Malicious PDF — malware analysis report

Static analysis result for SHA-256 708dd9fa5c29efcc…

MALICIOUS

PDF

44.2 KB Created: 2018-11-23 08:00:39 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: 4ab42079292532bfc9e0e86da298b8a8 SHA-1: 961194c081f2d1902485b704338e0b53367c529c SHA-256: 708dd9fa5c29efccea28e4ce2b9b837f64f5d9af293a28a272c95b31564aa8f7
132 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified as a 'link farm' heuristic, suggesting an attempt to distribute malicious content or redirect users to phishing sites. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic indicates the document may be part of a multi-stage attack where the actual payload is hidden and requires a password, often provided in a separate communication. No scripts were extracted, but the presence of embedded URLs and the link farm behavior points towards a malicious distribution tactic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/official-body-control-pilates-manual-the-ultimate-guide-to-the.pdf
    • http://www.gorillawalker.com/pluto-our-solar-system-compass.pdf
    • http://www.gorillawalker.com/become-a-great-public-speaker-tips-guidelines-for-an-effective.pdf
    • http://www.gorillawalker.com/historicizing-colonial-nostalgia.pdf
    • http://www.gorillawalker.com/atlasul-geografic-al-lumii-romanian-edition.pdf
    • http://www.gorillawalker.com/frequency-selective-surface-analysis-and-design-electronic-electrical-engineering-research.pdf
    • http://www.gorillawalker.com/a-little-box-of-christmas.pdf
    • http://www.gorillawalker.com/a-step-toward-brown-v-board-of-education-ada-lois.pdf
    • http://www.gorillawalker.com/runaway-state-building-patronage-politics-and-democratic-development.pdf
    • http://www.gorillawalker.com/the-family-corleone.pdf
    • http://www.gorillawalker.com/wrong-end-of-the-rainbow-the-collapse-of-free-enterprise.pdf
    • http://www.gorillawalker.com/sweeping-changes-discovering-the-joy-of-zen-in-everyday-tasks.pdf
    • http://www.gorillawalker.com/literature-s-sensuous-geographies-postcolonial-matters-of-place-geocriticism-and.pdf
    • http://www.gorillawalker.com/national-geographic-magazine-january-1920-volume-xxxvii-number-1920.pdf
    • http://www.gorillawalker.com/in-god-we-trust-all-others-pay-cash.pdf
    • http://www.gorillawalker.com/god-s-healing-promises.pdf
    • http://www.gorillawalker.com/polar-geopolitics-knowledges-resources-and-legal-regimes.pdf
    • http://www.gorillawalker.com/el-eco-negro-bestseller-roca-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/applications-of-evolutionary-computation-in-chemistry.pdf
    • http://www.gorillawalker.com/fun-to-learn-colors.pdf
    • http://www.gorillawalker.com/a-death-in-brazil.pdf
    • http://www.gorillawalker.com/interpretation-new-testament-series-set-17-volume-sets-interpretation-a.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-9-2350-261-10-operators.pdf
    • http://www.gorillawalker.com/dark-ages-mage-grimoire-vampire.pdf
    • http://www.gorillawalker.com/automobile-quarterly-vol-42-no-2.pdf
    • http://www.gorillawalker.com/returning-to-the-teachings-exploring-aboriginal-justice.pdf
    • http://www.gorillawalker.com/aventura-dental-denture-adventure-pato-bill-bill-the-duck-spanish.pdf
    • http://www.gorillawalker.com/venus-in-india-illustrated-love-adventures-in-hindustan-in-three.pdf
    • http://www.gorillawalker.com/complete-book-of-equipment-leasing-agreements-forms-worksheets-checklists.pdf
    • http://www.gorillawalker.com/fitzpatrick-s-dermatology-in-general-medicine-vol-1.pdf
    • http://www.gorillawalker.com/the-everything-mary-magdalene-book-the-life-and-legacy-of.pdf
    • http://www.gorillawalker.com/the-american-book-of-craft-breweries-the-history-culture-and.pdf
    • http://www.gorillawalker.com/housekeeping-vs-the-dirt.pdf
    • http://www.gorillawalker.com/the-springs-of-namje-a-ten-year-journey-from-the.pdf
    • http://www.gorillawalker.com/children-s-party-games-family-matters.pdf
    • http://www.gorillawalker.com/the-price-of-the-ticket-collected-nonfiction-1948-1985.pdf
    • http://www.gorillawalker.com/rand-mcnally-easyfinder-indianapolis-map.pdf
    • http://www.gorillawalker.com/red-dice-the-last-vampire-3.pdf
    • http://www.gorillawalker.com/liebestraum-liszt-franz-signature-series-original.pdf
    • http://www.gorillawalker.com/giant-pandas-biology-and-conservation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.