Malicious PDF — malware analysis report

Static analysis result for SHA-256 71608b8ccb116774…

MALICIOUS

PDF

33.7 KB Created: 2019-05-18 14:49:49 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: 2c289631b7a628b0f1fb902c7205a455 SHA-1: 19afe80df2ebbb3149c7adad54aa8478baae901d SHA-256: 71608b8ccb1167744d5fe69335f9970dd86bbd65bacf2658d0a7d508106e583a
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document identified as malicious by an ML classifier. It contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The document body was truncated and did not provide specific lures, but the presence of 32 links suggests a coordinated effort to direct users to external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-deborah-b-gould-moving-politics-emotion-and-act-up.pdf
    • http://www.gorillawalker.com/last-chance-upon-a-murder.pdf
    • http://www.gorillawalker.com/las-tejanas-300-years-of-history-jack-and-doris-smothers.pdf
    • http://www.gorillawalker.com/geography-of-oklahoma-by-charles-n-gould.pdf
    • http://www.gorillawalker.com/numerical-discourses-of-the-buddha-an-anthology-of-suttas-from.pdf
    • http://www.gorillawalker.com/animal-sanctuary.pdf
    • http://www.gorillawalker.com/delightful-vietnamese-cooking.pdf
    • http://www.gorillawalker.com/michael-caine-acting-in-film-an-actor-s-take-on.pdf
    • http://www.gorillawalker.com/healing-multiple-sclerosis-diet-detox-nutritional-makeover-for-total-recovery.pdf
    • http://www.gorillawalker.com/powerfoods-good-food-good-health-with-phytochemicals-nature-s-own.pdf
    • http://www.gorillawalker.com/dance-magic-here-comes-heavenly.pdf
    • http://www.gorillawalker.com/curiosities-of-flight-some-unusual-ideas-on-flying-from-flapping.pdf
    • http://www.gorillawalker.com/wiley-cmaexcel-exam-review-2015-flashcards-part-1-financial-planning.pdf
    • http://www.gorillawalker.com/kill-the-messenger.pdf
    • http://www.gorillawalker.com/automation-friend-or-foe.pdf
    • http://www.gorillawalker.com/port-of-philadelphia-kindle-edition.pdf
    • http://www.gorillawalker.com/more-than-moonshine-appalachian-recipes-and-recollections.pdf
    • http://www.gorillawalker.com/digital-radiography-and-three-dimensional-imaging.pdf
    • http://www.gorillawalker.com/the-burning-glass-jean-fairbairn-alasdair-cameron-series-book-3.pdf
    • http://www.gorillawalker.com/be-gender-smart-the-key-to-career-success-for-women.pdf
    • http://www.gorillawalker.com/saba-the-antifragile-offense-kindle-edition.pdf
    • http://www.gorillawalker.com/the-ledge-between-the-streams-picador-books.pdf
    • http://www.gorillawalker.com/improvised-munitions-black-book-vol-3-the-combat-bookshelf.pdf
    • http://www.gorillawalker.com/abwechslungsreiche-di-t-bei-psoriasis.pdf
    • http://www.gorillawalker.com/solomon-lake-guide-philosopher-and-friend-the-author-s-fiftieth.pdf
    • http://www.gorillawalker.com/an-unauthorized-guide-to-pillsbury-doughboy-collectibles-schiffer-book-for.pdf
    • http://www.gorillawalker.com/painting-gilded-florals-and-fruits-decorative-painting.pdf
    • http://www.gorillawalker.com/a-history-of-anthropology-anthropology-culture-and-society.pdf
    • http://www.gorillawalker.com/the-undiscovered-self-routledge-great-minds.pdf
    • http://www.gorillawalker.com/a-kind-of-testament.pdf
    • http://www.gorillawalker.com/son-of-thunder-leisure-arts-craft-leaflets.pdf
    • http://www.gorillawalker.com/cervical-breast-and-prostate-cancer-classical-cover-black-and-white.pdf
    • http://www.gorillawalker.com/election-and-free-will-god-s-gracious-choice-and-our.pdf
    • http://www.gorillawalker.com/in-the-footsteps-of-the-gods-travelers-to-greece-and.pdf
    • http://www.gorillawalker.com/hello-is-this-grandma-tiger-tales.pdf
    • http://www.gorillawalker.com/candida-a-pleasant-play.pdf
    • http://www.gorillawalker.com/i-dared-to-call-him-father-the-miraculous-story-of.pdf
    • http://www.gorillawalker.com/indesign-cc-visual-quickstart-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/treat-your-own-knees-reissue-kindle-edition.pdf
    • http://www.gorillawalker.com/finite-element-method-volume-2-fifth-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.