Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8203b7974313f99…

MALICIOUS

PDF

42.5 KB Created: 2018-11-14 08:22:23 +03:00 Authoring application: TeX (via pdfTeX-0.14f)
MD5: d27b76ed9bbf1e52b8adef159402c3c2 SHA-1: 26a10643bf0e015fba01a30f2f23a635b7686e20 SHA-256: b8203b7974313f9995799ceaa5b1c72a61aa23e5da43cb59b237e3794d524409
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-promise-for-miriam-the-pebble-creek-amish-series.pdf
    • http://www.gorillawalker.com/a-curious-nuisance-flentonsie-kindle-edition.pdf
    • http://www.gorillawalker.com/zagatsurvey-1997-update-hawaii-restaurants-annual.pdf
    • http://www.gorillawalker.com/principles-of-modern-soccer.pdf
    • http://www.gorillawalker.com/first-animal-words-first-words.pdf
    • http://www.gorillawalker.com/shaping-a-christian-worldview-the-foundation-of-christian-higher-education.pdf
    • http://www.gorillawalker.com/total-recovery-breaking-the-cycle-of-chronic-pain-and-depression.pdf
    • http://www.gorillawalker.com/imp-problems.pdf
    • http://www.gorillawalker.com/star-chart.pdf
    • http://www.gorillawalker.com/the-merger-the-conglomeration-of-international-organized-crime.pdf
    • http://www.gorillawalker.com/your-personal-guide-to-motorcycle-wrecks-in-kentucky-and-indiana.pdf
    • http://www.gorillawalker.com/the-water-of-life-a-treatise-on-urine-therapy-isbn.pdf
    • http://www.gorillawalker.com/the-505-weirdest-online-stores.pdf
    • http://www.gorillawalker.com/touchdown-step-into-reading-step-4-paper.pdf
    • http://www.gorillawalker.com/why-geology-matters-decoding-the-past-anticipating-the-future.pdf
    • http://www.gorillawalker.com/power-piping-the-complete-guide-to-the-asme-b31-1.pdf
    • http://www.gorillawalker.com/what-i-wish-my-mother-had-told-me-about-men.pdf
    • http://www.gorillawalker.com/board-directors-and-corporate-social-responsibility.pdf
    • http://www.gorillawalker.com/boyd-5e-text-prepu-plus-pillitteri-6e-prepu-package.pdf
    • http://www.gorillawalker.com/american-presidential-china-the-robert-l-mcneil-jr-collection-at.pdf
    • http://www.gorillawalker.com/he-came-from-galilee.pdf
    • http://www.gorillawalker.com/plx-switched-pci-architecture-enables-speed-expandability-in-new-magma.pdf
    • http://www.gorillawalker.com/the-pony-rider-boys-in-montana.pdf
    • http://www.gorillawalker.com/negotiating-in-a-week.pdf
    • http://www.gorillawalker.com/goodbye-natalie-goodbye-splendour.pdf
    • http://www.gorillawalker.com/jean-auguste-dominique-ingres-160-neoclassical-paintings-neoclassicism-kindle-edition.pdf
    • http://www.gorillawalker.com/kubla-khan-the-emperor-of-everything.pdf
    • http://www.gorillawalker.com/the-acts-of-1-a-collection-of-short-stories.pdf
    • http://www.gorillawalker.com/blackstone-s-guide-to-the-coroners-and-justice-act-2009.pdf
    • http://www.gorillawalker.com/women-s-experience-of-modernity-1875-1945.pdf
    • http://www.gorillawalker.com/electricity-and-magnetism-principles-of-physics-series.pdf
    • http://www.gorillawalker.com/laws-of-barbados-volume-3-issue-38.pdf
    • http://www.gorillawalker.com/incubo-il-giallo-mondadori-italian-edition.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-tan-s-applied-calculus-for-the.pdf
    • http://www.gorillawalker.com/beaumont-the-right-side-of-texas.pdf
    • http://www.gorillawalker.com/doctor-who-zeitreisen-1-die-todesgrube-german-edition.pdf
    • http://www.gorillawalker.com/the-material-gene-gender-race-and-heredity-after-the-human.pdf
    • http://www.gorillawalker.com/archaeological-mexico-a-guide-to-ancient-cities-and-sacred-sites.pdf
    • http://www.gorillawalker.com/getting-pregnant-staying-pregnant-overcoming-infertility-and-managing-your-high.pdf
    • http://www.gorillawalker.com/doom-battlebook-secrets-of-the-games.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.