Malicious PDF — malware analysis report

Static analysis result for SHA-256 50df29b96db4ad40…

MALICIOUS

PDF

47.6 KB Created: 2018-12-02 10:58:16 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: da360d7f74cef1ea013df0593a5351e0 SHA-1: d270902b54e56ea6d39879959d16ea17cd4bca31 SHA-256: 50df29b96db4ad40bcf217bd429a93692c5902fea6918dca1b4e9d3a8a0ddea4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs point to a website that appears to host a link farm, suggesting a potential SEO manipulation or content distribution scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tiger-house-the-first-chronicle-of-jairus-tanner-the-chronicles.pdf
    • http://www.gorillawalker.com/101-cosas-que-puedes-hacer-con-tu-hijo-hija-spanish.pdf
    • http://www.gorillawalker.com/el-enemigo-en-el-derecho-penal-spanish-edition.pdf
    • http://www.gorillawalker.com/the-dangerous-drilling-machine-the-travels-of-hank-and-hazel.pdf
    • http://www.gorillawalker.com/virus-leukemia-in-the-mouse.pdf
    • http://www.gorillawalker.com/the-magician-s-secrets-of-illusion-design-kindle-edition.pdf
    • http://www.gorillawalker.com/beatles-to-britpop.pdf
    • http://www.gorillawalker.com/prayer-for-a-child-lap-edition.pdf
    • http://www.gorillawalker.com/fluid-motions-in-volcanic-conduits-a-source-of-seismic-and.pdf
    • http://www.gorillawalker.com/the-least-you-should-know-about-english-form-a-least.pdf
    • http://www.gorillawalker.com/in-afghanistan-s-shadow-baluch-nationalism-and-soviet-temptations.pdf
    • http://www.gorillawalker.com/la-gu-a-definitiva-entrenar-con-pesas-para-correr-spanish.pdf
    • http://www.gorillawalker.com/china-s-wars-rousing-the-dragon-1894-1949-general-military.pdf
    • http://www.gorillawalker.com/a-persistent-place-a-landscape-approach-to-the-prehistoric-archaeology.pdf
    • http://www.gorillawalker.com/i-am-phoenix-poems-for-two-voices.pdf
    • http://www.gorillawalker.com/eosinophils-a-comprehensive-review-and-guide-to-the-scientific-and.pdf
    • http://www.gorillawalker.com/fireblood-whispers-from-mirrowen.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-cooking-for-two.pdf
    • http://www.gorillawalker.com/george-washington-1st-u-s-president-beginner-biographies.pdf
    • http://www.gorillawalker.com/leisure-map-gloucester-tewkesbury-aa-leisure-maps.pdf
    • http://www.gorillawalker.com/the-torchwood-encyclopedia.pdf
    • http://www.gorillawalker.com/php-mysql-novice-to-ninja.pdf
    • http://www.gorillawalker.com/nonionic-surfactants-alkyl-polyglucosides-surfactant-science.pdf
    • http://www.gorillawalker.com/muebles-faciles-de-hacer-easy-to-make-furniture-sunset-spanish.pdf
    • http://www.gorillawalker.com/beyond-honour-a-historical-materialist-explanation-of-honour-related-violence.pdf
    • http://www.gorillawalker.com/the-add-answer-how-to-help-your-child-now-paperback.pdf
    • http://www.gorillawalker.com/the-texan-s-wager-the-wife-lottery.pdf
    • http://www.gorillawalker.com/driving-climate-change-cutting-carbon-from-transportation.pdf
    • http://www.gorillawalker.com/the-consistency-of-arithmetic-and-other-essays.pdf
    • http://www.gorillawalker.com/the-russian-cinema-reader-volume-i-1908-to-the-stalin.pdf
    • http://www.gorillawalker.com/the-complete-prints-of-leonard-baskin-a-catalogue-raisonne-1948.pdf
    • http://www.gorillawalker.com/language-development-in-exceptional-circumstances.pdf
    • http://www.gorillawalker.com/examkrackers-how-to-get-into-medical-school-bymohan.pdf
    • http://www.gorillawalker.com/the-essential-federalist-and-anti-federalist-papers-hackett-classics.pdf
    • http://www.gorillawalker.com/geschichte-der-altindischen-literatur-die-3000jahrige-entwicklung-der-religios-philosophischen.pdf
    • http://www.gorillawalker.com/employing-international-workers-2014-ed-leading-lawyers-on-complying-with.pdf
    • http://www.gorillawalker.com/i-love-to-sleep-in-my-own-bed-me-encanta.pdf
    • http://www.gorillawalker.com/bully-girls-peace-through-understanding.pdf
    • http://www.gorillawalker.com/a-new-approach-to-play-and-defense-100-new-problems.pdf
    • http://www.gorillawalker.com/eric-dolphy-a-musical-biography-and-discography.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.