Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb90f3d9c34bc940…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 08:33:44 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: d2b6c66ae107b255569ebf3713503ba6 SHA-1: 0ed9cd95c0121ee7f54348d8b2c43d1033489a75 SHA-256: cb90f3d9c34bc9400f7c670404d84d0f70694404dbf10d22e6d2f87dec81d240
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content via numerous links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nbdhe-secrets-study-guide-nbdhe-test-review-for-the-national.pdf
    • http://www.gorillawalker.com/advanced-excel-reporting-for-management-accountants-wiley-corporate-f-a.pdf
    • http://www.gorillawalker.com/xxl-leseprobe-macarons-f-r-anf-nger-german-edition.pdf
    • http://www.gorillawalker.com/plan-b-4-0-mobilizing-to-save-civilization-substantially-revised.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-8-lottery-probabilites-trends-kindle-edition.pdf
    • http://www.gorillawalker.com/the-clash-kill-your-idols.pdf
    • http://www.gorillawalker.com/the-wild-rose-of-kilgannon.pdf
    • http://www.gorillawalker.com/streets-of-billings-montana-rand-mcnally-streets-of.pdf
    • http://www.gorillawalker.com/miu-and-the-pharaoh.pdf
    • http://www.gorillawalker.com/pictorial-history-of-tanks-of-the-world-1915-45.pdf
    • http://www.gorillawalker.com/drone-command-troy-pearce-book-3.pdf
    • http://www.gorillawalker.com/your-story-a-guided-interview-through-your-personal-family-history.pdf
    • http://www.gorillawalker.com/lincoln-cents-folder-2-1941-1974.pdf
    • http://www.gorillawalker.com/caring-for-older-adults-holistically-4th-07-by-anderson-dr.pdf
    • http://www.gorillawalker.com/el-secreto-de-dios-trilog-a-de-la-luz-3.pdf
    • http://www.gorillawalker.com/probabilistic-boolean-networks-the-modeling-and-control-of-gene-regulatory.pdf
    • http://www.gorillawalker.com/ski-camping.pdf
    • http://www.gorillawalker.com/beaded-chain-mail-jewelry-timeless-techniques-with-a-twist-lark.pdf
    • http://www.gorillawalker.com/red-harvest.pdf
    • http://www.gorillawalker.com/a-commentary-on-the-manuscripts-and-text-of-the-new.pdf
    • http://www.gorillawalker.com/bach-s-most-beautiful-melodies.pdf
    • http://www.gorillawalker.com/sage-creek-lonesome-way.pdf
    • http://www.gorillawalker.com/yamaha-xt-tt-sr-75-83-owners-workshop-manual.pdf
    • http://www.gorillawalker.com/new-venture-creation-entrepreneurship-for-the-21st-century-8th-edition.pdf
    • http://www.gorillawalker.com/bates-guide-to-physical-examination-and-history-taking-with-case.pdf
    • http://www.gorillawalker.com/the-elementary-school-principal-s-calendar-a-month-by-month.pdf
    • http://www.gorillawalker.com/egyptian-exotica-a-memoir-of-dancing-naked.pdf
    • http://www.gorillawalker.com/washington-huskies-2014-vintage-football-calendar.pdf
    • http://www.gorillawalker.com/key-strategy-tools-the-80-tools-for-every-manager-to.pdf
    • http://www.gorillawalker.com/reckless-orca-currents.pdf
    • http://www.gorillawalker.com/austerlitz-modern-library-paperbacks.pdf
    • http://www.gorillawalker.com/wortbildung-w-rterbuch-und-grammatik-in-geschichte-und-gegenwart-der.pdf
    • http://www.gorillawalker.com/dad-are-you-pumped-a-father-son-baseball-odyssey.pdf
    • http://www.gorillawalker.com/je-suis-petite-moi-bin-ich-klein-un-livre-d.pdf
    • http://www.gorillawalker.com/duplicate-bridge-direction-a-complete-handbook.pdf
    • http://www.gorillawalker.com/a-mourner-of-swine.pdf
    • http://www.gorillawalker.com/the-27-ingredient-chili-con-carne-murders-based-on-characters.pdf
    • http://www.gorillawalker.com/holy-letter-a-study-in-jewish-sexual-morality-iggeret-hakodesh.pdf
    • http://www.gorillawalker.com/memoirs-of-the-american-revolution.pdf
    • http://www.gorillawalker.com/oracle-core-essential-internals-for-dbas-and-developers-expert-s.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.