Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf790d1910a87d1b…

MALICIOUS

PDF

43.1 KB Created: 2019-04-07 18:03:39 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: f8929f491077932b9a140cef60714529 SHA-1: b262e3109454d8be7d52f66c9403ff78806c2667 SHA-256: bf790d1910a87d1b4b5e53b06c29a54d59a643abd460cc46a053afb6342b84ef
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, a technique often used for SEO manipulation or to host a large number of lures. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/complete-guide-to-united-states-military-medals-1939-to-present.pdf
    • http://www.gorillawalker.com/abc-tcf-pour-le-quebec-test-de-connaissance-du-francais.pdf
    • http://www.gorillawalker.com/sex-party-cowboy-sex-1-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/teach-me-everyday-japanese-volume-2-celebrating-the-seasons-japanese.pdf
    • http://www.gorillawalker.com/the-little-boy-jesus-bible-stories.pdf
    • http://www.gorillawalker.com/cooking-class-soups-stews.pdf
    • http://www.gorillawalker.com/gardens-of-eden-long-island-s-early-twentieth-century-planned.pdf
    • http://www.gorillawalker.com/thunder-and-flames-americans-in-the-crucible-of-combat-1917.pdf
    • http://www.gorillawalker.com/allegheny-mountain-moon-kindle-edition.pdf
    • http://www.gorillawalker.com/world-atlas-of-large-optical-telescopes.pdf
    • http://www.gorillawalker.com/the-game-of-denial.pdf
    • http://www.gorillawalker.com/philip-s-road-map-of-spain-and-portugal-european-road.pdf
    • http://www.gorillawalker.com/eine-kleine-trauermusik-d-79-full-score-qty-4-a6979.pdf
    • http://www.gorillawalker.com/summer-in-ceylon.pdf
    • http://www.gorillawalker.com/success-in-soccer-basic-training-techniques-and-tactics-for-developing.pdf
    • http://www.gorillawalker.com/urban-environmental-landscape.pdf
    • http://www.gorillawalker.com/meaning-language-and-time-toward-a-consequentialist-philosophy-of-discourse.pdf
    • http://www.gorillawalker.com/whale-song-journeys-into-the-secret-lives-of-the-north.pdf
    • http://www.gorillawalker.com/disinherited-how-washington-is-betraying-america-s-young.pdf
    • http://www.gorillawalker.com/help-your-kids-with-computer-coding.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-the-sufi-culture-of-sindh-in-pakistan.pdf
    • http://www.gorillawalker.com/arduino-electronics-blueprints.pdf
    • http://www.gorillawalker.com/white-fang-illustrated-originals.pdf
    • http://www.gorillawalker.com/1961-color-photography-annual-a-selection-of-the-worlds-greatest.pdf
    • http://www.gorillawalker.com/creativity-in-the-digital-age-springer-series-on-cultural-computing.pdf
    • http://www.gorillawalker.com/i-am-blessed.pdf
    • http://www.gorillawalker.com/make-your-mark-franklin-roosevelt-turning-point-books.pdf
    • http://www.gorillawalker.com/medical-informatics-essentials-pb.pdf
    • http://www.gorillawalker.com/pure-theory-of-capital.pdf
    • http://www.gorillawalker.com/lights-camera-angel-fitzroy-maclean-angel-series-volume-10.pdf
    • http://www.gorillawalker.com/hunt-club-management-guide-building-organizing-and-maintaining-your-clubhouse.pdf
    • http://www.gorillawalker.com/television-and-radio-announcing-11th-edition.pdf
    • http://www.gorillawalker.com/better-lesson-plans-better-lessons-practical-strategies-for-planning-from.pdf
    • http://www.gorillawalker.com/rust.pdf
    • http://www.gorillawalker.com/radar-watchkeeping.pdf
    • http://www.gorillawalker.com/when-work-doesn-t-work-anymore-women-work-and-identity.pdf
    • http://www.gorillawalker.com/las-presunciones-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-second-amendment-in-law-and-history-historians-and-constitutional.pdf
    • http://www.gorillawalker.com/evidence-of-the-terror-in-chile.pdf
    • http://www.gorillawalker.com/vietnam-2013-calendar-world-traveler.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.