Malicious PDF — malware analysis report

Static analysis result for SHA-256 893bb6010a4bb89b…

MALICIOUS

PDF

45.5 KB Created: 2018-11-14 08:25:40 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: 10aaf59f42067f665277d1e9af5f60e1 SHA-1: 2445e51cda9ec7e617c68d40595322ac8ba715af SHA-256: 893bb6010a4bb89b27755fd9ffdd02e3d36c885ef3ea28f97470b50941e2fa05
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external resources, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. The document body was unreadable, but the link farm heuristic is strong evidence of a malicious pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/homeland-security-field-guide.pdf
    • http://www.gorillawalker.com/the-new-urbanism-toward-an-architecture-of-community.pdf
    • http://www.gorillawalker.com/jerky-everything-foolproof-and-flavorful-recipes-for-beef-pork-poultry.pdf
    • http://www.gorillawalker.com/understanding-computers-today-and-tomorrow-introductory.pdf
    • http://www.gorillawalker.com/dinosaurs-from-head-to-tail.pdf
    • http://www.gorillawalker.com/hacking-exposed-mobile-security-secrets-solutions.pdf
    • http://www.gorillawalker.com/a-good-and-happy-child-a-novel.pdf
    • http://www.gorillawalker.com/sihpromatum-i-grew-my-boobs-in-china-volume-1.pdf
    • http://www.gorillawalker.com/marketing-by-the-numbers-how-to-measure-and-improve-the.pdf
    • http://www.gorillawalker.com/david-mamet-s-glengarry-glen-ross-text-and-performance-studies.pdf
    • http://www.gorillawalker.com/stories-to-caution-the-world-a-ming-dynasty-collection-ming.pdf
    • http://www.gorillawalker.com/compulsory-purchase-and-compensation.pdf
    • http://www.gorillawalker.com/jenny-basque-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/design-goods-showcase-japanese-edition.pdf
    • http://www.gorillawalker.com/the-bigger-they-are-the-harder-they-fall-how-to.pdf
    • http://www.gorillawalker.com/the-gulag-archipelago.pdf
    • http://www.gorillawalker.com/the-art-of-the-short-story-classic-reprint.pdf
    • http://www.gorillawalker.com/atlas-of-human-tumor-cell-lines.pdf
    • http://www.gorillawalker.com/kidney-research-experimental-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/day-trading-profitable-strategies-revealed-for-the-smart-traders-trading.pdf
    • http://www.gorillawalker.com/united-kingdom-in-our-world-countries-in-our-world.pdf
    • http://www.gorillawalker.com/brickwork-level-1-for-caa-construction-diploma-and-nvqs-by.pdf
    • http://www.gorillawalker.com/the-american-political-system-2nd-edition.pdf
    • http://www.gorillawalker.com/coaching-youth-football-official-handbook-of-usa-football-4th-edition.pdf
    • http://www.gorillawalker.com/the-bandit-on-the-billiard-table-a-journey-through-sardinia.pdf
    • http://www.gorillawalker.com/dieppe-1942.pdf
    • http://www.gorillawalker.com/textual-evidence-of-the-life-of-simon-girty-american-revolutionary.pdf
    • http://www.gorillawalker.com/simulation-scenarios-for-nursing-education.pdf
    • http://www.gorillawalker.com/nursing-leadership-management-and-professional-practice-for-the-lpn-lvn.pdf
    • http://www.gorillawalker.com/missa-solennis-graner-messe-vocal-piano-score.pdf
    • http://www.gorillawalker.com/royal-band-5-eine-hochzeit-aus-brokat-german-edition.pdf
    • http://www.gorillawalker.com/dr-strong-and-sweet-potatoes.pdf
    • http://www.gorillawalker.com/holding-their-own-ii-the-independents-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/monumento-nacional-a-la-bandera-spanish-edition.pdf
    • http://www.gorillawalker.com/calm-chaos-with-kids-your-life-will-never-be-the.pdf
    • http://www.gorillawalker.com/innovation-how-innovators-think-act-and-change-our-world.pdf
    • http://www.gorillawalker.com/fundamentals-of-engineering-economics-3-e-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/airframe-test-guide-2012-the-fast-track-to-study-for.pdf
    • http://www.gorillawalker.com/aids-is-looking-for-you.pdf
    • http://www.gorillawalker.com/sql-server-2005-practical-troubleshooting-the-database-engine-1st-first.pdf
    • http://www.gorillawalker.com/dinosaurs-from-head
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.