Malicious PDF — malware analysis report

Static analysis result for SHA-256 4131dbcabd292324…

MALICIOUS

PDF

45.3 KB Created: 2018-12-05 08:16:17 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: a73fa075f87be7931945f155eb4e3c14 SHA-1: 894536cb3b57ff185ac0e01ae1bea70864f98f9a SHA-256: 4131dbcabd292324e3d660048aebdab4c409891d9cd8512b5cf33461be06fe41
130 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1059.001 Command and Scripting Interpreter: PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF documents, identified as a PDF SEO link farm. This suggests the document's primary purpose is to generate traffic or manipulate search engine rankings rather than deliver a direct payload. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic indicates a common tactic where password-protected archives are mentioned, often to bypass gateway security. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-power-of-ignorance-14-steps-to-using-your-ignorance.pdf
    • http://www.gorillawalker.com/last-light-the-night-owl-trilogy-book-2.pdf
    • http://www.gorillawalker.com/studyguide-for-ecology-global-insights-and-investigations-by-stiling-peter.pdf
    • http://www.gorillawalker.com/legendary-abs-gold-edition.pdf
    • http://www.gorillawalker.com/nature-s-keepers-the-remarkable-story-of-how-the-nature.pdf
    • http://www.gorillawalker.com/flowering-plants-willows-to-mustards-illustrated-flora-of-illinois.pdf
    • http://www.gorillawalker.com/integral-logistics-management-planning-control-of-comprehensive-business-processes-00.pdf
    • http://www.gorillawalker.com/the-viking-age-ireland-and-the-west-papers-from-the.pdf
    • http://www.gorillawalker.com/a-basket-of-fragments-the-sermons-of-revival.pdf
    • http://www.gorillawalker.com/surface-coatings-volume-1-raw-materials-and-their-usage.pdf
    • http://www.gorillawalker.com/early-dance-music-for-mandolin-book-audio-cd.pdf
    • http://www.gorillawalker.com/how-to-heal-ulcers-without-antacids-or-antibiotics-an-article.pdf
    • http://www.gorillawalker.com/baby-flip-a-face-smiles.pdf
    • http://www.gorillawalker.com/music-in-west-africa-experiencing-music-expressing-culture-global-music.pdf
    • http://www.gorillawalker.com/oligarchy.pdf
    • http://www.gorillawalker.com/boy-s-life-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/always-watching-the-rayne-tour-kindle-edition.pdf
    • http://www.gorillawalker.com/bangladesh-immigration-laws-and-regulations-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/the-golden-age-of-air-travel-shire-library.pdf
    • http://www.gorillawalker.com/the-50-fridays-marriage-challenge-one-question-a-week-one.pdf
    • http://www.gorillawalker.com/castle-and-well-selkies-skins-book-1-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/holocaust-of-the-east.pdf
    • http://www.gorillawalker.com/nature-s-garden-jardin-de-la-nature-2016-calendar.pdf
    • http://www.gorillawalker.com/buddhism-skillfulness-and-mastering-life-dharma-stories-ancient-and-modern.pdf
    • http://www.gorillawalker.com/dictionary-of-african-historical-biography-second-edition-expanded-and-updated.pdf
    • http://www.gorillawalker.com/grandmaster-repertoire-3-the-english-opening.pdf
    • http://www.gorillawalker.com/the-bible-douay-rheims-old-and-new-testaments-volume-3.pdf
    • http://www.gorillawalker.com/the-two-sexes-growing-up-apart-coming-together-the-family.pdf
    • http://www.gorillawalker.com/still-life-painting.pdf
    • http://www.gorillawalker.com/international-journal-of-mathematics-in-operational-research-volume-1-nos.pdf
    • http://www.gorillawalker.com/ethics-of-medical-choice-social-change-in-western-europe.pdf
    • http://www.gorillawalker.com/the-past-completes-me-selected-poems-1973-2003.pdf
    • http://www.gorillawalker.com/out-of-the-ordinary-prayers-poems-reflections-for-every-season.pdf
    • http://www.gorillawalker.com/prepared-to-be-god-s-vessel-how-god-can-use.pdf
    • http://www.gorillawalker.com/child-exploitation-historical-overview-and-present-situation-data-statistics-perspectives.pdf
    • http://www.gorillawalker.com/healing-creek-a-love-story.pdf
    • http://www.gorillawalker.com/controlling-karen-a-submissive-story.pdf
    • http://www.gorillawalker.com/la-desigualdad-datos-opiniones-teor-a-y-el-caso-de.pdf
    • http://www.gorillawalker.com/inky-odds-stories-from-the-golden-age-historical-fiction-short.pdf
    • http://www.gorillawalker.com/the-american-revolution-american-history.pdf
    • http://www.gorillawalker.com/integral-logistics-management-plan
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.