Malicious PDF — malware analysis report

Static analysis result for SHA-256 ccb612f2e565ee07…

MALICIOUS

PDF

41.4 KB Created: 2018-11-26 20:03:34 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.14)
MD5: c0feb8652becc78242c4ff5c13c4d2f5 SHA-1: 112daef823caf08be2d8ea12e08596f562bccc92 SHA-256: ccb612f2e565ee077c2415de0f79966e45bd6608d1c31ab94865ba96a44ed5d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution point for malicious content. The embedded URLs suggest a tactic to lure users to external sites, possibly for phishing or malware delivery. No scripts were extracted, limiting the analysis of direct malicious actions within the file itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/wind-waves-their-generation-and-propagation-on-the-ocean-surface.pdf
    • http://www.gorillawalker.com/an-introduction-to-financial-markets-and-institutions.pdf
    • http://www.gorillawalker.com/the-heart-of-the-hunter-the-collected-works-of-laurens.pdf
    • http://www.gorillawalker.com/3000-power-words-and-phrases-for-effective-performance-reviews-ready.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-principles-and-practice-of-homeopathy.pdf
    • http://www.gorillawalker.com/a-victorian-flower-dictionary-the-language-of-flowers-companion.pdf
    • http://www.gorillawalker.com/march-of-the-wee-folk-piano-solo.pdf
    • http://www.gorillawalker.com/huge-animals-learning-the-long-u-sound-power-phonics-phonics.pdf
    • http://www.gorillawalker.com/kitchen-spankings-4-connected-stories.pdf
    • http://www.gorillawalker.com/fear-of-dying.pdf
    • http://www.gorillawalker.com/pmp-exam-study-guide.pdf
    • http://www.gorillawalker.com/the-three-habits-of-highly-contagious-christians-a-discussion-guide.pdf
    • http://www.gorillawalker.com/effective-time-management-in-easy-steps.pdf
    • http://www.gorillawalker.com/the-ruby-circle-a-bloodlines-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/last-battle-for-asgard.pdf
    • http://www.gorillawalker.com/carry-on-up-the-funnel-kindle-edition.pdf
    • http://www.gorillawalker.com/inorganic-reactions-and-methods-formation-of-bonds-to-group-i.pdf
    • http://www.gorillawalker.com/cooking-from-the-caucasus-a-harvest-hbj-book.pdf
    • http://www.gorillawalker.com/sport-and-play-in-american-life-textbook-in-the-sociology.pdf
    • http://www.gorillawalker.com/king-of-the-dharma-the-illustrated-life-of-je-tsongkapa.pdf
    • http://www.gorillawalker.com/managing-with-asperger-syndrome-a-practical-guide-for-white-collar.pdf
    • http://www.gorillawalker.com/recent-advances-in-epilepsy-research-advances-in-experimental-medicine-and.pdf
    • http://www.gorillawalker.com/lost-highlander-lost-highlander-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/allegheny-westmoreland-county-court-rules-2011-edition.pdf
    • http://www.gorillawalker.com/god-of-battles.pdf
    • http://www.gorillawalker.com/the-sea-la-mer.pdf
    • http://www.gorillawalker.com/living-large.pdf
    • http://www.gorillawalker.com/let-god-chart-your-course.pdf
    • http://www.gorillawalker.com/the-ocean-100th-anniversary-collection.pdf
    • http://www.gorillawalker.com/disney-movie-magic-flute.pdf
    • http://www.gorillawalker.com/the-dragonblade-trilogy-the-dragonblade-exclusive-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/elegantly-easy-creme-brulee-other-custard-desserts.pdf
    • http://www.gorillawalker.com/endless-love-paperback.pdf
    • http://www.gorillawalker.com/michelin-red-guide-espana-portugal-michelin-red-guide-espana-portugal.pdf
    • http://www.gorillawalker.com/three-crooked-kings-kindle-edition.pdf
    • http://www.gorillawalker.com/you-got-to-be-kidding-a-radical-satire-of-the.pdf
    • http://www.gorillawalker.com/vehicle-extrication-a-training-manual.pdf
    • http://www.gorillawalker.com/concordancia-completa-nvi-spanish-edition.pdf
    • http://www.gorillawalker.com/south-sudan-long-journey-to-freedom.pdf
    • http://www.gorillawalker.com/proton-conducting-ceramics-from-fundamentals-to-applied-research.pdf
    • http://www.gorillawalker.com/a-victorian-flower-dictionary-the-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.