Malicious PDF — malware analysis report

Static analysis result for SHA-256 66f8310ae8b04dc5…

MALICIOUS

PDF

41.7 KB Created: 2018-12-07 18:28:28 +03:00 Authoring application: TeX (via pdfTeX-0.14f)
MD5: 90b0c33d6cf23383f6096050e1d2d9fc SHA-1: d80def48fe0b9e60ae551e84ac0eb42911dc8db1 SHA-256: 66f8310ae8b04dc5f14b467a2178efb66d85cf014624fb84c80841cfd34e7a91
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs suggest an attempt to manipulate search engine results or distribute additional content, rather than a direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/indian-pressure-cooker-cookbook-let-the-whistle-blow-25-indian.pdf
    • http://www.gorillawalker.com/comic-art-creativity-and-the-law-elgar-law-and-entrepreneurship.pdf
    • http://www.gorillawalker.com/patients-with-connective-tissue-diseases-lupus-scleroderma-rheumatoid-arthritis.pdf
    • http://www.gorillawalker.com/the-six-wrinkled-woos.pdf
    • http://www.gorillawalker.com/the-philadelphia-adventure.pdf
    • http://www.gorillawalker.com/dear-rogue-a-biography-of-the-american-baritone-lawrence-tibbett.pdf
    • http://www.gorillawalker.com/insight-guides-frankfurt-surroundings-insight-city-guides.pdf
    • http://www.gorillawalker.com/o-mundo-composto-portuguese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/engineering-design-with-natural-rubber.pdf
    • http://www.gorillawalker.com/best-of-count-basie-piano-vocal-guitar-paperback.pdf
    • http://www.gorillawalker.com/communication-basics.pdf
    • http://www.gorillawalker.com/una-esposa-para-lord-ash-la-duquesa-del-amor-n.pdf
    • http://www.gorillawalker.com/puzzling-questions-about-the-solar-system.pdf
    • http://www.gorillawalker.com/every-woman-s-book-dr-airola-s-practical-guide-to.pdf
    • http://www.gorillawalker.com/american-law-an-introduction-edition.pdf
    • http://www.gorillawalker.com/life-in-a-kelp-forest-undersea-encounters.pdf
    • http://www.gorillawalker.com/state-building-and-democratization-in-bosnia-and-herzegovina-southeast-european.pdf
    • http://www.gorillawalker.com/egan-s-fundamentals-of-respiratory-care-text-and-study-guide.pdf
    • http://www.gorillawalker.com/hydrocarbon-seals-importance-for-exploration-and-production-norwegian-petroleum-society.pdf
    • http://www.gorillawalker.com/donato-per-bambini-spanish-edition.pdf
    • http://www.gorillawalker.com/medical-technology-in-japan-the-politics-of-regulation.pdf
    • http://www.gorillawalker.com/finite-mathematics-for-business-economics-life-sciences-and-social-sciences.pdf
    • http://www.gorillawalker.com/if-money-could-shout-the-brutal-truths-for-teens.pdf
    • http://www.gorillawalker.com/international-journal-of-orthodontia-and-oral-surgery-volume-5.pdf
    • http://www.gorillawalker.com/ancient-herbal-remedies-box-set-10-discover-the-complete-extensive.pdf
    • http://www.gorillawalker.com/principles-of-highway-engineering-and-traffic-analysis-5th-edition-print.pdf
    • http://www.gorillawalker.com/rosewood-confidential-the-unofficial-companion-to-pretty-little-liars-kindle.pdf
    • http://www.gorillawalker.com/all-it-takes-is-guts-a-minority-view.pdf
    • http://www.gorillawalker.com/resilienz-bis-ins-hohe-alter-was-wir-von-johann-sebastian.pdf
    • http://www.gorillawalker.com/the-savannah-cook-book.pdf
    • http://www.gorillawalker.com/big-learning-data.pdf
    • http://www.gorillawalker.com/healthy-cooking-for-singles-doubles.pdf
    • http://www.gorillawalker.com/solid-oxide-fuel-cells-materials-properties-and-performance-green-chemistry.pdf
    • http://www.gorillawalker.com/mrs-hawaii-s-new-cookbook.pdf
    • http://www.gorillawalker.com/giants-cannibals-monsters-bigfoot-in-native-culture.pdf
    • http://www.gorillawalker.com/saving-mr-terupt.pdf
    • http://www.gorillawalker.com/digital-design-media-a-handbook-for-architects-and-design-professionals.pdf
    • http://www.gorillawalker.com/anterior-knee-pain-and-patellar-instability.pdf
    • http://www.gorillawalker.com/el-libro-de-los-angeles-the-angels-ilustrated-book-coleccion.pdf
    • http://www.gorillawalker.com/the-tongva-of-california-the-library-of-native-americans.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.