Malicious PDF — malware analysis report

Static analysis result for SHA-256 43b6e8b1f3c1e2ad…

MALICIOUS

PDF

40.1 KB Created: 2018-11-14 11:21:05 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: 7428f62911a3b358ae7e5f1b0121e01c SHA-1: 5efd4ce7666ece9951f6a5e52ecb11073057a573 SHA-256: 43b6e8b1f3c1e2ad922199678d8982a40c6d8e9de2f6f6121ca7fe726813c547
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute additional malicious content through the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/theories-of-development-concepts-and-applications.pdf
    • http://www.gorillawalker.com/on-many-a-bloody-field-four-years-in-the-iron.pdf
    • http://www.gorillawalker.com/communicating-about-health-current-issues-and-perspectives.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-i-v-drug-handbook-mcgraw-hill-handbooks.pdf
    • http://www.gorillawalker.com/heat-transfer-fundamentals-for-metal-casting-with-si-units.pdf
    • http://www.gorillawalker.com/night-day-mexico-city-the-cool-cities-series-from-pulse.pdf
    • http://www.gorillawalker.com/to-all-appearances-ideology-and-performance.pdf
    • http://www.gorillawalker.com/la-bella-y-la-bestia-la-novela-grafica-graphic-spin.pdf
    • http://www.gorillawalker.com/romania-a-country-study.pdf
    • http://www.gorillawalker.com/comparative-succession-law-volume-i-testamentary-formalities.pdf
    • http://www.gorillawalker.com/hoop-roots-basketball-race-and-love.pdf
    • http://www.gorillawalker.com/mexican-cooking-mexican-recipes-for-beginners-mexican-cookbook-101-easy.pdf
    • http://www.gorillawalker.com/la-biblia-del-yoga-guia-esencial-de-las-posturas-de.pdf
    • http://www.gorillawalker.com/why-sports-science-korean-edition.pdf
    • http://www.gorillawalker.com/verdi-macbeth-a-melodrama-in-4-acts-kalmus-vocal-score.pdf
    • http://www.gorillawalker.com/pirate-s-pantry-treasured-recipes-of-southwest-louisiana.pdf
    • http://www.gorillawalker.com/the-manufacturing-of-markets-legal-political-and-economic-dynamics.pdf
    • http://www.gorillawalker.com/sled-dogs.pdf
    • http://www.gorillawalker.com/sua-viagem-para-visitar-me-portuguese-edition.pdf
    • http://www.gorillawalker.com/the-catechesis-of-the-good-shepherd-in-a-parish-setting.pdf
    • http://www.gorillawalker.com/quick-easy-green-salads-and-dressings-salads-and-dressings-recipes.pdf
    • http://www.gorillawalker.com/east-west-stories.pdf
    • http://www.gorillawalker.com/a-galaxy-unknown.pdf
    • http://www.gorillawalker.com/dental-materials-clinical-applications.pdf
    • http://www.gorillawalker.com/neoplatonism-and-indian-thought-studies-in-neoplatonism.pdf
    • http://www.gorillawalker.com/meet-the-authors-and-illustrators-volume-2-grades-k-6.pdf
    • http://www.gorillawalker.com/english-architecture.pdf
    • http://www.gorillawalker.com/lusitania-triumph-tragedy-and-the-end-of-the-edwardian-age.pdf
    • http://www.gorillawalker.com/un-libro-ilustrado-sobre-cristobal-colon-a-picture-book-of.pdf
    • http://www.gorillawalker.com/someone-loves-me.pdf
    • http://www.gorillawalker.com/burnt-episode-two.pdf
    • http://www.gorillawalker.com/the-kite-runner-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-tooth-trip.pdf
    • http://www.gorillawalker.com/mind-bending-lateral-thinking-puzzles.pdf
    • http://www.gorillawalker.com/vlsi-design.pdf
    • http://www.gorillawalker.com/volkswagen-beetle-vintage-restored.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-diet-for-recovery-the-multiple-sclerosis-autoimmune-disease.pdf
    • http://www.gorillawalker.com/dom-juan-ou-le-festin-de-pierre-librio-th-tre.pdf
    • http://www.gorillawalker.com/new-orleans-gamble-a-corgi-book-no-29.pdf
    • http://www.gorillawalker.com/injection-mould-design-fundamentals.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.