Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d2917cf4a46a20d…

MALICIOUS

PDF

41.2 KB Created: 2018-12-15 08:11:02 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.4)
MD5: c931116cae05407214c43b1d840c9f34 SHA-1: b551b8f229b2a48dcec15a60993bd6a56714d24e SHA-256: 5d2917cf4a46a20d3a0c1478132653f0c57b7ead1161cf245c6edeab58abc614
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded links likely serve as a lure to redirect users to potentially malicious websites, possibly for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-seven-sacred-rites-of-menarche-the-spiritual-journey-of.pdf
    • http://www.gorillawalker.com/the-wind-is-not-a-river-a-novel.pdf
    • http://www.gorillawalker.com/never-pull-out-office-intern.pdf
    • http://www.gorillawalker.com/the-children-s-own-longfellow.pdf
    • http://www.gorillawalker.com/dear-aurora.pdf
    • http://www.gorillawalker.com/analyze-anything-a-guide-to-critical-reading-and-writing.pdf
    • http://www.gorillawalker.com/who-s-rock-hard.pdf
    • http://www.gorillawalker.com/exploring-the-religious-life.pdf
    • http://www.gorillawalker.com/beyond-the-basics-spanish-coursebook-complete-basic-courses.pdf
    • http://www.gorillawalker.com/physicians-of-souls.pdf
    • http://www.gorillawalker.com/nicene-creed-illumined-by-modern-thought.pdf
    • http://www.gorillawalker.com/bringing-catholic-youth-and-the-bible-together-strategies-and-activities.pdf
    • http://www.gorillawalker.com/asl2-a-framework-for-application-management-best-practice.pdf
    • http://www.gorillawalker.com/i-wrote-stone-the-selected-poetry-of-ryszard-kapuscinski-biblioasis.pdf
    • http://www.gorillawalker.com/the-dairy-group-food-guide-pyramid.pdf
    • http://www.gorillawalker.com/andrei-tarkovsky.pdf
    • http://www.gorillawalker.com/nudie-toons-2009.pdf
    • http://www.gorillawalker.com/the-artisan-marshmallow.pdf
    • http://www.gorillawalker.com/como-pintar-al-pastel-how-to-paint-in-pastels-spanish.pdf
    • http://www.gorillawalker.com/darkchylde-volume-1-legacy-redemption-tp.pdf
    • http://www.gorillawalker.com/a-hat-for-melinda-fighting-leukemia-together.pdf
    • http://www.gorillawalker.com/spectroscopic-methods-in-mineralogy.pdf
    • http://www.gorillawalker.com/organizational-maintenance-manual-survey-instrument-azimuth-gyro-lightweight-model-ag.pdf
    • http://www.gorillawalker.com/instrumentation-in-education-an-anthology-source-books-on-education.pdf
    • http://www.gorillawalker.com/smart-food-for-smart-kids-easy-recipes-to-boost-your.pdf
    • http://www.gorillawalker.com/wither-kindle-edition.pdf
    • http://www.gorillawalker.com/harvesting-polluted-waters-waste-heat-and-nutrient-loaded-effluents-in.pdf
    • http://www.gorillawalker.com/amis-and-amiloun-robert-of-cisyle-and-sir-amadace.pdf
    • http://www.gorillawalker.com/higher-combinatorics-proceedings-of-the-nato-advanced-study-institute-held.pdf
    • http://www.gorillawalker.com/the-life-and-times-of-selina-countess-of-huntingdon-v.pdf
    • http://www.gorillawalker.com/consciousness-speaks-conversations-with-ramesh-s-balsekar.pdf
    • http://www.gorillawalker.com/prosthetics-and-patient-management-a-comprehensive-clinical-approach.pdf
    • http://www.gorillawalker.com/lyonesse-book-1-the-well-between-the-worlds.pdf
    • http://www.gorillawalker.com/how-did-that-get-to-my-table-ice-cream-community.pdf
    • http://www.gorillawalker.com/stimulated-tests-of-the-new-chinese-proficiency-test-hsk-hsk.pdf
    • http://www.gorillawalker.com/iphoto-08-the-missing-manual.pdf
    • http://www.gorillawalker.com/moonstruck.pdf
    • http://www.gorillawalker.com/fodor-s-pocket-paris-2003.pdf
    • http://www.gorillawalker.com/biomedical-signal-analysis-ieee-press-series-on-biomedical-engineering.pdf
    • http://www.gorillawalker.com/interpretation-acts-1948-and-1967-all-amendments-up-to-february.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.