Malicious PDF — malware analysis report

Static analysis result for SHA-256 859671b611317280…

MALICIOUS

PDF

40.4 KB Created: 2018-12-15 20:09:48 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.9)
MD5: 7c7558ea7e61fe402da5e6f6bb0cfedb SHA-1: 13886efe60c8ff11a54b6bbab5a0c41bb8b18178 SHA-256: 859671b6113172801c0c0e96443be177b784374e59a772f257eaa1c41760c1f8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various PDF documents hosted on the same domain, suggesting a link farm or SEO manipulation tactic. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-field-guide-and-identification-manual-for-florida-and-eastern.pdf
    • http://www.gorillawalker.com/world-directory-of-map-collections-ifla-publications.pdf
    • http://www.gorillawalker.com/medicine-and-film-a-checklist-survey-and-research-resource.pdf
    • http://www.gorillawalker.com/in-defense-of-the-pun.pdf
    • http://www.gorillawalker.com/the-storm-of-steel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/american-university-off-the-record-college-prowler-college-prowler-american.pdf
    • http://www.gorillawalker.com/rebel-yell-the-violence-passion-and-redemption-of-stonewall-jackson.pdf
    • http://www.gorillawalker.com/purgatory.pdf
    • http://www.gorillawalker.com/physics-and-dynamics-of-clouds-and-precipitation.pdf
    • http://www.gorillawalker.com/skills-and-skilled-work-an-economic-and-social-analysis.pdf
    • http://www.gorillawalker.com/singing-in-style-a-guide-to-vocal-performance-practices.pdf
    • http://www.gorillawalker.com/ethan-frome-norton-critical-editions.pdf
    • http://www.gorillawalker.com/the-traveler-s-tricks-a-caroline-mystery-american-girl-beforever.pdf
    • http://www.gorillawalker.com/the-philippine-journal-of-science-section-b-tropical-medicine-volume.pdf
    • http://www.gorillawalker.com/porsche-boxster-cayman-everything-you-need-to-know-about-your.pdf
    • http://www.gorillawalker.com/to-be-a-champion.pdf
    • http://www.gorillawalker.com/estadistica-aplicada-a-los-negocios-utilizando-microsoft-excel-professional-tools.pdf
    • http://www.gorillawalker.com/oracle-e-business-suite-accounts-receivables-r12-personal-edition.pdf
    • http://www.gorillawalker.com/consumer-behaviour-insights-from-indian-market-pb.pdf
    • http://www.gorillawalker.com/jeff-gordon-2013-calendar-nascar.pdf
    • http://www.gorillawalker.com/puntos-de-partida-an-invitation-to-spanish-student-edition.pdf
    • http://www.gorillawalker.com/on-war-volumes-i-and-ii-leather-bound-library-of.pdf
    • http://www.gorillawalker.com/tied-teased-and-used-lesbian-bdsm-erotica.pdf
    • http://www.gorillawalker.com/guide-to-information-in-engineering-project-management.pdf
    • http://www.gorillawalker.com/bed-and-breakfast-getaways-on-the-west-coast-alaska-to.pdf
    • http://www.gorillawalker.com/how-to-build-a-metropolis-build-a-city-town-or.pdf
    • http://www.gorillawalker.com/pumped-the-patriots-are-four-time-super-bowl-champs.pdf
    • http://www.gorillawalker.com/i-like-lots.pdf
    • http://www.gorillawalker.com/tempromandibular-disorders-and-the-need-for-prosthodontic-treatment-dental-prosthodontics.pdf
    • http://www.gorillawalker.com/the-trombone-yale-musical-instrument-series.pdf
    • http://www.gorillawalker.com/larger-than-life-a-gigantic-romantic-comedy-kindle-edition.pdf
    • http://www.gorillawalker.com/gerontological-nursing-issues-and-opportunities-for-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/fibre-cement.pdf
    • http://www.gorillawalker.com/lady-antebellum-need-you-now-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/acing-contracts-1st-first-edition-text-only.pdf
    • http://www.gorillawalker.com/tattoo-designs-for-women-love-lust.pdf
    • http://www.gorillawalker.com/asian-tsunami-2004-raintree-when-disaster-struck-raintree-when-disaster.pdf
    • http://www.gorillawalker.com/the-clergy-sexual-abuse-crisis-reform-and-renewal-in-the.pdf
    • http://www.gorillawalker.com/how-to-succeed-at-shopping.pdf
    • http://www.gorillawalker.com/venture-capital-financing-for-biotechnology.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.