Malicious PDF — malware analysis report

Static analysis result for SHA-256 51354b3d80830132…

MALICIOUS

PDF

44.1 KB Created: 2018-12-15 21:30:37 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: b6d9e1494a837f5b845e0dd16f13700d SHA-1: 2eb7e265702559a4895ae98d75050dd14ac85c0a SHA-256: 51354b3d80830132922ece24f8adedd36fa4ab2bffbef4c20ef70e6bd893f13d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs, forming a link farm. This is indicative of a SEO poisoning or link-farming attack, where the PDF serves as a lure to drive traffic to external sites. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/proust-pastiche-and-the-postmodern-or-why-style-matters.pdf
    • http://www.gorillawalker.com/effect-of-irrigation-development-on-household-income-the-case-of.pdf
    • http://www.gorillawalker.com/the-forest-of-forever-the-soren-chase-series-book-one.pdf
    • http://www.gorillawalker.com/bilbao-150-new-york-150-bilbao.pdf
    • http://www.gorillawalker.com/easy-organ-christmas-album-seasonal-classics-for-use-in-church.pdf
    • http://www.gorillawalker.com/el-diario-de-s-per-marta-y-c-a-spanish.pdf
    • http://www.gorillawalker.com/winning-the-food-fight-every-parent-s-guide-to-raising.pdf
    • http://www.gorillawalker.com/multi-agent-machine-learning-a-reinforcement-approach.pdf
    • http://www.gorillawalker.com/royal-family-years-of-transition.pdf
    • http://www.gorillawalker.com/inside-the-mind-of-a-teen-killer.pdf
    • http://www.gorillawalker.com/workplace-psychology-the-science-and-practice-of-human-resources.pdf
    • http://www.gorillawalker.com/one-model-nation.pdf
    • http://www.gorillawalker.com/chitty-chitty-bang-bang-scholastic-books-tk-1365.pdf
    • http://www.gorillawalker.com/the-licorice-daughter-my-year-with-ruffian.pdf
    • http://www.gorillawalker.com/college-board-achievement-test-mathematics-level-1-sat-ii-math.pdf
    • http://www.gorillawalker.com/kung-pow-chicken-4-heroes-on-the-side-a-branches.pdf
    • http://www.gorillawalker.com/reflections-on-the-spirituality-of-gregorian-chant-from-solesmes-about.pdf
    • http://www.gorillawalker.com/nonlinear-microwave-circuit-design.pdf
    • http://www.gorillawalker.com/hydrometallurgy-in-extraction-processes-volume-i.pdf
    • http://www.gorillawalker.com/smart-connection-systems-design-and-seismic-analysis.pdf
    • http://www.gorillawalker.com/you-can-handle-them-all-a-discipline-model-for-handling.pdf
    • http://www.gorillawalker.com/starting-a-micro-business.pdf
    • http://www.gorillawalker.com/making-out-in-vietnamese-revised-edition-vietnamese-phrasebook-making-out.pdf
    • http://www.gorillawalker.com/lady-macbeth-of-mzensk-katerina-ismailov-opera-vocal-score-in.pdf
    • http://www.gorillawalker.com/heavy-metal-february-1978.pdf
    • http://www.gorillawalker.com/commercial-law-selected-statutes-2014-2015.pdf
    • http://www.gorillawalker.com/cosmetic-surgery-news-an-article-from-dermatology-nursing-html-digital.pdf
    • http://www.gorillawalker.com/future-gra-site-lice-ti-82-simu-mac.pdf
    • http://www.gorillawalker.com/napoleon-s-men-and-methods-the-rise-and-fall-of.pdf
    • http://www.gorillawalker.com/polymer-thermodynamics-and-radiation-scattering-international-symposium-in-strasbourg-france.pdf
    • http://www.gorillawalker.com/darwin-discovering-the-tree-of-life.pdf
    • http://www.gorillawalker.com/twelve-easy-pieces.pdf
    • http://www.gorillawalker.com/native-wisdom-for-white-minds.pdf
    • http://www.gorillawalker.com/parenting-across-the-autism-spectrum-unexpected-lessons-we-have-learned.pdf
    • http://www.gorillawalker.com/advances-in-nuclear-science-and-technology-v-8.pdf
    • http://www.gorillawalker.com/paleo-crock-pot-recipes-the-ultimate-paleo-cookbook-for-your.pdf
    • http://www.gorillawalker.com/crianza-del-reci-n-nacido-gu-a-para-el-primer.pdf
    • http://www.gorillawalker.com/adolphe-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/circular-functions-and-graphs-lifepac-math-grade-12-trigonometry.pdf
    • http://www.gorillawalker.com/recursions-for-convolutions-and-compound-distributions-with-insurance-applications-eaa.pdf
    • http://www.gorillawalker.com/royal-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.