Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e8d5623e07ba665…

MALICIOUS

PDF

33.2 KB Created: 2020-01-17 04:02:28 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: 552b25c1c3de9d251b034cfb449e219d SHA-1: 5d50d62b89e273aa7a883231bde772d7d62dd746 SHA-256: 5e8d5623e07ba665597df8d016b7953c8cfe10aac1416263675418bbf7284877
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to PDF files on the same domain, identified as a 'PDF_SEO_LINK_FARM' heuristic. This suggests the document's primary purpose is to manipulate search engine rankings or to act as a gateway to potentially malicious content hosted on the linked domain. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/contemporary-lampworking-a-practical-guide-to-shaping-glass-in-the.pdf
    • http://www.gorillawalker.com/sex-and-herbs-and-birth-control-women-and-fertility-regulation.pdf
    • http://www.gorillawalker.com/qabbalistic-magic-talismans-psalms-amulets-and-the-practice-of-high.pdf
    • http://www.gorillawalker.com/fractals-random-shapes-and-point-fields-methods-of-geometrical-statistics.pdf
    • http://www.gorillawalker.com/liver-biopsy-interpretation.pdf
    • http://www.gorillawalker.com/intersections-of-children-s-health-education-and-welfare-education-policy.pdf
    • http://www.gorillawalker.com/hacker-techniques-tools-and-incident-handling-jones-bartlett-learning-information.pdf
    • http://www.gorillawalker.com/the-collected-letters-of-robinson-jeffers-with-selected-letters-of.pdf
    • http://www.gorillawalker.com/nagel-s-israel-travel-guide.pdf
    • http://www.gorillawalker.com/the-practical-guide-to-keeping-chickens-duck-geese-turkeys-a.pdf
    • http://www.gorillawalker.com/architecture-a-beginner-s-guide-to-architecture-design.pdf
    • http://www.gorillawalker.com/reaction-dynamics-in-clusters-and-condensed-phases-proceedings-of-the.pdf
    • http://www.gorillawalker.com/lord-of-the-flies-york-notes-for-gcse-workbook-grades.pdf
    • http://www.gorillawalker.com/walking-toward-wellness-twenty-one-weeks-to-increased-health-and.pdf
    • http://www.gorillawalker.com/the-power-of-christ-the-warrior-christian-living-classics.pdf
    • http://www.gorillawalker.com/light-o-love.pdf
    • http://www.gorillawalker.com/how-to-play-country-lead-guitar.pdf
    • http://www.gorillawalker.com/tainted-kiss-watchers-kiss-book-1.pdf
    • http://www.gorillawalker.com/the-civil-war-yellow-tavern-to-cold-harbor.pdf
    • http://www.gorillawalker.com/race-through-rome-history-quest.pdf
    • http://www.gorillawalker.com/c-mo-leer-el-futuro-en-las-cartas-espa-olas.pdf
    • http://www.gorillawalker.com/guilty-pleasures-anita-blake-vampire-hunter-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/international-yearbook-of-industrial-statistics-2015.pdf
    • http://www.gorillawalker.com/the-erotica-of-vivienne-drake.pdf
    • http://www.gorillawalker.com/reading-derrida-thinking-paul-on-justice-cultural-memory-in-the.pdf
    • http://www.gorillawalker.com/new-hampshire-quickmap.pdf
    • http://www.gorillawalker.com/the-heart-of-grace-mills-boon-love-inspired-the-brothers.pdf
    • http://www.gorillawalker.com/athens-collins-traveller.pdf
    • http://www.gorillawalker.com/digital-avionics-systems.pdf
    • http://www.gorillawalker.com/the-poet-slave-of-cuba-a-biography-of-juan-francisco.pdf
    • http://www.gorillawalker.com/did-the-first-christians-worship-jesus-the-new-testament-evidence.pdf
    • http://www.gorillawalker.com/ro-sham-bimbo-2-bimbo-transformation-erotica-sorority-showdown.pdf
    • http://www.gorillawalker.com/first-mortgage-the-sherman-shreveport-and-southern-railway-company-to.pdf
    • http://www.gorillawalker.com/das-muskeltestbuch-funktion-triggerpunkte-akupunktur-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/pilates-anatomy-of-korean-edition.pdf
    • http://www.gorillawalker.com/cooking-the-world-ritual-and-thought-in-ancient-india-french.pdf
    • http://www.gorillawalker.com/get-your-swing-in-gear.pdf
    • http://www.gorillawalker.com/the-lebanese-kitchen-quick-healthy-recipes-hardback-common.pdf
    • http://www.gorillawalker.com/education-student-loans-act-public-general-acts-elizabeth-ii.pdf
    • http://www.gorillawalker.com/justice-society-of-america-thy-kingdom-come-part-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.