Malicious PDF — malware analysis report

Static analysis result for SHA-256 4dd337a65ca63d38…

MALICIOUS

PDF

39.6 KB Created: 2018-11-15 18:32:20 +03:00 Authoring application: TeX (via pdfTeX-1.40.17)
MD5: 20b85c9e346b82249d04128bcc236a9b SHA-1: 2e58cd047896ddb39b0b9fe3b89cd9ef63a194e4 SHA-256: 4dd337a65ca63d38e4640c40121bddc53fa38cfbcbc19b563233b65bce1ae17c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or redirection tactic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of user-facing lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/crickhowell-and-llangattock-1903-brecknockshire-sheet-41-08-old-ordnance.pdf
    • http://www.gorillawalker.com/nonequilibrium-thermodynamics-a-phenomonological-theory-of-irreversible-processes-in-fluid.pdf
    • http://www.gorillawalker.com/theory-of-the-judicial-process-the-establishment-of-facts.pdf
    • http://www.gorillawalker.com/the-ashes-quiz-book.pdf
    • http://www.gorillawalker.com/the-essential-guide-for-hiring-getting-hired-performance-based-hiring.pdf
    • http://www.gorillawalker.com/bobbi-jo-in-ecstasy-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/escuela-de-formacion-deportiva-en-porrismo-spanish-edition.pdf
    • http://www.gorillawalker.com/jobs-in-russia-and-the-newly-independent-states.pdf
    • http://www.gorillawalker.com/ransom-danielle-steel.pdf
    • http://www.gorillawalker.com/black-bart-roberts-the-greatest-pirate-of-them-all.pdf
    • http://www.gorillawalker.com/train-your-dog-the-lazy-way.pdf
    • http://www.gorillawalker.com/new-zealand-land-of-birds.pdf
    • http://www.gorillawalker.com/betty-croker-s-new-outdoor-cookbook-barbecues-betty-crocker.pdf
    • http://www.gorillawalker.com/astronomy-2010.pdf
    • http://www.gorillawalker.com/war-on-the-nile-britain-egypt-and-the-sudan-1882.pdf
    • http://www.gorillawalker.com/behind-japanese-lines-an-american-guerrilla-in-the-philippines.pdf
    • http://www.gorillawalker.com/where-are-my-shoes.pdf
    • http://www.gorillawalker.com/the-love-letters-of-a-chinese-lady.pdf
    • http://www.gorillawalker.com/children-s-illustrated-encyclopedia-exploring-history.pdf
    • http://www.gorillawalker.com/when-the-dancing-stops-brett-higgins-mysteries.pdf
    • http://www.gorillawalker.com/the-big-easy-mandolin-tab-songbook-easy-mandolin-tab-edition.pdf
    • http://www.gorillawalker.com/the-complete-handbook-of-pro-hockey-1988-1988-edition-signet.pdf
    • http://www.gorillawalker.com/the-13-1-2-lives-of-captain-blue-bear.pdf
    • http://www.gorillawalker.com/tribology-of-plastic-materials-their-characteristics-and-applications-to-sliding.pdf
    • http://www.gorillawalker.com/oink-oink-benito-oink-oink-benny-castillo-de-la-lectura.pdf
    • http://www.gorillawalker.com/single-photon-generation-and-detection-volume-45-physics-and-applications.pdf
    • http://www.gorillawalker.com/toxic-schools-high-poverty-education-in-new-york-and-amsterdam.pdf
    • http://www.gorillawalker.com/do-not-disturb.pdf
    • http://www.gorillawalker.com/perfect-blue.pdf
    • http://www.gorillawalker.com/wireless-broadband-access-technologies-mc-cdma-sc-fdma-and-mc.pdf
    • http://www.gorillawalker.com/he-laughed-with-his-other-mouths-a-pals-in-peril.pdf
    • http://www.gorillawalker.com/introduction-to-quantum-chemistry-special-edition-chemical-principles-part-1.pdf
    • http://www.gorillawalker.com/the-essentials-of-biostatistics-for-physicians-nurses-and-clinicians.pdf
    • http://www.gorillawalker.com/mushrooms-6-kindle-edition.pdf
    • http://www.gorillawalker.com/the-e-z-legal-guide-to-trademarks-copyrights-e-z.pdf
    • http://www.gorillawalker.com/rethinking-party-systems-in-the-third-wave-of-democratization-the.pdf
    • http://www.gorillawalker.com/breve-historia-de-la-sociedad-argentina-brief-history-of-the.pdf
    • http://www.gorillawalker.com/haymarket.pdf
    • http://www.gorillawalker.com/teaching-reading-to-english-language-learners-differentiating-literacies.pdf
    • http://www.gorillawalker.com/adventure-of-a-lifetime-studying-abroad-in-estonia-100-tips.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.