Malicious PDF — malware analysis report

Static analysis result for SHA-256 933a0111baaabe72…

MALICIOUS

PDF

41.4 KB Created: 2018-11-14 08:16:33 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: 20b79d444867f6de8b7005d0db9d76da SHA-1: 5629fd8d7455b425eb8f1bd405f341d64b250f9e SHA-256: 933a0111baaabe72073ecdef3bc230a30e814e28de8244114d522b41f0033709
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or link farm strategy. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/interpreting-clifford-geertz-cultural-investigation-in-the-social-sciences-cultural.pdf. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/interpreting-clifford-geertz-cultural-investigation-in-the-social-sciences-cultural.pdf
    • http://www.gorillawalker.com/paper-money-of-the-united-states-a-complete-illustrated-guide.pdf
    • http://www.gorillawalker.com/baptists-and-other-denominations.pdf
    • http://www.gorillawalker.com/rain-forest-kingfisher-voyages.pdf
    • http://www.gorillawalker.com/the-haunting-of-the-hockomock-swamp.pdf
    • http://www.gorillawalker.com/janice-vancleave-s-earth-science-for-every-kid-101-easy.pdf
    • http://www.gorillawalker.com/work-book-in-general-geology-with-laboratory-exercises-in-physical.pdf
    • http://www.gorillawalker.com/a-stem-cell-transplant-ms-recovery-story-beating-multiple-sclerosis.pdf
    • http://www.gorillawalker.com/lab-animal-abuse-vivisection-exposed.pdf
    • http://www.gorillawalker.com/gilda-roman-contemporain-1892.pdf
    • http://www.gorillawalker.com/pajama-party.pdf
    • http://www.gorillawalker.com/101-ways-to-market-your-books-for-publishers-and-authors.pdf
    • http://www.gorillawalker.com/a-dozen-a-day-book-1-green-book-cd.pdf
    • http://www.gorillawalker.com/the-spirit-book-the-encyclopedia-of-clairvoyance-channeling-and-spirit.pdf
    • http://www.gorillawalker.com/demon-possession-and-the-christian.pdf
    • http://www.gorillawalker.com/john-sinclair-folge-0482-die-m-rderischen-city-gnome-german.pdf
    • http://www.gorillawalker.com/the-yellow-chilli-cookbook.pdf
    • http://www.gorillawalker.com/eske-mwen-piti-yon-istwa-an-imaj-ke-philipp-winterberg.pdf
    • http://www.gorillawalker.com/title-49-transportation-400-571-2011-title-49-transportation.pdf
    • http://www.gorillawalker.com/easy-steps-to-chinese-vo1-8-textbook-with-1cd.pdf
    • http://www.gorillawalker.com/physical-feats-failures-time-for-kids-nonfiction-readers-level-4.pdf
    • http://www.gorillawalker.com/gonzo-the-art.pdf
    • http://www.gorillawalker.com/kwani-4.pdf
    • http://www.gorillawalker.com/who-wouldn-t-be-blue-billy-hughes-in-small-inset.pdf
    • http://www.gorillawalker.com/raised-from-the-dead-3days-in-the-mortuary-15minutes-in.pdf
    • http://www.gorillawalker.com/democracy-matters.pdf
    • http://www.gorillawalker.com/articulatory-speech-synthesis-from-the-fluid-dynamics-of-the-vocal.pdf
    • http://www.gorillawalker.com/communication-principles-for-a-lifetime-books-a-la-carte-edition.pdf
    • http://www.gorillawalker.com/heavy-metal-magazine-march-1992.pdf
    • http://www.gorillawalker.com/european-competition-law-annual-2004-the-relationship-between-competition-law.pdf
    • http://www.gorillawalker.com/demean-the-elf-queen-milk-and-maidens-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/golf-rules-etiquette-simplified.pdf
    • http://www.gorillawalker.com/the-literary-handyman-tips-on-writing-from-someone-s-who.pdf
    • http://www.gorillawalker.com/sin-fidel-spanish-edition.pdf
    • http://www.gorillawalker.com/the-skin-walkers-dark-shadows.pdf
    • http://www.gorillawalker.com/starry-river-of-the-sky.pdf
    • http://www.gorillawalker.com/lifting-the-sky.pdf
    • http://www.gorillawalker.com/digital-dilemmas-and-solutions-chandos-information-professional-series.pdf
    • http://www.gorillawalker.com/the-art-of-problem-solving-vol-2-and-beyond-solutions.pdf
    • http://www.gorillawalker.com/sonata-a-quattro-balletto-for-string-orchestra-full-score-qty.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.