Malicious PDF — malware analysis report

Static analysis result for SHA-256 58dc4b232969b789…

MALICIOUS

PDF

43.7 KB Created: 2018-12-02 10:54:55 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: 82c6b9e13278e4e7b79dc8828a6aa899 SHA-1: 246f6bfd8f78efbb7e544d1e14079a4bfa767c67 SHA-256: 58dc4b232969b78905e1ce644216c247dd244802eb97be5953aa06e4df19839d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/india-what-can-it-teach-us-a-course-of-lectures.pdf
    • http://www.gorillawalker.com/your-happy-genes-tripping-your-inner-switches-for-pleasure-success.pdf
    • http://www.gorillawalker.com/the-education-and-care-of-children-with-severe-profound-and.pdf
    • http://www.gorillawalker.com/combinatorial-rigidity-graduate-studies-in-mathematics.pdf
    • http://www.gorillawalker.com/the-church-planting-wife-help-and-hope-for-her-heart.pdf
    • http://www.gorillawalker.com/servants-songs-of-the-earth-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/strategic-planning-for-law-firms-a-practical-roadmap-paperback.pdf
    • http://www.gorillawalker.com/pinocchio-s-nose-grows-step-into-reading-step-2.pdf
    • http://www.gorillawalker.com/miracles-and-moments-of-grace-inspiring-stories-from-doctors.pdf
    • http://www.gorillawalker.com/32-tennis-strategies-for-today-s-game.pdf
    • http://www.gorillawalker.com/the-architecture-of-david-lynch.pdf
    • http://www.gorillawalker.com/principles-of-biomedical-engineering-engineering-in-medicine-biology.pdf
    • http://www.gorillawalker.com/loess-structural-dynamic-constitutive-model-and-its-application-chinese-edition.pdf
    • http://www.gorillawalker.com/christmas-at-the-cove-templeton-cove-stories.pdf
    • http://www.gorillawalker.com/gay-monster-mayhem-three-book-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/fern-valley.pdf
    • http://www.gorillawalker.com/god-s-little-lessons-for-teens.pdf
    • http://www.gorillawalker.com/pantyhose-killer-girls-french-and-german-edition-english-french-and.pdf
    • http://www.gorillawalker.com/how-kindergarten-came-to-america-friedrich-froebel-s-radical-vision.pdf
    • http://www.gorillawalker.com/for-love-of-yurts-building-an-ultra-simple-yurt-home.pdf
    • http://www.gorillawalker.com/kaplan-newsweek-business-school-admissions-adviser-1999.pdf
    • http://www.gorillawalker.com/krijgsvolk-militaire-professionalisering-en-het-ontstaan-van-het-staatse-leger.pdf
    • http://www.gorillawalker.com/story-style-structure-substance-and-the-principles-of-screenwriting-kindle.pdf
    • http://www.gorillawalker.com/caught-in-the-crossfire-a-memoir-of-life-in-lockdown.pdf
    • http://www.gorillawalker.com/tomb-of-the-golden-bird-cd-amelia-peabody-mysteries.pdf
    • http://www.gorillawalker.com/prometheus-the-george-dillman-story.pdf
    • http://www.gorillawalker.com/this-matter-of-women-is-getting-very-bad-gender-development.pdf
    • http://www.gorillawalker.com/freeing-his-swan-dancer-once-upon-a-dream-book-5.pdf
    • http://www.gorillawalker.com/essentials-of-organizational-behavior-7th-edition.pdf
    • http://www.gorillawalker.com/pojo-s-magic-the-gathering-beginner-s-guide-and-how.pdf
    • http://www.gorillawalker.com/the-genesis-years-of-elijah-muhammad.pdf
    • http://www.gorillawalker.com/hygiene-for-management-text-for-food-hygiene-courses.pdf
    • http://www.gorillawalker.com/graduate-professional-programs-an-overview-2013-peterson-s-graduate-professional.pdf
    • http://www.gorillawalker.com/mind-maps-for-kids-an-introduction.pdf
    • http://www.gorillawalker.com/sudden-death-a-novel.pdf
    • http://www.gorillawalker.com/managing-a-modern-hospital.pdf
    • http://www.gorillawalker.com/michael-jackson-remembering-the-king-of-pop.pdf
    • http://www.gorillawalker.com/powder-river-season-9-vol-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/evanescent-the-countenance-trilogy-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/buddha-on-the-backstretch-the-spiritual-wisdom-of-driving-200.pdf
    • http://www.gorillawalker.com/servants-songs-of-the-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.