Malicious PDF — malware analysis report

Static analysis result for SHA-256 4de8f37354227003…

MALICIOUS

PDF

43.1 KB Created: 2019-03-17 09:56:17 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.14)
MD5: 7ae83a7bb9c016b76d12c7f58aa1d754 SHA-1: 78267f7f96694316b7fb7505b69772a46c7af253 SHA-256: 4de8f37354227003d5f768f6be55fe530a8fc4af8d6dff0518459bab8bfa9005
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine rankings or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/early-days-yet-new-and-collected-poems-1941-1997.pdf
    • http://www.gorillawalker.com/journey-to-unknown-india.pdf
    • http://www.gorillawalker.com/breaking-free-from-anger-unforgiveness-a-biblical-strategy-to-conquer.pdf
    • http://www.gorillawalker.com/estimating-costs-of-air-pollution-control.pdf
    • http://www.gorillawalker.com/vlsi-technology-design.pdf
    • http://www.gorillawalker.com/press-law-and-practice-a-comparative-study-of-press-freedom.pdf
    • http://www.gorillawalker.com/infantile-autism-the-syndrome-and-its-implications-for-a-neural.pdf
    • http://www.gorillawalker.com/speeches-and-articles-1968-2012-his-royal-highness-the-prince.pdf
    • http://www.gorillawalker.com/a-guide-to-db2-a-user-s-guide-to-the.pdf
    • http://www.gorillawalker.com/three-concertos-kalmus-edition.pdf
    • http://www.gorillawalker.com/the-cult-of-the-saints-st-vladimir-s-seminary-press.pdf
    • http://www.gorillawalker.com/if-you-traveled-on-the-underground-railroad.pdf
    • http://www.gorillawalker.com/big-nate-welcome-to-my-world.pdf
    • http://www.gorillawalker.com/undermountain-stardock-ad-d-fantasy-roleplaying-forgotten-realms-dungeon-crawl.pdf
    • http://www.gorillawalker.com/climate-of-corruption-politics-and-power-behind-the-global-warming.pdf
    • http://www.gorillawalker.com/whodunit-science-solves-the-crime-scientific-american-mysteries-of-science.pdf
    • http://www.gorillawalker.com/punished-in-panties-taboo-milf-erotica.pdf
    • http://www.gorillawalker.com/complete-thai-cooking.pdf
    • http://www.gorillawalker.com/informed-systems-organizational-design-for-learning-in-action.pdf
    • http://www.gorillawalker.com/odysseus-in-the-serpent-maze-before-they-were-heroes.pdf
    • http://www.gorillawalker.com/dirty-dancing-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/la-historia-del-n-mero-48915-here-there-is-no.pdf
    • http://www.gorillawalker.com/in-the-b-a-g-collection-of-songs-for-recorder.pdf
    • http://www.gorillawalker.com/aging-without-growing-old.pdf
    • http://www.gorillawalker.com/pediatric-cataract-surgery-techniques-complications-and-management.pdf
    • http://www.gorillawalker.com/ieee-standard-141-1986-recommended-pr.pdf
    • http://www.gorillawalker.com/duct-tape-selling-think-like-a-marketer-sell-like-a.pdf
    • http://www.gorillawalker.com/in-and-out-the-garbage-pail.pdf
    • http://www.gorillawalker.com/the-black-billionaire-3-his-white-servant.pdf
    • http://www.gorillawalker.com/moving-beyond-prozac-dsm-and-the-new-psychiatry-the-birth.pdf
    • http://www.gorillawalker.com/molly-marbles.pdf
    • http://www.gorillawalker.com/fryderyk-chopin-first-discovery-music.pdf
    • http://www.gorillawalker.com/troubling-a-star-cancelled.pdf
    • http://www.gorillawalker.com/fluid-film-lubrication-a-century-of-progress.pdf
    • http://www.gorillawalker.com/the-key-to-your-weather-forecast-a-field-guide.pdf
    • http://www.gorillawalker.com/nutritional-freshwater-life.pdf
    • http://www.gorillawalker.com/the-batsford-encyclopedia-of-embroidery-stitches.pdf
    • http://www.gorillawalker.com/just-standards-real-book-c-edition-just-real-book.pdf
    • http://www.gorillawalker.com/mi-libro-de-ejercicios-de-conocimiento-b-blico-prueba-tu.pdf
    • http://www.gorillawalker.com/death-tv-the-kindaichi-case-files-vol-3.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.