Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6868ff115adebc0…

MALICIOUS

PDF

45.6 KB Created: 2019-01-06 08:24:31 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: 4837959cd49efe2e9367b7a7b5c9e3b6 SHA-1: f62e803b7b7b46a91aec9124f4a3d54cee8a4ecd SHA-256: b6868ff115adebc094e35207d80b8377b9a77d161a63ce60e0afda3e91c59601
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/buenos-aires-pocket-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/protecting-the-ozone-layer-lessons-models-and-prospects.pdf
    • http://www.gorillawalker.com/takedown-the-pursuit-and-capture-of-kevin-mitnick-by-the.pdf
    • http://www.gorillawalker.com/average-to-amazing-boxing-kindle-edition.pdf
    • http://www.gorillawalker.com/into-the-rain-forest-life-among-the-achuar-at-suwa.pdf
    • http://www.gorillawalker.com/responsible-investment-banking-risk-management-frameworks-sustainable-financial-innovation-and.pdf
    • http://www.gorillawalker.com/brick-by-brick-principles-for-achieving-artistic-mastery-kindle-edition.pdf
    • http://www.gorillawalker.com/a-pelican-at-blandings.pdf
    • http://www.gorillawalker.com/real-kids-real-stories-real-change-courageous-actions-around-the.pdf
    • http://www.gorillawalker.com/the-design-of-everyday-things-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/aspects-of-love-vocal-selections.pdf
    • http://www.gorillawalker.com/the-town-that-started-the-civil-war.pdf
    • http://www.gorillawalker.com/rigby-focus-emergent-leveled-reader-mix-it-up.pdf
    • http://www.gorillawalker.com/it-took-courage-compassion-and-curiosity.pdf
    • http://www.gorillawalker.com/shared-blame-inertial-leadership-indiscipline-and-horse-blinders-the-failure.pdf
    • http://www.gorillawalker.com/the-meaning-of-difference-american-constructions-of-race-and-ethnicity.pdf
    • http://www.gorillawalker.com/rivastigmine-may-delay-dementia-in-parkinson-s-neurology-an-article.pdf
    • http://www.gorillawalker.com/wisdom-for-beekeepers-500-tips-for-successful-beekeeping.pdf
    • http://www.gorillawalker.com/wylie-s-atlas-of-vascular-surgery-thoracoabdominal-aorta-and-its.pdf
    • http://www.gorillawalker.com/b-f-skinner-a-life.pdf
    • http://www.gorillawalker.com/lonely-planet-australian-phrasebook-language-survival-kit-lonely-planet-phrasebook.pdf
    • http://www.gorillawalker.com/livre-de-dessin-comment-dessiner-des-comics-le-jardin-apprendre.pdf
    • http://www.gorillawalker.com/religious-freedom-in-the-liberal-state.pdf
    • http://www.gorillawalker.com/20-deliciosas-recetas-de-mousse-de-chocolate-spanish-edition.pdf
    • http://www.gorillawalker.com/haiti-its-dawn-of-progress-after-years-in-a-night.pdf
    • http://www.gorillawalker.com/guide-for-the-planning-design-and-operation-of-pedestrian-facilities.pdf
    • http://www.gorillawalker.com/blue-flames-notes-from-the-diary-of-an-immoralist.pdf
    • http://www.gorillawalker.com/the-2007-2012-world-outlook-for-drilling-milling-slicing-and.pdf
    • http://www.gorillawalker.com/come-back-salmon-how-a-group-of-dedicated-kids-adopted.pdf
    • http://www.gorillawalker.com/adriana-lecouvreur-act-i-aria-soprano-io-son-l-umile.pdf
    • http://www.gorillawalker.com/genetic-disorders-among-arab-populations-oxford-monographs-on-medical-genetics.pdf
    • http://www.gorillawalker.com/accellerationen-walzer-op-234-full-score-a2075.pdf
    • http://www.gorillawalker.com/stand-tall-a-book-about-integrity-being-the-best-me.pdf
    • http://www.gorillawalker.com/sweet-life-2-erotic-fantasies-for-couples.pdf
    • http://www.gorillawalker.com/scorecards-for-results-a-guide-for-developing-a-library-balanced.pdf
    • http://www.gorillawalker.com/finite-mathematics-student-solutions-manual-an-applied-approach.pdf
    • http://www.gorillawalker.com/american-horticultural-society-great-plant-guide.pdf
    • http://www.gorillawalker.com/provisional-measures-in-the-case-law-of-the-inter-american.pdf
    • http://www.gorillawalker.com/teen-rights-a-legal-guide-for-teens-and-the-adults.pdf
    • http://www.gorillawalker.com/politics-as-usual-thomas-dewey-franklin-roosevelt-and-the-wartime.pdf
    • http://www.gorillawalker.com/resp
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.