Malicious PDF — malware analysis report

Static analysis result for SHA-256 5cc7c7a5ed2623c7…

MALICIOUS

PDF

32.6 KB Created: 2019-12-13 20:43:39 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: 8bb1ec50d8f959391297ce9eed4fa3cd SHA-1: 46776ed367597133caa5e6e83f5f3c9f3275680a SHA-256: 5cc7c7a5ed2623c7c07ee1d50637417d7591466131f93064da9970c08eab62c2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm designed to direct users to numerous external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/history-beyond-trauma.pdf
    • http://www.gorillawalker.com/rv-camping-with-the-corps-of-engineers-guide-to-over.pdf
    • http://www.gorillawalker.com/curbside-consultation-in-neuro-ophthalmology-49-clinical-questions.pdf
    • http://www.gorillawalker.com/nine-in-one-grr-grr.pdf
    • http://www.gorillawalker.com/jennifer-bartlett-history-of-the-universe-works-1970-150-2011.pdf
    • http://www.gorillawalker.com/seance-in-sepia.pdf
    • http://www.gorillawalker.com/the-instructor-malphono-shukri-taraqji-his-life-and-writings-dar.pdf
    • http://www.gorillawalker.com/sausage-making-the-definitive-guide-with-recipes.pdf
    • http://www.gorillawalker.com/the-psoriasis-cure-that-saved-my-life.pdf
    • http://www.gorillawalker.com/experiencing-and-the-creation-of-meaning-a-philosophical-and-psychological.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-amsterdam-rough-guides.pdf
    • http://www.gorillawalker.com/environmental-impact-assessment-second-edition.pdf
    • http://www.gorillawalker.com/the-infographic-history-of-the-world.pdf
    • http://www.gorillawalker.com/latino-american-civil-rights-hispanic-americans-major-minority.pdf
    • http://www.gorillawalker.com/chile-handbook-footprint-handbooks-series.pdf
    • http://www.gorillawalker.com/south-india-lonely-planet-regional-guide.pdf
    • http://www.gorillawalker.com/new-york-s-architectural-holdouts.pdf
    • http://www.gorillawalker.com/chiropractic-technic-illustrated.pdf
    • http://www.gorillawalker.com/portable-chemical-sensors-weapons-against-bioterrorism-nato-science-for-peace.pdf
    • http://www.gorillawalker.com/exemplum-the-rhetoric-of-example-in-early-modern-france-and.pdf
    • http://www.gorillawalker.com/125-years-of-holland-america-line.pdf
    • http://www.gorillawalker.com/medical-assisting-made-incredibly-easy-therapeutic-communications.pdf
    • http://www.gorillawalker.com/address-book-simple-and-beautiful-address-books-volume-44.pdf
    • http://www.gorillawalker.com/monsters-made-me-gay-ghost-pirate-group-encounter.pdf
    • http://www.gorillawalker.com/vart-n-n-2-ifumetti-imperdibili-italian-edition.pdf
    • http://www.gorillawalker.com/the-good-new-stuff-adventure-in-sf-in-the-grand.pdf
    • http://www.gorillawalker.com/the-anunnaki-chronicles-a-zecharia-sitchin-reader.pdf
    • http://www.gorillawalker.com/the-underworld-fallen-star-series.pdf
    • http://www.gorillawalker.com/exercises-in-english-level-g-teacher-guide-grammar-workbook-exercises.pdf
    • http://www.gorillawalker.com/older-and-wiser.pdf
    • http://www.gorillawalker.com/the-great-secret-or-occultism-unveiled.pdf
    • http://www.gorillawalker.com/family-fun-cookbook.pdf
    • http://www.gorillawalker.com/linear-cmos-rf-power-amplifiers-for-wireless-applications-efficiency-enhancement.pdf
    • http://www.gorillawalker.com/the-claiming-of-rapunzel-in-xanadu-twisted-fairy-tales-for.pdf
    • http://www.gorillawalker.com/4-plays-by-david-lavine-four-one-act-plays.pdf
    • http://www.gorillawalker.com/a-tomato-can-chronicle-and-other-stories-of-fishing-and.pdf
    • http://www.gorillawalker.com/the-art-of-illumination-the-limbourg-brothers-and-the-belles.pdf
    • http://www.gorillawalker.com/historical-tables-budget-of-the-u-s-government-fiscal-year.pdf
    • http://www.gorillawalker.com/romanesque-art-the-visual-encyclopedia-of-art.pdf
    • http://www.gorillawalker.com/national-performances-the-politics-of-class-race-and-space-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.