Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6b2286a9e3d7f7c…

MALICIOUS

PDF

33.8 KB Created: 2019-12-13 06:45:36 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.40.9)
MD5: aac1d7c9f67e58c2579a6b51f74ce563 SHA-1: d2cd0c543463ffae654d7e72b1b68795b5a01f5e SHA-256: a6b2286a9e3d7f7c330db9215cc88bbf0fb5431aeab7ebe06132d1923faa0b5a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to a large number of documents hosted on the same domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8215

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lesinsky-methods-for-recorder.pdf
    • http://www.gorillawalker.com/entrepreneurship-geography-and-american-economic-growth.pdf
    • http://www.gorillawalker.com/singapore-leisure-map.pdf
    • http://www.gorillawalker.com/storytelling-with-data-a-data-visualization-guide-for-business-professionals.pdf
    • http://www.gorillawalker.com/c-mo-iniciar-su-propio-negocio-how-to-start-your.pdf
    • http://www.gorillawalker.com/william-catherine-their-story.pdf
    • http://www.gorillawalker.com/the-transcendent-function-jung-s-model-of-psychological-growth-through.pdf
    • http://www.gorillawalker.com/sounds-of-christmas-solos-with-ensemble-arrangements-for-two-or.pdf
    • http://www.gorillawalker.com/the-martyrs-of-papua-new-guinea-333-missionary-lives-lost.pdf
    • http://www.gorillawalker.com/financial-intelligence-revised-edition-a-manager-s-guide-to-knowing.pdf
    • http://www.gorillawalker.com/imaging-of-the-foot-and-ankle-clinical-diagnostic-imaging-series.pdf
    • http://www.gorillawalker.com/new-art-of-defence-in-chess.pdf
    • http://www.gorillawalker.com/thomas-mann-modern-novelists.pdf
    • http://www.gorillawalker.com/color-me-creative-unlock-your-imagination.pdf
    • http://www.gorillawalker.com/schenker-studies-2-cambridge-composer-studies-vol-2.pdf
    • http://www.gorillawalker.com/nature-heals-the-psychological-essays-of-paul-goodman.pdf
    • http://www.gorillawalker.com/modernity-at-sea-melville-marx-conrad-in-crisis-theory-out.pdf
    • http://www.gorillawalker.com/becoming-a-practitioner-researcher-a-gestalt-approach-to-holistic-inquiry.pdf
    • http://www.gorillawalker.com/morality-and-the-good-life-an-introduction-to-ethics-through.pdf
    • http://www.gorillawalker.com/disaster-planning-and-preparedness-in-early-childhood-and-school-age.pdf
    • http://www.gorillawalker.com/l-art-de-cultiver-les-m-riers-blancs-d-lever.pdf
    • http://www.gorillawalker.com/gurps-martial-arts-adventures.pdf
    • http://www.gorillawalker.com/teach-n-soccer-free-flow-manual-handbook-and-guide-for.pdf
    • http://www.gorillawalker.com/pope-francis-conversations-with-jorge-bergoglio.pdf
    • http://www.gorillawalker.com/online-dating-do-you-know-that-a-good-profile-is.pdf
    • http://www.gorillawalker.com/time-machines-the-best-time-travel-stories-ever-written.pdf
    • http://www.gorillawalker.com/bunches-of-butterflies-coloring-book-art-filled-fun-coloring-books.pdf
    • http://www.gorillawalker.com/the-cretaceous-geology-of-wyoming-wyoming-geological-association-36th-annual.pdf
    • http://www.gorillawalker.com/onderdonkey.pdf
    • http://www.gorillawalker.com/hansel-and-gretel-standard-edition-a-toon-graphic.pdf
    • http://www.gorillawalker.com/germany-a-benjamin-blog-and-his-inquisitive-dog-guide-read.pdf
    • http://www.gorillawalker.com/business-essentials-business-decision-making-study-text-digital.pdf
    • http://www.gorillawalker.com/the-ties-that-blind-neckties-1945-1975-schiffer-book-for.pdf
    • http://www.gorillawalker.com/the-first-rule-of-ten-a-tenzing-norbu-mystery.pdf
    • http://www.gorillawalker.com/outline-the-hypo-before-writing-contracts-law-look-inside.pdf
    • http://www.gorillawalker.com/a-coming-christ-in-advent.pdf
    • http://www.gorillawalker.com/receive-your-miracle-a-manual-on-how-to-receive-miracles.pdf
    • http://www.gorillawalker.com/cardiac-imaging-the-requisites-3e-requisites-in-radiology.pdf
    • http://www.gorillawalker.com/black-flagged-vektor.pdf
    • http://www.gorillawalker.com/nightfall-turtleback-school-library-binding-edition-the-vampire-diaries-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.