Malicious PDF — malware analysis report

Static analysis result for SHA-256 abdf95a3d8bda95a…

MALICIOUS

PDF

44.3 KB Created: 2018-12-15 20:01:07 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: dfe1d50cc2d22530efb4a72d43e2c90c SHA-1: f3076867e836768e49775668c6dd8e845258ee71 SHA-256: abdf95a3d8bda95a53447039edb15f80980f023cc8f1f6aac100fb067cf77987
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to external resources, likely for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/primer-of-biostatistics-seventh-edition-primer-of-biostatistics-glantz-paperback.pdf
    • http://www.gorillawalker.com/your-instinct-in-action-a-personal-application-guide-to-instinct.pdf
    • http://www.gorillawalker.com/science-and-technology-of-integrated-ferroelectrics-selected-papers-from-eleven.pdf
    • http://www.gorillawalker.com/papa-francisco-esta-econom-a-mata-mundo-y-cristianismo-spanish.pdf
    • http://www.gorillawalker.com/introduction-to-general-topology-holden-day-series-in-mathematics.pdf
    • http://www.gorillawalker.com/talking-dirty-slang-expletives-and-curses-from-around-the-world.pdf
    • http://www.gorillawalker.com/in-fitting-memory-the-art-and-politics-of-holocaust-memorials.pdf
    • http://www.gorillawalker.com/turn-back-time-the-high-street.pdf
    • http://www.gorillawalker.com/behind-the-war-on-terror-western-secret-strategy-and-the.pdf
    • http://www.gorillawalker.com/kick-ass-2.pdf
    • http://www.gorillawalker.com/motor-learning-in-practice-a-constraints-led-approach.pdf
    • http://www.gorillawalker.com/2520-prophecy-s-blind-date-kindle-edition.pdf
    • http://www.gorillawalker.com/gravitational-collapse-and-spacetime-singularities-cambridge-monographs-on-mathematical-physics.pdf
    • http://www.gorillawalker.com/born-to-organize-everything-you-need-to-know-about-a.pdf
    • http://www.gorillawalker.com/the-complete-show-jumper-a-training-manual-for-successful-show.pdf
    • http://www.gorillawalker.com/working-girl-brock-and-poole.pdf
    • http://www.gorillawalker.com/enhancing-rti-how-to-ensure-success-with-effective-classroom-instruction.pdf
    • http://www.gorillawalker.com/shark-in-our-pool.pdf
    • http://www.gorillawalker.com/microwave-and-radar-engineering.pdf
    • http://www.gorillawalker.com/u-s-army-special-forces-power.pdf
    • http://www.gorillawalker.com/altbier-history-brewing-techniques-recipes-classic-beer-style-series-12.pdf
    • http://www.gorillawalker.com/introduction-to-no-knead-turbo-bread-ready-to-bake-in.pdf
    • http://www.gorillawalker.com/eine-kleine-nachtmusik-grade-3-flute-solo-w-a-mozart.pdf
    • http://www.gorillawalker.com/the-missing-mitt-hardy-boys-the-secret-files.pdf
    • http://www.gorillawalker.com/programming-games-with-visual-c-express.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-5-sure-shot-win-now-kindle.pdf
    • http://www.gorillawalker.com/the-2013-import-and-export-market-for-printed-books-pamphlets.pdf
    • http://www.gorillawalker.com/personal-reminiscences-of-general-robert-e-lee.pdf
    • http://www.gorillawalker.com/el-economista-camuflado-the-undercover-economist-spanish-edition.pdf
    • http://www.gorillawalker.com/helping-teenagers-with-anger-low-self-esteem.pdf
    • http://www.gorillawalker.com/the-high-valley.pdf
    • http://www.gorillawalker.com/the-monsoons-india-the-land-and-the-people.pdf
    • http://www.gorillawalker.com/constitutional-law-for-dummies.pdf
    • http://www.gorillawalker.com/that-pesky-dragon.pdf
    • http://www.gorillawalker.com/danse-macabre-close-encounters-with-the-reaper.pdf
    • http://www.gorillawalker.com/bath-groundcover.pdf
    • http://www.gorillawalker.com/simple-old-fashioned-baking-the-best-recipes-from-grandma-s.pdf
    • http://www.gorillawalker.com/reading-the-letters-of-pliny-the-younger-an-introduction.pdf
    • http://www.gorillawalker.com/broom-corn-and-brooms-a-treatise-on-raising-broom-corn.pdf
    • http://www.gorillawalker.com/stones-in-the-road-photographs-of-peru.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.