Malicious PDF — malware analysis report

Static analysis result for SHA-256 e097fbc99f018800…

MALICIOUS

PDF

40.1 KB Created: 2019-03-17 06:59:39 +03:00 Authoring application: TeX (via MiKTeX pdfTeX-1.10b)
MD5: cd5639c0d3e9f74d7b2417882ca4fe23 SHA-1: d0af6dd4362c00c00b30145497371d0e836cee3d SHA-256: e097fbc99f018800ff40afb498cca090326f15968323436b14ec4662ba555eda
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be SEO manipulation or directing users to a large collection of other documents hosted on the same domain, which could be used for various malicious purposes. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-fish-export-trade-and-food-security-implications-for-the.pdf
    • http://www.gorillawalker.com/posh-piss-boy-gay-watersports-diaper-punishment.pdf
    • http://www.gorillawalker.com/get-set-for-school.pdf
    • http://www.gorillawalker.com/growing-up-church-of-christ-kindle-edition.pdf
    • http://www.gorillawalker.com/auschwitz-spanish-edition.pdf
    • http://www.gorillawalker.com/the-beloved-disciple-following-john-to-the-heart-of-jesus.pdf
    • http://www.gorillawalker.com/whose-puck-is-it-anyway-a-season-with-a-minor.pdf
    • http://www.gorillawalker.com/symphony-no-2-full-score-a1686.pdf
    • http://www.gorillawalker.com/pursuing-god-s-own-heart-lessons-from-the-life-of.pdf
    • http://www.gorillawalker.com/mouth-let-s-read-about-our-bodies.pdf
    • http://www.gorillawalker.com/guidelines-for-the-management-of-sexually-transmitted-infections.pdf
    • http://www.gorillawalker.com/elements-of-language-1st-course-grade-7-annotated-teacher-s.pdf
    • http://www.gorillawalker.com/bluegrass-in-missouri-monthly-bulletin-missouri-state-board-of-agriculture.pdf
    • http://www.gorillawalker.com/rakugo-performing-comedy-and-cultural-heritage-in-contemporary-tokyo.pdf
    • http://www.gorillawalker.com/the-silicon-cycle-human-perturbations-and-impacts-on-aquatic-systems.pdf
    • http://www.gorillawalker.com/5-step-toefl-prep-for-hindi-speakers-volume-7.pdf
    • http://www.gorillawalker.com/the-barbecue-bible-over-500-recipes.pdf
    • http://www.gorillawalker.com/beyond-roswell-the-hidden-truth.pdf
    • http://www.gorillawalker.com/a-dream-of-glory-fanhua-meng-a-chuanqi-play-by.pdf
    • http://www.gorillawalker.com/our-power-as-women-the-wisdom-and-strategies-of-highly.pdf
    • http://www.gorillawalker.com/leisure-in-art-and-literature-warwick-studies-in-the-european.pdf
    • http://www.gorillawalker.com/laboratory-atlas-of-a-p-by-eder.pdf
    • http://www.gorillawalker.com/cbs-nuclear-medicine-and-radiotherapy-entrance-examination.pdf
    • http://www.gorillawalker.com/parenting-for-the-genius.pdf
    • http://www.gorillawalker.com/the-sleeping-beauty-ballet-op-66-valse-act-i-no.pdf
    • http://www.gorillawalker.com/barney-and-baby-bop-go-to-school.pdf
    • http://www.gorillawalker.com/deva-zan.pdf
    • http://www.gorillawalker.com/daddys-little-dancer-an-ultimate-forbidden-sports-taboo-story-forbidden.pdf
    • http://www.gorillawalker.com/chemistry-an-introduction-to-general-organic-and-biological-chemistry-plus.pdf
    • http://www.gorillawalker.com/how-to-improve-your-speed-on-the-ssat-and-make.pdf
    • http://www.gorillawalker.com/bake-it-don-t-fake-it-a-pastry-chef-shares.pdf
    • http://www.gorillawalker.com/el-eslabon-perdido-en-la-teolog.pdf
    • http://www.gorillawalker.com/minions-fearsome-foes-d-d-d20-3-0-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/mercedes-benz-in-pictures.pdf
    • http://www.gorillawalker.com/french-verb-workbook.pdf
    • http://www.gorillawalker.com/alpha-unleashed-alpha-girl-book-5.pdf
    • http://www.gorillawalker.com/revit-architecture-2013-crear-y-editar-familias-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/hypertension-in-children.pdf
    • http://www.gorillawalker.com/andrea-ch-nier-un-di-all-azzurro-oboe-2-part.pdf
    • http://www.gorillawalker.com/metals-and-the-skin-topical-effects-and-systemic-absorption.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.