Malicious PDF — malware analysis report

Static analysis result for SHA-256 adc87ac7fd882cf9…

MALICIOUS

PDF

45.0 KB Created: 2018-11-23 08:08:08 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: 7182ba7284446b5fb1f7bb111887453d SHA-1: 60c752a42d2e7d7ebe6f709dda24acd130de2aed SHA-256: adc87ac7fd882cf991b04a8fd616dcac66763e3ec245d5637f0bf90811065d24
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or redirection strategy to distribute malicious content. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fighting-poverty-in-the-us-and-europe-a-world-of.pdf
    • http://www.gorillawalker.com/farewell-address-of-col-o-h-lagrange-to-the-veterans.pdf
    • http://www.gorillawalker.com/auto-heating-and-air-conditioning-a7-g-w-training-series.pdf
    • http://www.gorillawalker.com/design-dignity-the-birth-and-development-of-msaada-architects.pdf
    • http://www.gorillawalker.com/in-the-wellsprings-of-the-ear-poems-new-and-selected.pdf
    • http://www.gorillawalker.com/delightfully-dark-a-collection-of-poems-and-tales.pdf
    • http://www.gorillawalker.com/during-the-reign-of-terror-journal-of-my-life-during.pdf
    • http://www.gorillawalker.com/2013-a-i-flowers-grid-calendar.pdf
    • http://www.gorillawalker.com/mounted-by-a-monster-the-complete-merman-stories.pdf
    • http://www.gorillawalker.com/the-science-of-animal-husbandry.pdf
    • http://www.gorillawalker.com/researching-your-own-practice-the-discipline-of-noticing.pdf
    • http://www.gorillawalker.com/b-16-global-transport-label-standard-for-the-automotive-industry.pdf
    • http://www.gorillawalker.com/yamaha-pop-style-solos-clarinet-bass-clarinet-yamaha-band-method.pdf
    • http://www.gorillawalker.com/building-better-products-with-finite-element-analysis.pdf
    • http://www.gorillawalker.com/understanding-and-developing-footwork-staff-baton-longsword-combat-series-book.pdf
    • http://www.gorillawalker.com/high-crimes-the-fate-of-everest-in-an-age-of.pdf
    • http://www.gorillawalker.com/alphabet-fun-and-games-makemaster-blackline-masters.pdf
    • http://www.gorillawalker.com/essential-abnormal-and-clinical-psychology.pdf
    • http://www.gorillawalker.com/costa-rica-and-civilization-in-the-caribbean-university-of-wisconsin.pdf
    • http://www.gorillawalker.com/thick-men-went-too-deep-stretched-by-thick-rigid-men.pdf
    • http://www.gorillawalker.com/how-to-reduce-stress-with-the-emotional-management-method.pdf
    • http://www.gorillawalker.com/miles-davis-a-biography-kindle-edition.pdf
    • http://www.gorillawalker.com/the-yale-biographical-dictionary-of-american-law-yale-law-library.pdf
    • http://www.gorillawalker.com/die-axt-im-wald-eine-erz-hlung-aus-dem-bregenzerwald.pdf
    • http://www.gorillawalker.com/the-crisis-of-the-deeper-life.pdf
    • http://www.gorillawalker.com/analgesics-markets-and-therapies.pdf
    • http://www.gorillawalker.com/thoughts-and-things.pdf
    • http://www.gorillawalker.com/conversazioni-in-inglese-la-routine-quotidiana-in-inglese-kindle-edition.pdf
    • http://www.gorillawalker.com/letras-de-arena-spanish-edition.pdf
    • http://www.gorillawalker.com/workin-drums-50-solos-for-drumset.pdf
    • http://www.gorillawalker.com/finite-mathematics-mat-141-finite-math.pdf
    • http://www.gorillawalker.com/murder-house-part-five.pdf
    • http://www.gorillawalker.com/thores-cross.pdf
    • http://www.gorillawalker.com/research-methods-and-statistics-in-psychology.pdf
    • http://www.gorillawalker.com/surviving-schizophrenia-a-manual-for-families-consumers-and-providers-4th.pdf
    • http://www.gorillawalker.com/capabilities-for-strategic-advantages-leading-through-technological-innovation.pdf
    • http://www.gorillawalker.com/i-could-sing-of-your-love-forever.pdf
    • http://www.gorillawalker.com/your-stripped-bare-guide-to-historical-proof-quicksheet.pdf
    • http://www.gorillawalker.com/in-the-garden-of-the-heart-2009-wall-calendar-wall.pdf
    • http://www.gorillawalker.com/esta-vez-es-distinto-ocho-siglos-de-necedad-financiera-seccion.pdf
    • http://www.gorillawalker.com/delightfully-dark-a-collecti
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.