Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4d8f43fe0cbe098…

MALICIOUS

PDF

42.7 KB Created: 2018-11-15 19:36:03 +03:00 Authoring application: LaTeX with hyperref package (via dvips + ps2pdf)
MD5: 7416ed5a0a5742a4ec20160b2d0c61c2 SHA-1: 74cf1b411c5dd716835c92327be0c5b604a7ad18 SHA-256: b4d8f43fe0cbe09852350b2d52ed15372598517f2cb552e949a5782f91423b48
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by an ML classifier and contains a significant number of external links, indicating it functions as a link farm. The primary heuristic firing, PDF_SEO_LINK_FARM, confirms this behavior. The embedded URLs point to various PDF documents on the same domain, suggesting a coordinated effort to distribute content or manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/snappy-builder-noah-s-ark.pdf
    • http://www.gorillawalker.com/album-du-canadien-choix-de-morceaux-litt-raires-historiques-scientifiques.pdf
    • http://www.gorillawalker.com/best-of-indian-sweets-and-desserts.pdf
    • http://www.gorillawalker.com/forex-trading-secrets-smooth-sneaky-loopholes-and-weird-but-profitable.pdf
    • http://www.gorillawalker.com/hurting-distance-culver-valley-crime-book-2.pdf
    • http://www.gorillawalker.com/read.pdf
    • http://www.gorillawalker.com/samuel-beckett-s-library.pdf
    • http://www.gorillawalker.com/introduction-to-low-voltage-systems-2nd-edition.pdf
    • http://www.gorillawalker.com/plotinus-psychology-his-doctrines-of-the-embodied-soul.pdf
    • http://www.gorillawalker.com/faded-memories-anew.pdf
    • http://www.gorillawalker.com/auditing-assurance-services-a-systematic-approach-w-enron-powerweb.pdf
    • http://www.gorillawalker.com/john-steinbeck-the-voice-of-the-land.pdf
    • http://www.gorillawalker.com/gary-patterson-s-dogs-2014-wall-calendar.pdf
    • http://www.gorillawalker.com/dragon-fly-a-gnome-s-great-adventure.pdf
    • http://www.gorillawalker.com/toys-games-and-action-figure-collectibles-of-the-1970s-volume.pdf
    • http://www.gorillawalker.com/advanced-microsoft-word.pdf
    • http://www.gorillawalker.com/familias-nuestra-comunidad-globa-spanish-edition.pdf
    • http://www.gorillawalker.com/knowing-jesus-is-everything.pdf
    • http://www.gorillawalker.com/the-citizens-at-risk-from-urban-sanitation-to-sustainable-cities.pdf
    • http://www.gorillawalker.com/night.pdf
    • http://www.gorillawalker.com/at-our-table-a-slavic-and-russian-orthodox-pascal-and.pdf
    • http://www.gorillawalker.com/1-2-thessalonians-redesign-the-hope-of-salvation-preaching-the.pdf
    • http://www.gorillawalker.com/sunrise.pdf
    • http://www.gorillawalker.com/from-a-street-kid-stephen-lungu-s-incredible-life-journey.pdf
    • http://www.gorillawalker.com/recycled-resins-can-be-a-bargain-if-you-can-find.pdf
    • http://www.gorillawalker.com/the-main-corpse-goldy-culinary-mysteries-book-6.pdf
    • http://www.gorillawalker.com/anarchy-and-culture-the-aesthetic-politics-of-modernism-critical-perspectives.pdf
    • http://www.gorillawalker.com/grant-hill-a-biography.pdf
    • http://www.gorillawalker.com/why-koala-has-a-stumpy-tail-story-cove.pdf
    • http://www.gorillawalker.com/beer-a-history-of-brewing-in-chicago.pdf
    • http://www.gorillawalker.com/the-love-of-christ-puritan-paperbacks.pdf
    • http://www.gorillawalker.com/the-macmillan-illustrated-encyclopedia-of-myths-and-legends.pdf
    • http://www.gorillawalker.com/elysium.pdf
    • http://www.gorillawalker.com/stallcup-s-one-and-two-family-dwellings-2005.pdf
    • http://www.gorillawalker.com/nuclear-endocrinology.pdf
    • http://www.gorillawalker.com/united-states-participation-in-the-united-nations-report-by-the.pdf
    • http://www.gorillawalker.com/in-law-relationships-the-chapman-guide-to-becoming-friends-with.pdf
    • http://www.gorillawalker.com/wall-street-journal-guide-to-planning-your-financial-future-the.pdf
    • http://www.gorillawalker.com/transforming-brazil-a-reform-era-in-perspective.pdf
    • http://www.gorillawalker.com/alison-peter-smithson-a-critical-anthology.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.