Malicious PDF — malware analysis report

Static analysis result for SHA-256 c197e835058cf942…

MALICIOUS

PDF

45.8 KB Created: 2018-12-07 18:28:16 +03:00 Authoring application: LaTeX with hyperref package (via XeTeX 0.99992)
MD5: 32a060a9b74af1d3d6ebf11a897a6870 SHA-1: a2ddb2d3c48843d6986861db64e5f6f5a6999500 SHA-256: c197e835058cf942ab8953473dde89148eb0c704a17d143695ab9536f8e053be
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/normandy-insight-guide-insight-guides.pdf
    • http://www.gorillawalker.com/product-experience.pdf
    • http://www.gorillawalker.com/the-grand-slam-bobby-jones-america-and-the-story-of.pdf
    • http://www.gorillawalker.com/c-m-wielands-s-mmtliche-werke-german-edition.pdf
    • http://www.gorillawalker.com/insights-how-expert-principals-make-difficult-decisions.pdf
    • http://www.gorillawalker.com/history-of-the-eighth-regiment-vermont-volunteers-1861-1865.pdf
    • http://www.gorillawalker.com/dreamfisher-the-fantasy-world-of-nancy-springer-kindle-edition.pdf
    • http://www.gorillawalker.com/birth-control-global-viewpoints.pdf
    • http://www.gorillawalker.com/the-chisolm-massacre-a-picture-of-home-rule-in-mississippi.pdf
    • http://www.gorillawalker.com/hanoi-street-food.pdf
    • http://www.gorillawalker.com/the-real-estate-examination-prep-book-for-real-estate-salesmen.pdf
    • http://www.gorillawalker.com/statement-on-the-scope-and-stanards-of-hospice-and-palliative.pdf
    • http://www.gorillawalker.com/blackjack-the-smart-way.pdf
    • http://www.gorillawalker.com/supercharged-infield-matt-christopher-sports-classics.pdf
    • http://www.gorillawalker.com/high-order-methods-for-computational-physics-lecture-notes-in-computational.pdf
    • http://www.gorillawalker.com/controller-area-network-prototyping-with-arduino-creating-can-monitoring-diagnostics.pdf
    • http://www.gorillawalker.com/beyond-talent-creating-a-successful-career-in-music-by-beeching.pdf
    • http://www.gorillawalker.com/the-rash-adventurer-a-life-of-john-pendlebury.pdf
    • http://www.gorillawalker.com/an-incident-at-krechetovka-station-matryona-s-house-we-never.pdf
    • http://www.gorillawalker.com/books-initially-art-acrylic-painting-essentials-paperback.pdf
    • http://www.gorillawalker.com/proof-of-life-love-inspired-suspense.pdf
    • http://www.gorillawalker.com/forbidden-fruit-a-classic-victorian-erotic-novel.pdf
    • http://www.gorillawalker.com/lotta-con-il-drago-italian-edition.pdf
    • http://www.gorillawalker.com/j-s-bach-sonatas-and-partitas-for-mandolin-the-complete.pdf
    • http://www.gorillawalker.com/the-home-satellite-tv-installation-and-troubleshooting-manual-1986.pdf
    • http://www.gorillawalker.com/medicare-explained-kindle-edition.pdf
    • http://www.gorillawalker.com/national-geographic-angry-birds-furious-forces.pdf
    • http://www.gorillawalker.com/the-penguin-history-of-latin-america.pdf
    • http://www.gorillawalker.com/iran-s-military-forces-in-transition-conventional-threats-and-weapons.pdf
    • http://www.gorillawalker.com/the-beauty-of-being-a-woman-a-body-of-poems.pdf
    • http://www.gorillawalker.com/the-science-of-psychology-modules-2nd-edition.pdf
    • http://www.gorillawalker.com/standard-easter-program-book-contains-material-for-mother-s-day.pdf
    • http://www.gorillawalker.com/how-much-do-you-know-about-football-pocket-merlins.pdf
    • http://www.gorillawalker.com/nursing-care-of-the-older-adult.pdf
    • http://www.gorillawalker.com/the-black-book-diary-of-a-teenage-stud-vol-ii.pdf
    • http://www.gorillawalker.com/biblical-apocalyptics-a-study-of-the-most-notable-revelations-of.pdf
    • http://www.gorillawalker.com/gerontological-nursing-byeliopoulos.pdf
    • http://www.gorillawalker.com/pulling-the-prop-and-taking-its-measure-young-boatbuilder-continues.pdf
    • http://www.gorillawalker.com/fracture-of-brittle-solids-cambridge-solid-state-science-series.pdf
    • http://www.gorillawalker.com/communication-in-nursing-7e-by-julia-balzer-riley-nov-23.pdf
    • http://www.gorillawalker.com/the-chisolm-massacre-a-pictu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.