Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b4edbda8e574ebf…

MALICIOUS

PDF

42.2 KB Created: 2018-11-23 21:03:37 +03:00 Authoring application: LaTeX with hyperref and pdfscreen (via Mac OS X 10.5.7 Quartz PDFContext)
MD5: 5c275f999f9cc6907600838231a65a89 SHA-1: 6c0c92c1665c2ef8a47539e84c4a1715a126b411 SHA-256: 4b4edbda8e574ebf45e3bb6a4f1c7c0d41f8f1ea5e42572fb1a508e9f2dca6d1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files, suggesting a link farm or distribution mechanism. The primary heuristic indicates a PDF_SEO_LINK_FARM, with 32 external links found. While no scripts were extracted, the sheer volume of links and the ML classification point towards a malicious intent, likely related to SEO manipulation or distributing further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/technical-analysis-and-stock-market-profits.pdf
    • http://www.gorillawalker.com/fodor-s-costa-rica-2015-full-color-travel-guide.pdf
    • http://www.gorillawalker.com/wedding-showers-ideas-and-recipes-for-the-perfect-party.pdf
    • http://www.gorillawalker.com/understanding-ipv6.pdf
    • http://www.gorillawalker.com/from-the-horse-s-mouth.pdf
    • http://www.gorillawalker.com/transport-phenomena-i-essentials.pdf
    • http://www.gorillawalker.com/the-handbook-of-brand-management-scales-digital.pdf
    • http://www.gorillawalker.com/mystic-dream-book-2-500-dreams-explained.pdf
    • http://www.gorillawalker.com/the-five-greatest-warriors-a-novel.pdf
    • http://www.gorillawalker.com/harry-potter-and-the-order-of-the-phoenix-2008-day.pdf
    • http://www.gorillawalker.com/the-individual-investor-s-guide-to-the-top-mutual-funds.pdf
    • http://www.gorillawalker.com/junior-hanon-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/speech-and-audio-processing-in-adverse-environments-signals-and-communication.pdf
    • http://www.gorillawalker.com/unexplained-complete-set.pdf
    • http://www.gorillawalker.com/comparative-broadcasting-systems-masscom.pdf
    • http://www.gorillawalker.com/the-vegetarian-mother-s-cookbook-whole-foods-to-nourish-pregnant.pdf
    • http://www.gorillawalker.com/satellite-communications-fourth-edition-professional-engineering-kindle-edition.pdf
    • http://www.gorillawalker.com/anthology-of-contemporary-american-poetry-volume-2.pdf
    • http://www.gorillawalker.com/live-in-a-better-way-reflections-on-truth-love-and.pdf
    • http://www.gorillawalker.com/approaches-to-religion-and-mythology-in-celtic-studies.pdf
    • http://www.gorillawalker.com/italian-genealogical-records-how-to-use-italian-civil-ecclesiastical-other.pdf
    • http://www.gorillawalker.com/bad-ass-volume-1.pdf
    • http://www.gorillawalker.com/the-art-of-manipulating-fabric.pdf
    • http://www.gorillawalker.com/at-the-white-coast.pdf
    • http://www.gorillawalker.com/100-things-every-writer-needs-to-know.pdf
    • http://www.gorillawalker.com/ave-maria-keyboard-organ-or-piano-sheet-music.pdf
    • http://www.gorillawalker.com/written-letters-22-alphabets-for-calligraphers.pdf
    • http://www.gorillawalker.com/for-real-a-spires-story.pdf
    • http://www.gorillawalker.com/christmas-carols-ez-play-today-cd-play-along-volume-6.pdf
    • http://www.gorillawalker.com/optical-illusions-and-puzzles-spiral-the-bonds-of-reasoning.pdf
    • http://www.gorillawalker.com/eat-up-the-healthy-weight-gain-cookbook.pdf
    • http://www.gorillawalker.com/un-gran-fin-de-semana-en-praga-a-great-weekend.pdf
    • http://www.gorillawalker.com/functions-of-american-english-teacher-s-manual-communication-activities-for.pdf
    • http://www.gorillawalker.com/workbook-to-accompany-the-medical-manager-version-10-31-student.pdf
    • http://www.gorillawalker.com/the-middle-works-of-john-dewey-volume-8-1899-1924.pdf
    • http://www.gorillawalker.com/science-at-work-in-auto-racing-sports-science-marshall-cavendish.pdf
    • http://www.gorillawalker.com/manifest-destinations-cities-and-tourists-in-the-nineteenth-century-american.pdf
    • http://www.gorillawalker.com/the-wise-wound.pdf
    • http://www.gorillawalker.com/the-behaviour-of-the-domestic-cat.pdf
    • http://www.gorillawalker.com/thinking-things-through-an-introduction-to-philosophical-issues-and-achievements.pdf
    • http://www.gorillawalker.com/harry-potter-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.