Malicious PDF — malware analysis report

Static analysis result for SHA-256 b62204009f3b8d0b…

MALICIOUS

PDF

40.7 KB Created: 2018-11-26 20:05:26 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: 2e4802c12a59ad775a5d5f69d1cf1c39 SHA-1: a1bfe46641e4309c987a37735b1c70be48ef1926 SHA-256: b62204009f3b8d0be824ae873b0195604a420430fe1e65a28b3bda7cf44b286d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to distribute further malware or engage in SEO-based scams.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/balloon-flying-machine-helicopter-further-studies-in-the-history-of.pdf
    • http://www.gorillawalker.com/doc-savage-omnibus-2.pdf
    • http://www.gorillawalker.com/including-people-with-disabilities-in-faith-communities-a-guide-for.pdf
    • http://www.gorillawalker.com/yankee-stadium-the-final-season.pdf
    • http://www.gorillawalker.com/sixty-years-the-beano-and-the-dandy-funshine-and-laughter.pdf
    • http://www.gorillawalker.com/castles-towers-dungeons-moats-and-more.pdf
    • http://www.gorillawalker.com/superconductivity-of-transition-metals-their-alloys-and-compounds-springer-series.pdf
    • http://www.gorillawalker.com/the-music-of-quincy-jones-trombone.pdf
    • http://www.gorillawalker.com/chelsea-station-issue-1.pdf
    • http://www.gorillawalker.com/united-states-magistrates-in-the-federal-courts-subordinate-judges.pdf
    • http://www.gorillawalker.com/chess-openings-the-easy-way.pdf
    • http://www.gorillawalker.com/hoop-dreams-7-double-team.pdf
    • http://www.gorillawalker.com/futas-of-the-night-penelope-paranormal-futanari-erotica.pdf
    • http://www.gorillawalker.com/fighter-aces-of-the-luftwaffe.pdf
    • http://www.gorillawalker.com/wizard-of-the-four-winds-a-shaman-s-story.pdf
    • http://www.gorillawalker.com/death-march-yourdon-press-computing-series.pdf
    • http://www.gorillawalker.com/the-secret-language-of-dolphins-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/fiber-reinforced-self-compacting-concrete-rheology-and-compatibility-of-ingredients.pdf
    • http://www.gorillawalker.com/a-bevy-of-girls.pdf
    • http://www.gorillawalker.com/when-god-doesn-t-heal-now.pdf
    • http://www.gorillawalker.com/gun-show-nation-gun-culture-and-american-democracy.pdf
    • http://www.gorillawalker.com/spawn-63.pdf
    • http://www.gorillawalker.com/the-hors-d-oeuvre-bible.pdf
    • http://www.gorillawalker.com/why-we-ride.pdf
    • http://www.gorillawalker.com/what-not-to-drive.pdf
    • http://www.gorillawalker.com/a-soup-for-every-day-365-of-our-favourite-recipes.pdf
    • http://www.gorillawalker.com/brilliant-battleships-volume-2.pdf
    • http://www.gorillawalker.com/gaturro-10-spanish-edition.pdf
    • http://www.gorillawalker.com/magic-dogs-of-the-volcanoes-los-perros-magicos-de-los.pdf
    • http://www.gorillawalker.com/the-icky-bug-alphabet-board-book.pdf
    • http://www.gorillawalker.com/gabriela-mistral-s-struggle-with-god-and-man-a-biographical.pdf
    • http://www.gorillawalker.com/gan-based-laser-diodes-towards-longer-wavelengths-and-short-pulses.pdf
    • http://www.gorillawalker.com/gloria-chorus-parts-satb-latin-english.pdf
    • http://www.gorillawalker.com/criminology-and-public-policy-putting-theory-to-work.pdf
    • http://www.gorillawalker.com/the-hope-of-a-homecoming-entrusting-your-prodigal-to-a.pdf
    • http://www.gorillawalker.com/simon-s-nursing-assessment-for-the-care-of-older-people.pdf
    • http://www.gorillawalker.com/differential-evolution-in-electromagnetics-adaptation-learning-and-optimization.pdf
    • http://www.gorillawalker.com/svg-essentials-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-design-and-management-of-lean-production.pdf
    • http://www.gorillawalker.com/feedback-control-linear-nonlinear-and-robust-techniques-and-design-with.pdf
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.