    • http://www.gorillawalker.com/poland-aa-spiral-guides.pdf
    • http://www.gorillawalker.com/laboratory-manual-in-physical-geology-10-e-print-replica-kindle.pdf
    • http://www.gorillawalker.com/hemofiltration-contribution-to-nephrology.pdf
    • http://www.gorillawalker.com/radiographic-imaging-for-the-dental-team-text-and-e-book.pdf
    • http://www.gorillawalker.com/the-day-they-took-my-uncle-and-other-stories.pdf
    • http://www.gorillawalker.com/the-geometry-of-special-relativity-a-concise-course-springerbriefs-in.pdf
    • http://www.gorillawalker.com/spanish-verbs-laminated-reference-guide-quick-study-academic.pdf
    • http://www.gorillawalker.com/adobe-coldfusion-web-application-construction-kit-coldfusion-10-enhancements-and.pdf
    • http://www.gorillawalker.com/mencius-on-the-mind-experiments-in-multiple-definition.pdf
    • http://www.gorillawalker.com/treasures-of-the-pre-inca-cultures.pdf
    • http://www.gorillawalker.com/the-medici-effect-breakthrough-insights-at-the-intersection-of-ideas.pdf
    • http://www.gorillawalker.com/the-highlander-s-tribute-kindle-edition.pdf
    • http://www.gorillawalker.com/new-directions-in-music.pdf
    • http://www.gorillawalker.com/hilla-rebay-art-patroness-and-founder-of-the-guggenheim-museum.pdf
    • http://www.gorillawalker.com/mindbending-sudoku-flash-kindle-edition.pdf
    • http://www.gorillawalker.com/subdued-hues-mood-and-scene-in-southern-landscape-painting-1865.pdf
    • http://www.gorillawalker.com/the-collapse-the-accidental-opening-of-the-berlin-wall-unabridged.pdf
    • http://www.gorillawalker.com/demons-amongst-us-the-book-of-demons-saga-volume-2.pdf
    • http://www.gorillawalker.com/el-amor-se-decreta-spanish-edition.pdf
    • http://www.gorillawalker.com/the-great-war-and-the-shaping-of-the-20th-century.pdf
    • http://www.gorillawalker.com/the-battle-of-gettysburg-turning-points-in-u-s-history.pdf
    • http://www.gorillawalker.com/baby-blessings-bible-cloth-cover-board-book.pdf
    • http://www.gorillawalker.com/il-dialogo-al-pozzo-ges-e-la-samaritana-secondo-tolstoj.pdf
    • http://www.gorillawalker.com/symmetries-of-maxwell-s-equations-mathematics-and-its-applications.pdf
    • http://www.gorillawalker.com/beyond-human-from-animality-to-transhumanism.pdf
    • http://www.gorillawalker.com/the-art-of-professional-connections-dining-strategies-for-building-and.pdf
    • http://www.gorillawalker.com/reconciliation-assimilation-and-the-indigenous-peop
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.