Malicious PDF — malware analysis report

Static analysis result for SHA-256 d06d379e321a678b…

MALICIOUS

PDF

45.9 KB Created: 2018-12-15 20:19:38 +03:00 Authoring application: TeX (via pdfTeX-1.40.17)
MD5: 8a7ffbfed86766af945e0021ffd77e80 SHA-1: a4cd70246549959de9c4fc2ec762f5d02c1fcf54 SHA-256: d06d379e321a678b7e7fca61c3eedeb7077b614876a99c6cc516b11faf63f867
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The embedded URLs point to a domain that appears to be used for hosting numerous documents, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/application-of-dimensional-analysis-in-economics.pdf
    • http://www.gorillawalker.com/igisol-three-decades-of-research-using-igisol-technique-at-the.pdf
    • http://www.gorillawalker.com/wood-knocks-tossed-rocks-searching-for-sasquatch-with-the-bigfoot.pdf
    • http://www.gorillawalker.com/the-lancet-london-volume-7-a-journal-of-british-and.pdf
    • http://www.gorillawalker.com/preventing-dance-injuries-2nd-edition.pdf
    • http://www.gorillawalker.com/what-really-happened-at-the-boston-tea-party-a-true.pdf
    • http://www.gorillawalker.com/the-diary-of-a-babydyke-in-transition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-redleaf-calendar-keeper-2010-a-record-keeping-system-for.pdf
    • http://www.gorillawalker.com/wine-7-easy-steps-to-everything-you-need-to-know.pdf
    • http://www.gorillawalker.com/bundle-principles-of-macroeconomics-7th-aplia-printed-access-card-mankiw.pdf
    • http://www.gorillawalker.com/appropriate-building-materials.pdf
    • http://www.gorillawalker.com/unmaking-imperial-russia-mykhailo-hrushevsky-and-the-writing-of-ukrainian.pdf
    • http://www.gorillawalker.com/sew-deadly-southern-sewing-circle-series.pdf
    • http://www.gorillawalker.com/gu-a-para-invertir-a-largo-plazo-la-gu-a.pdf
    • http://www.gorillawalker.com/the-president-as-statesman-woodrow-wilson-and-the-constitution-modern.pdf
    • http://www.gorillawalker.com/learning-game-physics-with-bullet-physics-and-opengl-kindle-edition.pdf
    • http://www.gorillawalker.com/midnight-in-death.pdf
    • http://www.gorillawalker.com/an-optimist-is-buried-with-a-wine-collection-a-journey.pdf
    • http://www.gorillawalker.com/the-importance-of-upwelling-water-to-vertebrate-paleontology-and-oil.pdf
    • http://www.gorillawalker.com/ibn-sa-oud-of-arabia.pdf
    • http://www.gorillawalker.com/professional-nursing-concepts-challenges-7e-professional-nursing-concepts-and-challenges.pdf
    • http://www.gorillawalker.com/serfdom-and-slavery-studies-in-legal-bondage.pdf
    • http://www.gorillawalker.com/i-love-you-daddy-book-plush-book-and-soft-toy.pdf
    • http://www.gorillawalker.com/death-and-the-king-s-grey-hair-and-other-plays.pdf
    • http://www.gorillawalker.com/klassische-meisterwerke-f-r-querfl-te-leichte-st-cke-von.pdf
    • http://www.gorillawalker.com/servamp-vol-4.pdf
    • http://www.gorillawalker.com/my-secret-loss-finding-peace-after-abortion.pdf
    • http://www.gorillawalker.com/rediscovering-psychoanalysis-thinking-and-dreaming-learning-and-forgetting-the-new.pdf
    • http://www.gorillawalker.com/wargod-ogmios-team-novels-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/ring-of-steel-germany-and-austria-hungary-in-world-war.pdf
    • http://www.gorillawalker.com/finger-knitting-klutz.pdf
    • http://www.gorillawalker.com/managing-media-services-theory-and-practice.pdf
    • http://www.gorillawalker.com/benedictine-roots-in-the-development-of-deaf-education-listening-with.pdf
    • http://www.gorillawalker.com/moriori-a-people-rediscovered.pdf
    • http://www.gorillawalker.com/better-loving-through-chemistry-a-dreams-of-control-anthology.pdf
    • http://www.gorillawalker.com/pcr-investigation-of-ocular-infections-caused-by-candida-sp-prediction.pdf
    • http://www.gorillawalker.com/oracle-weblogic-server-12c-advanced-administration-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/kosher-bridge-2-master-bridge-v-2.pdf
    • http://www.gorillawalker.com/jazz-note-for-note-keyboard-transcriptions.pdf
    • http://www.gorillawalker.com/the-new-ontario-gardener.pdf
    • http://www.gorillawalker.com/wood-knocks-tossed-rocks-searching-fo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.