Malicious PDF — malware analysis report

Static analysis result for SHA-256 d6f6b6b801055f63…

MALICIOUS

PDF

42.4 KB Created: 2018-12-15 20:04:59 +03:00 Authoring application: TeX (via pdfTeX-0.13d)
MD5: f0fe2fdcb789ef0ae6d3d53faaaa4a77 SHA-1: db0affb7730d2980009703394c584cd87163880c SHA-256: d6f6b6b801055f632bea156890f3dbf94c14cb56a5baf387c3c940e6ec002550
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files. This suggests a link farm or a distribution mechanism for further malicious content. The primary attack pattern observed is the embedding of numerous URLs, likely to manipulate search engine results or to serve as a lure for users to download additional malicious files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-black-rose-journals.pdf
    • http://www.gorillawalker.com/hitler-moves-east-a-graphic-chronicle-1941-43.pdf
    • http://www.gorillawalker.com/moondog-moondog-trilogy.pdf
    • http://www.gorillawalker.com/writing-as-a-tool-for-self-discovery.pdf
    • http://www.gorillawalker.com/koine-dictionary-english-greek-greek-english.pdf
    • http://www.gorillawalker.com/evoluci-n-hist-rica-del-espacio-comarcal-spanish-edition.pdf
    • http://www.gorillawalker.com/dangerous-game-animals-of-africa-one-man-s-quest.pdf
    • http://www.gorillawalker.com/predictors-of-burden-for-caregivers-of-patients-with-parkinson-s.pdf
    • http://www.gorillawalker.com/tolstoy-death-of-ivan-ilyich-russian-texts.pdf
    • http://www.gorillawalker.com/the-theory-of-natural-systems-genetic-immunity-and-the-cure.pdf
    • http://www.gorillawalker.com/sheba-chhachhi.pdf
    • http://www.gorillawalker.com/a-guide-book-of-rifle-values-volume-2.pdf
    • http://www.gorillawalker.com/a-bedside-guide-to-mechanical-ventilation.pdf
    • http://www.gorillawalker.com/neural-networks-and-fuzzy-systems-a-dynamical-systems-approach-to.pdf
    • http://www.gorillawalker.com/artdolls-basic-sculpting-and-beyond-kindle-edition.pdf
    • http://www.gorillawalker.com/exploiting-the-limits-of-law.pdf
    • http://www.gorillawalker.com/the-lady-s-present-or-beauties-of-female-character.pdf
    • http://www.gorillawalker.com/a-manual-of-tropical-medicine.pdf
    • http://www.gorillawalker.com/self-destruction-made-easy.pdf
    • http://www.gorillawalker.com/encyclopedia-metallica-the-bible-of-heavy-metal.pdf
    • http://www.gorillawalker.com/the-atlantic-continental-margin-u-s-geology-of-north-america.pdf
    • http://www.gorillawalker.com/the-content-machine-towards-a-theory-of-publishing-from-the.pdf
    • http://www.gorillawalker.com/cut-by-cut-editing-your-film-or-video.pdf
    • http://www.gorillawalker.com/the-surfcaster-s-guide-to-baits-rigs-lures-over-50.pdf
    • http://www.gorillawalker.com/the-real-porn-wars.pdf
    • http://www.gorillawalker.com/business-knowledge-for-it-in-mining-the-complete-handbook-for.pdf
    • http://www.gorillawalker.com/a-rose-for-her-grave-ann-rule-s-crime-files.pdf
    • http://www.gorillawalker.com/my-dog-my-hero.pdf
    • http://www.gorillawalker.com/differential-diagnosis-in-radiology.pdf
    • http://www.gorillawalker.com/paget-s-law-of-banking.pdf
    • http://www.gorillawalker.com/mary-robinson-selected-poems-broadview-literary-texts.pdf
    • http://www.gorillawalker.com/jesus-centered-youth-ministry-revised-moving-from-jesus-plus-to.pdf
    • http://www.gorillawalker.com/canoa-de-papel-tratado-de-antropologia-teatral-spanish-edition.pdf
    • http://www.gorillawalker.com/modern-operating-systems-4-e-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/new-punk-cinema-traditions-in-world-cinema.pdf
    • http://www.gorillawalker.com/jade-volume-1.pdf
    • http://www.gorillawalker.com/les-sciences-sociales-et-la-faculte-de-droit-de-paris.pdf
    • http://www.gorillawalker.com/practice-the-cfat-canadian-forces-aptitude-test-practice-test-questions.pdf
    • http://www.gorillawalker.com/ricardo-s-slow-cooker-favourites-from-lasagna-to-creme-brulee.pdf
    • http://www.gorillawalker.com/grant-maintained-and-independent-schools-industry-accounting-auditing-guides.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.