Malicious PDF — malware analysis report

Static analysis result for SHA-256 59f557ff8d90befd…

MALICIOUS

PDF

43.1 KB Created: 2018-12-15 20:55:04 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: 013f1f1e341f9176d89c3a96b1145249 SHA-1: e6791e7befa6f476a52106bb10c7ada0b2ae952f SHA-256: 59f557ff8d90befd8fed046bd06fc8b29cb3f5eba7eb6602e712895ea95a458b
150 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the primary purpose is to redirect users to a network of sites, potentially for SEO manipulation or to serve further malicious content. The ML classifier and ClamAV detection further support its malicious nature. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7142177-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7142177-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jewels-in-the-crown-how-tata-of-india-transformed-britain.pdf
    • http://www.gorillawalker.com/rogues-two-essays-on-reason-meridian-crossing-aesthetics.pdf
    • http://www.gorillawalker.com/a-kids-guide-to-american-history-trail-of-tears-to.pdf
    • http://www.gorillawalker.com/pediatric-orthopedic-imaging.pdf
    • http://www.gorillawalker.com/andr-gill-romans-essais-poesie-documents-french-edition.pdf
    • http://www.gorillawalker.com/flight-instructor-instrument-practical-test-standards-for-airplane-helicopter.pdf
    • http://www.gorillawalker.com/stolen-valor-how-the-vietnam-generation-was-robbed-of-its.pdf
    • http://www.gorillawalker.com/gem-identification-made-easy-third-edition-a-hands-on-guide.pdf
    • http://www.gorillawalker.com/re-print-a-system-of-oral-surgery-being-a-consideration.pdf
    • http://www.gorillawalker.com/natural-nourishing-recipes.pdf
    • http://www.gorillawalker.com/a-trumpet-around-the-corner-the-story-of-new-orleans.pdf
    • http://www.gorillawalker.com/all-about-coffee-hardback.pdf
    • http://www.gorillawalker.com/the-value-of-life-and-safety.pdf
    • http://www.gorillawalker.com/all-about-cooking-for-two-a-very-quick-guide.pdf
    • http://www.gorillawalker.com/marie-curie-kids-can-read.pdf
    • http://www.gorillawalker.com/finite-elements-electromagnetics-and-design.pdf
    • http://www.gorillawalker.com/environmental-ethics-an-introduction-to-environmental-philosophy.pdf
    • http://www.gorillawalker.com/debrett-s-guide-to-entertaining-etiquette.pdf
    • http://www.gorillawalker.com/migraine-stoppez-votre-migraine-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/dogs-a-simplified-visual-guide-to-familiar-breeds-north-american.pdf
    • http://www.gorillawalker.com/official-motorcycling-compulsory-basic-training-theory-and-practical-test.pdf
    • http://www.gorillawalker.com/the-off-switch-leave-on-time-relax-your-mind-but.pdf
    • http://www.gorillawalker.com/developmental-time-and-timing.pdf
    • http://www.gorillawalker.com/science-of-the-mind-2nd-edition.pdf
    • http://www.gorillawalker.com/herbally-yours-health-education.pdf
    • http://www.gorillawalker.com/the-man-who-couldn-t-stop-the-truth-about-ocd.pdf
    • http://www.gorillawalker.com/healing-the-wounds-of-trauma-how-the-church-can-help.pdf
    • http://www.gorillawalker.com/chasing-zeroes-the-rise-of-student-debt-the-fall-of.pdf
    • http://www.gorillawalker.com/the-fugitive-views-and-reviews-volume-iii.pdf
    • http://www.gorillawalker.com/voices-of-harmony-and-dissent-how-peacebuilders-are-transforming-their.pdf
    • http://www.gorillawalker.com/amazing-magic-tricks-kid-kit-box-amazing-magic-tricks-kid.pdf
    • http://www.gorillawalker.com/weight-watchers-5-ingredient-15-minute-recipes-new-2015.pdf
    • http://www.gorillawalker.com/swift-for-dummies.pdf
    • http://www.gorillawalker.com/c-digo-militar-de-los-estados-unidos-de-venezuela-decretado.pdf
    • http://www.gorillawalker.com/problem-solving-preventing-and-solving-common-horse-problems.pdf
    • http://www.gorillawalker.com/ice-cream-the-full-scoop.pdf
    • http://www.gorillawalker.com/libro-de-oraciones-para-ni-os-spanish-edition.pdf
    • http://www.gorillawalker.com/cut-and-make-festival-masks-from-india-6-full-color.pdf
    • http://www.gorillawalker.com/how-important-people-act-behaving-yourself-in-public.pdf
    • http://www.gorillawalker.com/shock-me-special-edition-exclusive-bonus-materials-included.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.