Malicious PDF — malware analysis report

Static analysis result for SHA-256 cfa7bea8edf98382…

MALICIOUS

PDF

44.1 KB Created: 2018-12-07 18:29:20 +03:00 Authoring application: LaTeX with hyperref package (via xdvipdfmx (0.7.8))
MD5: 8b75b13359d7009a0ba678bc1f2bb135 SHA-1: 1f036bcd9cb5f0950ef047227f1126683aabe5e3 SHA-256: cfa7bea8edf9838226c5e4334cb0f6afa5bff669ef5679aaffcfeda1ec338573
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links points to a non-standard document purpose, likely to direct users to potentially malicious or spam content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/projects-about-the-ancient-aztecs-hands-on-history.pdf
    • http://www.gorillawalker.com/disciplina-positiva-para-padres-spanish-edition.pdf
    • http://www.gorillawalker.com/naar-een-geloofwaardiger-bestuur-dutch-edition.pdf
    • http://www.gorillawalker.com/paraguay-country-studies-a-brief-comprehensive-study-of-paraguay-kindle.pdf
    • http://www.gorillawalker.com/marxism-and-social-movements-historical-materialism.pdf
    • http://www.gorillawalker.com/twayne-companion-to-contemporary-literature-in-english-from-the-editors.pdf
    • http://www.gorillawalker.com/catholic-common-sense-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bipolar-brain-integrating-neuroimaging-and-genetics.pdf
    • http://www.gorillawalker.com/one-rogue-at-a-time-rakes-and-rogues.pdf
    • http://www.gorillawalker.com/champagne-a-global-history-edible-kindle-edition.pdf
    • http://www.gorillawalker.com/cases-in-adult-congenital-heart-disease-expert-consult-online-and.pdf
    • http://www.gorillawalker.com/vietnam-cambodia-laos-world-map.pdf
    • http://www.gorillawalker.com/make-me-feel-important-m-114.pdf
    • http://www.gorillawalker.com/burgess-bedtime-story-books-vol-2-the-adventures-of-mr.pdf
    • http://www.gorillawalker.com/secret-ties.pdf
    • http://www.gorillawalker.com/dosage-calculations-for-nurses.pdf
    • http://www.gorillawalker.com/the-day-my-runny-nose-ran-away.pdf
    • http://www.gorillawalker.com/fracture-behaviour-of-polymers.pdf
    • http://www.gorillawalker.com/theodore-roosevelt-s-letters-to-his-children.pdf
    • http://www.gorillawalker.com/antonina-or-the-fall-of-rome-classic-reprint.pdf
    • http://www.gorillawalker.com/american-government-conflict-compromise-and-citizenship.pdf
    • http://www.gorillawalker.com/decolonization-and-the-evolution-of-international-human-rights-pennsylvania-studies.pdf
    • http://www.gorillawalker.com/neoplastic-disorders-professional-care-guides.pdf
    • http://www.gorillawalker.com/robbing-the-one-armed-bandits-finding-and-exploiting-advantageous-slot.pdf
    • http://www.gorillawalker.com/playboy-magazine-april-2002-49-no-4.pdf
    • http://www.gorillawalker.com/pathophysiology-the-biologic-basis-for-disease-in-adults-and-children.pdf
    • http://www.gorillawalker.com/plague-z-trapped-vol-4.pdf
    • http://www.gorillawalker.com/the-biology-coloring-book.pdf
    • http://www.gorillawalker.com/asian-dumplings-mastering-gyoza-spring-rolls-samosas-and-more.pdf
    • http://www.gorillawalker.com/the-physical-nature-of-christian-life-kindle-edition.pdf
    • http://www.gorillawalker.com/migrating-to-os-2-warp-server-for-e-business.pdf
    • http://www.gorillawalker.com/2015-entertainment-coupon-savings-book-denver-colorado.pdf
    • http://www.gorillawalker.com/dr-donsbach-tells-you-what-you-always-wanted-to-know.pdf
    • http://www.gorillawalker.com/irreversible-controversies.pdf
    • http://www.gorillawalker.com/the-hyperthyroidism-handbook-an-everyday-guide-to-natural-solutions-of.pdf
    • http://www.gorillawalker.com/a-level-physics-science-maths-and-quality-of-written-communication.pdf
    • http://www.gorillawalker.com/intermediate-emergency-care-and-transportation-of-the-sick-and-injured.pdf
    • http://www.gorillawalker.com/something-wrong-with-my-mike.pdf
    • http://www.gorillawalker.com/the-heart-sutra-with-supplementary-amitabha-sutra.pdf
    • http://www.gorillawalker.com/the-dancing-universe-from-creation-myths-to-the-big-bang.pdf
    • http://www.gorillawalker.com/the-bipolar-brain-integrating-neuroimaging-and-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.