Malicious PDF — malware analysis report

Static analysis result for SHA-256 617c2d84929b66f4…

MALICIOUS

PDF

43.0 KB Created: 2019-04-11 16:13:48 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx)
MD5: 52abc751bf6f3b0aeec10d5fe8b35ca4 SHA-1: 2d55fcd5a7e611b961022f9110702570b595552a SHA-256: 617c2d84929b66f4142f0dd8bd9f37ef98d7a30b269fdeebd77442c0aa4f73fd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to host a mass of external PDF links, likely for SEO manipulation or to serve as a distribution point for other malicious content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/painting-boats-and-harbors-dover-art-instruction.pdf
    • http://www.gorillawalker.com/tal-botvinnik-1960.pdf
    • http://www.gorillawalker.com/biological-therapy-treatments-that-use-your-immune-system-to-fight.pdf
    • http://www.gorillawalker.com/dark-destiny-dark-mirror-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/orpheus-the-metamorphosis-of-a-myth-studies-in-the-orpheus.pdf
    • http://www.gorillawalker.com/jesus-the-life-teachings-and-relevance-of-a-religious-revolutionary.pdf
    • http://www.gorillawalker.com/diffordsguide-cocktails-11.pdf
    • http://www.gorillawalker.com/the-blight-a-wolf-donovan-supernatural-thriller-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-five-love-languages-journal-chapman-gary.pdf
    • http://www.gorillawalker.com/lecture-notes-radiology.pdf
    • http://www.gorillawalker.com/optimal-and-heuristic-solutions-for-codebreaking-games-a-comprehensive-tutorial.pdf
    • http://www.gorillawalker.com/biology-of-the-peregrine-gryfalcon-in-greenland.pdf
    • http://www.gorillawalker.com/the-heart-of-listening-a-visionary-approach-to-craniosacral-work.pdf
    • http://www.gorillawalker.com/loving-yusuf-conceptual-travels-from-present-to-past-afterlives-of.pdf
    • http://www.gorillawalker.com/biochemistry-second-edition-the-chemical-reactions-of-living-cells.pdf
    • http://www.gorillawalker.com/great-political-wit-laughing-almost-all-the-way-to-the.pdf
    • http://www.gorillawalker.com/the-pick-3-max-formula.pdf
    • http://www.gorillawalker.com/petretti-s-coca-cola-collectibles-price-guide-8th-edition.pdf
    • http://www.gorillawalker.com/get-the-edge-at-blackjack-scoblete-get-the-edge-by.pdf
    • http://www.gorillawalker.com/business-direct-marketing-plan-and-operate-chinese-edition.pdf
    • http://www.gorillawalker.com/music-for-the-royal-fireworks-hwv-351-full-score-a1541.pdf
    • http://www.gorillawalker.com/nfpa-s-illustrated-dictionary-of-electrical-terms.pdf
    • http://www.gorillawalker.com/hell-or-empire.pdf
    • http://www.gorillawalker.com/radical-grace-daily-meditations.pdf
    • http://www.gorillawalker.com/michael-mann-masters-of-cinema.pdf
    • http://www.gorillawalker.com/for-black-girls-kindle-edition.pdf
    • http://www.gorillawalker.com/the-figure-skating-book-a-young-persons-guide-to-figure.pdf
    • http://www.gorillawalker.com/journal-of-american-academy-of-child-adolescent-psychiatry-vol-44.pdf
    • http://www.gorillawalker.com/windows-10-for-seniors-for-dummies.pdf
    • http://www.gorillawalker.com/north-carolina-civil-war-monuments-an-illustrated-history.pdf
    • http://www.gorillawalker.com/die-kirche-und-der-maya-katholizismus-die-katholische-kirche-und.pdf
    • http://www.gorillawalker.com/como-un-salto-de-campana.pdf
    • http://www.gorillawalker.com/sustainable-automotive-energy-system-in-china.pdf
    • http://www.gorillawalker.com/marketing-plan-for-a-medical-transcription-service-marketing-plan-for.pdf
    • http://www.gorillawalker.com/nonlinearity-in-structural-dynamics-detection-identification-and-modelling.pdf
    • http://www.gorillawalker.com/frommer-s-comprehensive-travel-guide-budapest.pdf
    • http://www.gorillawalker.com/inside-coldfusion-mx.pdf
    • http://www.gorillawalker.com/by-national-geographic-maps-adv-cuba-national-geographic-adventure-map.pdf
    • http://www.gorillawalker.com/ludwig-van-beethoven-great-composers-series.pdf
    • http://www.gorillawalker.com/wacky-doggy-knits-10-original-patterns-for-your-style-conscious.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.