Malicious PDF — malware analysis report

Static analysis result for SHA-256 64a72250bc73ff46…

MALICIOUS

PDF

32.5 KB Created: 2020-01-10 17:21:24 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: 03b2cf8ec0248e2e245c416673270210 SHA-1: 60e24fc4192112de77414bb52b9ca49752a0ec08 SHA-256: 64a72250bc73ff4603e38be193dde5a3eb901653d1e849e418c3ec5ab3b11aba
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or distribution mechanism. The document body is heavily obfuscated and does not provide clear instructions, but the presence of numerous external links points towards a malicious intent, possibly for SEO manipulation or to serve as a lure for further malicious downloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/japan-and-the-league-of-nations-empire-and-world-order.pdf
    • http://www.gorillawalker.com/last-call-for-the-african-american-church-the-death-of.pdf
    • http://www.gorillawalker.com/alchimia-emotiva-come-la-mente-pu-curare-il-cuore.pdf
    • http://www.gorillawalker.com/aclu-handbook-the-rights-of-racial-minorities-aclu-handbook-of.pdf
    • http://www.gorillawalker.com/algeria-foreign-policy-and-government-guide.pdf
    • http://www.gorillawalker.com/touring-road-map-ireland.pdf
    • http://www.gorillawalker.com/rogue-croak.pdf
    • http://www.gorillawalker.com/essential-mexico-essential-travel-guide-series.pdf
    • http://www.gorillawalker.com/principles-of-contract-law-american-casebook-series.pdf
    • http://www.gorillawalker.com/george-washington-s-journey-the-president-forges-a-new-nation.pdf
    • http://www.gorillawalker.com/introduction-to-community-oral-history-community-oral-history-toolkit.pdf
    • http://www.gorillawalker.com/emmy-noether-s-wonderful-theorem.pdf
    • http://www.gorillawalker.com/the-hero-s-lot-the-staff-and-the-sword-book.pdf
    • http://www.gorillawalker.com/the-media-monopoly.pdf
    • http://www.gorillawalker.com/meeting-skills-for-leaders-a-practical-guide-for-more-productive.pdf
    • http://www.gorillawalker.com/tecnicas-de-deshabituacion-tabaquica-quitting-smoking-techniques-spanish-edition.pdf
    • http://www.gorillawalker.com/militant-around-the-clock-left-wing-youth-politics-leisure-and.pdf
    • http://www.gorillawalker.com/geology-chemical-physical-and-stratigraphical.pdf
    • http://www.gorillawalker.com/strange-revelations-magic-poison-and-sacrilege-in-louis-xiv-s.pdf
    • http://www.gorillawalker.com/operational-amplifier-circuits-analysis-and-design.pdf
    • http://www.gorillawalker.com/valuation-for-mergers-and-acquisitions-2nd-edition.pdf
    • http://www.gorillawalker.com/file-for-divorce-in-washington-with-cd-legal-survival-guides.pdf
    • http://www.gorillawalker.com/earliest-tennessee-land-records-earliest-tennessee-land-history.pdf
    • http://www.gorillawalker.com/cooking-for-two-simple-delicious-casserole-recipes-for-two-kindle.pdf
    • http://www.gorillawalker.com/creative-montreal-c-te-des-neiges-ndg-and-saint-laurent.pdf
    • http://www.gorillawalker.com/pigs-in-pajamas.pdf
    • http://www.gorillawalker.com/aqa-a2-law-student-unit-guide-criminal-law-offences-against.pdf
    • http://www.gorillawalker.com/solutions-manual-to-tro-s-chemistry-a-molecular-approach-pearson.pdf
    • http://www.gorillawalker.com/finders-keepers-india-unveiled-childrens-series-1.pdf
    • http://www.gorillawalker.com/the-indian-mutiny-1857-58.pdf
    • http://www.gorillawalker.com/the-code-of-honor-or-rules-for-the-government-of.pdf
    • http://www.gorillawalker.com/the-tomorrow-code.pdf
    • http://www.gorillawalker.com/who-will-write-our-history-rediscovering-a-hidden-archive-from.pdf
    • http://www.gorillawalker.com/endless-possibilities-siren-publishing-menage-and-more.pdf
    • http://www.gorillawalker.com/when-birds-get-flu-and-cows-go-mad-how-safe.pdf
    • http://www.gorillawalker.com/the-pistachio-prescription.pdf
    • http://www.gorillawalker.com/sounding-jewish-tradition-the-music-of-central-synagogue.pdf
    • http://www.gorillawalker.com/what-everyone-should-know-about-islam-muslims.pdf
    • http://www.gorillawalker.com/kansas-in-the-heart-of-tornado-alley-images-of-america.pdf
    • http://www.gorillawalker.com/characterization-of-solid-surfaces.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.