Malicious PDF — malware analysis report

Static analysis result for SHA-256 884322e0f19b11f6…

MALICIOUS

PDF

45.3 KB Created: 2019-04-28 12:18:11 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: b47b1783e70e3e517e279af873a00296 SHA-1: 43d7a0958a31505ad2caecd3c2bae65d5634345f SHA-256: 884322e0f19b11f6c01b538b7572f0fa6a52e29e8b61578f398deb3bd9818bae
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links points towards a malicious intent, possibly to distribute further malware or engage in phishing. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/murder-mysteries-a-play-for-voices.pdf
    • http://www.gorillawalker.com/el-templo-del-alba-the-temple-of-dawn-el-mar.pdf
    • http://www.gorillawalker.com/red-zone.pdf
    • http://www.gorillawalker.com/water-skiing-learn-about-water-skiing-and-learn-to-read.pdf
    • http://www.gorillawalker.com/god-s-promises-for-girls.pdf
    • http://www.gorillawalker.com/discidium-the-integrated-the-second-book-in-the-discidium-trilogy.pdf
    • http://www.gorillawalker.com/electricity-and-experimental-physics-in-eighteenth-century-europe-variorum-collected.pdf
    • http://www.gorillawalker.com/indonesia-travel-atlas-indonesia-travel-atlas-3-e-paperback.pdf
    • http://www.gorillawalker.com/adrift-callisto-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/rome-everyman-map-guide.pdf
    • http://www.gorillawalker.com/crash-course-the-life-lessons-my-students-taught-me.pdf
    • http://www.gorillawalker.com/science-in-agriculture-advanced-methods-for-sustainable-farming.pdf
    • http://www.gorillawalker.com/beyond-purdah-women-in-bengal-1890-1930-soas-studies-on.pdf
    • http://www.gorillawalker.com/memphis-intrigue-1940-detective-murder-mystery.pdf
    • http://www.gorillawalker.com/composition-journal.pdf
    • http://www.gorillawalker.com/incidents-of-travel-in-central-america-chiapas-and-yucatan-illustrated.pdf
    • http://www.gorillawalker.com/the-essential-supernatural-on-the-road-with-sam-and-dean.pdf
    • http://www.gorillawalker.com/the-gravitational-constant-generalized-gravitational-theories-and-experiments-nato-science.pdf
    • http://www.gorillawalker.com/powerpoint-for-litigators-how-to-create-effective-illustrative-aids-and.pdf
    • http://www.gorillawalker.com/confessions-of-son-of-sam.pdf
    • http://www.gorillawalker.com/advaita-vedanta-a-student-s-note.pdf
    • http://www.gorillawalker.com/nic-bishop-snakes.pdf
    • http://www.gorillawalker.com/digest-of-labour-cases-1990-to-february-2010-case-law.pdf
    • http://www.gorillawalker.com/wyatt-men-of-clifton-montana-book-4.pdf
    • http://www.gorillawalker.com/can-you-survive-a-zombie-apocalypse-an-interactive-doomsday-adventure.pdf
    • http://www.gorillawalker.com/plumb-s-veterinary-drug-handbook-kindle-edition.pdf
    • http://www.gorillawalker.com/a-century-of-travels-in-china-critical-essays-on-travel.pdf
    • http://www.gorillawalker.com/locating-classifying-and-countering-agile-land-vehicles.pdf
    • http://www.gorillawalker.com/documentary-world-history-and-national-power-in-the-prc-global.pdf
    • http://www.gorillawalker.com/india-reloaded-inside-india-s-resurgent-consumer-market.pdf
    • http://www.gorillawalker.com/children-development-dilemma.pdf
    • http://www.gorillawalker.com/the-dreams-that-stuff-is-made-of-the-most-astounding.pdf
    • http://www.gorillawalker.com/mission-design-data-for-venus-mars-and-jupiter-through-1990.pdf
    • http://www.gorillawalker.com/ib-chemistry-sl-and-hl-examination-secrets-study-guide-ib.pdf
    • http://www.gorillawalker.com/we-understanding-the-psychology-of-romantic-love.pdf
    • http://www.gorillawalker.com/fracture-mechanics-fourteenth-symposium-two-volume-set.pdf
    • http://www.gorillawalker.com/learn-css-with-w3schools.pdf
    • http://www.gorillawalker.com/epidemiology-kept-simple-an-introduction-to-classic-and-modern-epidemiology.pdf
    • http://www.gorillawalker.com/does-science-need-secrecy-a-reply-to-professor-porter-and.pdf
    • http://www.gorillawalker.com/i-voskopoula-me-ta-margaritaria-a-greek-language-book-greek.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.