Malicious PDF — malware analysis report

Static analysis result for SHA-256 afd48796d7f00b6a…

MALICIOUS

PDF

43.0 KB Created: 2018-11-26 20:09:30 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: f9e5552843bb0ae73a1f025c7f0cf3f7 SHA-1: 94686ae97c7a3840579f3dd65e1438f3bbb7d5fa SHA-256: afd48796d7f00b6a2c869ba891be0a0a4c6250c5f1cd180e50c2dbe1fb05124d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/handbook-of-antennas-for-emc-artech-house-antenna-library.pdf
    • http://www.gorillawalker.com/diy-herbal-gardening-discover-the-top-7-herbal-medicinal-plants.pdf
    • http://www.gorillawalker.com/mirror-mirror-kindle-edition.pdf
    • http://www.gorillawalker.com/nature-framed-at-home-in-the-landscape.pdf
    • http://www.gorillawalker.com/illinois-off-the-beaten-path-a-guide-to-unique-places.pdf
    • http://www.gorillawalker.com/juba-to-jive-a-dictionary-of-african-american-slang-penguin.pdf
    • http://www.gorillawalker.com/japanese-from-zero-4-proven-techniques-to-learn-japanese-for.pdf
    • http://www.gorillawalker.com/1947-the-end-of-the-raj-thirty-years-of-nonviolent.pdf
    • http://www.gorillawalker.com/south-america-bridgestone-books.pdf
    • http://www.gorillawalker.com/secret-sexual-positions-ancient-techniques-for-modern-lovers.pdf
    • http://www.gorillawalker.com/the-macropodoidea-fieldiana-geology-new-series-no-25-publication.pdf
    • http://www.gorillawalker.com/visions-of-aesthetics-the-environment-development-the-legacy-of-joachim.pdf
    • http://www.gorillawalker.com/phonics-lessons-letters-words-and-how-they-work-grade-k.pdf
    • http://www.gorillawalker.com/morris-jumel-mansion-images-of-america.pdf
    • http://www.gorillawalker.com/balkan-refrain-form-and-tradition-in-european-folk-song-europea.pdf
    • http://www.gorillawalker.com/handbook-of-semidefinite-programming-theory-algorithms-and-applications-international-series.pdf
    • http://www.gorillawalker.com/drawing-beautiful-women-the-frank-cho-method.pdf
    • http://www.gorillawalker.com/captain-ransom-texas-ranger.pdf
    • http://www.gorillawalker.com/guide-to-night-sounds-a-the-nighttime-sounds-of-60.pdf
    • http://www.gorillawalker.com/swing-into-english-book-2-bk-2.pdf
    • http://www.gorillawalker.com/privacy-rights-in-the-digital-era.pdf
    • http://www.gorillawalker.com/time-75-years-1923-1998-an-anniversary-celebration.pdf
    • http://www.gorillawalker.com/lost-in-mongolia-travels-in-hollywood-and-other-foreign-lands.pdf
    • http://www.gorillawalker.com/rajasthan.pdf
    • http://www.gorillawalker.com/getting-energy-prices-right-from-principle-to-practice.pdf
    • http://www.gorillawalker.com/the-illustrated-world-encyclopedia-of-butterflies-and-moths-a-natural.pdf
    • http://www.gorillawalker.com/archibald-cox-conscience-of-a-nation.pdf
    • http://www.gorillawalker.com/july-s-people-my-son-s-story-jump-and-other.pdf
    • http://www.gorillawalker.com/savage-season-the-first-hap-and-leonard-novel-hap-and.pdf
    • http://www.gorillawalker.com/thanksgiving-dinner-20-recipes-for-a-tasty-affair-kindle-edition.pdf
    • http://www.gorillawalker.com/puerto-rico-culture-politics-and-identity.pdf
    • http://www.gorillawalker.com/a-man-of-salt-and-trees-the-life-of-joy.pdf
    • http://www.gorillawalker.com/jani-ruscica-appendix.pdf
    • http://www.gorillawalker.com/bringing-fossils-to-life-an-introduction-to-paleobiology-kindle-edition.pdf
    • http://www.gorillawalker.com/heretic-of-set-anok-heretic-of-stygia-volume-ii.pdf
    • http://www.gorillawalker.com/loss-of-inhibitions.pdf
    • http://www.gorillawalker.com/short-course-in-beer-an-introduction-to-tasting-and-talking.pdf
    • http://www.gorillawalker.com/pediatric-cataract-surgery-techniques-complications-and-management.pdf
    • http://www.gorillawalker.com/wateryoga-water-assisted-poses-for-posture-flexibility-and-well-being.pdf
    • http://www.gorillawalker.com/precalculus-mathematics-for-calculus-wayne-state-university.pdf
    • http://www.gorillawalker.com/japanese-from-zero-4-proven-techniques-to-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.