Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c34abcdb781e149…

MALICIOUS

PDF

34.7 KB Created: 2019-12-13 19:49:59 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: 84f96b2f760fd7038e8c6bdb0d279164 SHA-1: b7fccd2baa54f8fdb18fd28e3b3f2b4e3bd995cc SHA-256: 4c34abcdb781e14994c91b0053e9e27798933c0d7c0231547dbdd9a9110e3edd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to malicious content hosted on those external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8477

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/improving-food-security-of-the-poor-concept-policy-and-programs.pdf
    • http://www.gorillawalker.com/the-calculus-of-retirement-income-financial-models-for-pension-annuities.pdf
    • http://www.gorillawalker.com/adapa-and-the-south-wind-language-has-the-power-of.pdf
    • http://www.gorillawalker.com/el-libro-de-las-conservas-de-mi-abuela-spanish-edition.pdf
    • http://www.gorillawalker.com/the-cosmic-dancers-exploring-the-physics-of-science-fiction.pdf
    • http://www.gorillawalker.com/waves-atoms-and-solids-longman-mathematical-texts.pdf
    • http://www.gorillawalker.com/3-it-s-the-messianics-stupid-papa-likes-her-like.pdf
    • http://www.gorillawalker.com/history-s-greatest-generals-10-commanders-who-conquered-empires-revolutionized.pdf
    • http://www.gorillawalker.com/call-and-response-the-riverside-anthology-of-the-african-american.pdf
    • http://www.gorillawalker.com/testosterone-testosterone-boosting-now-how-to-naturally-increase-your-testosterone.pdf
    • http://www.gorillawalker.com/7-steps-to-find-your-perfect-career-a-practical-career.pdf
    • http://www.gorillawalker.com/one-riddle-one-answer-hc.pdf
    • http://www.gorillawalker.com/surviving-disaster.pdf
    • http://www.gorillawalker.com/ingredient-pairings-a-cooking-reference-of-complementary-ingredients-kindle-edition.pdf
    • http://www.gorillawalker.com/looking-through-a-microscope-rookie-read-about-science.pdf
    • http://www.gorillawalker.com/suspected.pdf
    • http://www.gorillawalker.com/winter-park-images-of-modern-america.pdf
    • http://www.gorillawalker.com/airbrush-tutorial-butterfly-effect-artekaos-airbrush-airbrush-steps-vol-1.pdf
    • http://www.gorillawalker.com/behind-the-times-the-decline-and-fall-of-the-twentieth.pdf
    • http://www.gorillawalker.com/by-nile-and-tigris-a-narrative-of-journeys-in-egypt.pdf
    • http://www.gorillawalker.com/complete-idiot-s-guide-to-looking-great-for-teens-the.pdf
    • http://www.gorillawalker.com/atpl-airframes-systems-and-emergency-equipment.pdf
    • http://www.gorillawalker.com/iso-9241-5-1998-ergonomic-requirements-for-office-work-with.pdf
    • http://www.gorillawalker.com/soul-vegetarian-cookbook.pdf
    • http://www.gorillawalker.com/dr-perricone-s-7-secrets-to-beauty-health-and-longevity.pdf
    • http://www.gorillawalker.com/optical-methods-in-developmental-biology-iii-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-weight-training-for-soccer-ultimate-guide.pdf
    • http://www.gorillawalker.com/tyouzetubijinnsugiruoneesannshasinnshuu-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/living-working-in-switzerland-a-survival-handbook-living-and-working.pdf
    • http://www.gorillawalker.com/simple-steps-to-trading-discipline-increasing-profits-with-habits-you.pdf
    • http://www.gorillawalker.com/the-influence-of-wealth-in-imperial-rome.pdf
    • http://www.gorillawalker.com/basic-digital-electronics.pdf
    • http://www.gorillawalker.com/straight-punch.pdf
    • http://www.gorillawalker.com/claude-bolling-suite-for-flute-and-jazz-piano-trio-set.pdf
    • http://www.gorillawalker.com/art-of-bisguier-selected-games-1961-2003.pdf
    • http://www.gorillawalker.com/articulos-federalistas-y-antifederalistas-federalist-and-antifederalist-articles-el-debate.pdf
    • http://www.gorillawalker.com/historia-de-las-tierras-y-los-lugares-legendarios-history-of.pdf
    • http://www.gorillawalker.com/hampshire-the-south-of-the-county-rediscovering-railways.pdf
    • http://www.gorillawalker.com/new-tune-a-day-viola-method-bk-cd-dvd-by.pdf
    • http://www.gorillawalker.com/english-theatre-in-transition-1881-1914-routledge-library-editions-victorian.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.