Malicious PDF — malware analysis report

Static analysis result for SHA-256 7929f6f108d3b5ab…

MALICIOUS

PDF

32.2 KB Created: 2020-02-08 21:01:57 +03:00 Authoring application: LaTeX with hyperref package (via pdfeTeX-1.10b)
MD5: ed366cad02be51ecc2eec7b293767fb3 SHA-1: 2169b36da4120c79d8364002b476b0f4728a1012 SHA-256: 7929f6f108d3b5ab2aea273a85449e4580c03cb01c037517299343c706daab58
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to redirect users to these sites, potentially for SEO manipulation or to serve as a landing page for further malicious activity. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bahamian-archaeology-life-in-the-bahamas-and-turks-and-caicos.pdf
    • http://www.gorillawalker.com/elementary-statistics-picturing-the-world-5th-edition.pdf
    • http://www.gorillawalker.com/gospel-fictions.pdf
    • http://www.gorillawalker.com/leonardo-dicaprio-anatomy-of-an-actor.pdf
    • http://www.gorillawalker.com/a-gillnet-s-drift-tales-of-fish-and-freedom-on.pdf
    • http://www.gorillawalker.com/arming-against-hitler-france-and-the-limits-of-military-planning.pdf
    • http://www.gorillawalker.com/m-to-m-of-m-m-paris-fashion-music-art.pdf
    • http://www.gorillawalker.com/process-engineering-economics-chemical-industries.pdf
    • http://www.gorillawalker.com/good-little-girl-she-stayed-quiet-for-a-very-long.pdf
    • http://www.gorillawalker.com/andrew-s-brain-a-novel.pdf
    • http://www.gorillawalker.com/the-first-epistle-of-john-expounded-in-a-series-of.pdf
    • http://www.gorillawalker.com/food-allergies-a-medical-dictionary-bibliography-and-annotated-research-guide.pdf
    • http://www.gorillawalker.com/there-s-something-about-werewolves-seven-brides-for-seven-shifters.pdf
    • http://www.gorillawalker.com/anne-bonney-my-pirate-story.pdf
    • http://www.gorillawalker.com/100-liedtexte-zur-advents-und-weihnachtszeit-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/mad-about-movies-9.pdf
    • http://www.gorillawalker.com/legio-xxxi-kindle-edition.pdf
    • http://www.gorillawalker.com/falling-for-her-cowboy-boss-bbw-billionaire-western-romance.pdf
    • http://www.gorillawalker.com/milieu-therapy-significant-issues-and-innovative-applications.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-stupidity.pdf
    • http://www.gorillawalker.com/spectrum-writing-grade-2.pdf
    • http://www.gorillawalker.com/52-likes-kindle-edition.pdf
    • http://www.gorillawalker.com/second-skin-josephine-baker-the-modern-surface.pdf
    • http://www.gorillawalker.com/the-king-of-kahel.pdf
    • http://www.gorillawalker.com/how-to-make-it-big-as-a-consultant-4th-fourth.pdf
    • http://www.gorillawalker.com/a-thread-in-the-tangle-legends-of-fyrsta-book-1.pdf
    • http://www.gorillawalker.com/jack-cole-s-deadly-horror-the-chilling-archives-of-horror.pdf
    • http://www.gorillawalker.com/indian-takeaway.pdf
    • http://www.gorillawalker.com/presidential-lightning-rods-the-politics-of-blame-avoidance-studies-in.pdf
    • http://www.gorillawalker.com/differential-equations-and-boundary-value-problems-computing-and-modeling-4th.pdf
    • http://www.gorillawalker.com/malondialdehyde-mda-structure-biochemistry-and-role-in-disease.pdf
    • http://www.gorillawalker.com/chance-04-chance-in-flight-luke-chance.pdf
    • http://www.gorillawalker.com/principles-of-financial-engineering-academic-press-advanced-finance.pdf
    • http://www.gorillawalker.com/the-nikon-d90-companion.pdf
    • http://www.gorillawalker.com/special-polymers-for-electronics-and-optoelectronics.pdf
    • http://www.gorillawalker.com/raising-atlantis-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/chemical-induction-of-cancer-structural-bases-and-biological-mechanisms-part.pdf
    • http://www.gorillawalker.com/the-history-and-science-of-the-manhattan-project-undergraduate-lecture.pdf
    • http://www.gorillawalker.com/eyes-in-a-storm-how-one-community-weathered-life-after.pdf
    • http://www.gorillawalker.com/vocabulary-power-grade-k-slipcase-edition-vocabulary-power-reading.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.