Malicious PDF — malware analysis report

Static analysis result for SHA-256 e687dfc5035bee75…

MALICIOUS

PDF

42.9 KB Created: 2019-01-06 08:29:40 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: 98c2ab3fae67411716ddb2269c96cf2a SHA-1: 53e54d621915bbfd5a0feceba2d69d0e2d236eed SHA-256: e687dfc5035bee75d2b3077f1feca86e92eac558afda8444d442025d3776c275
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs suggest a link farm or distribution mechanism, likely for SEO manipulation or to serve further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/more-new-york-stories-the-best-of-the-city-section.pdf
    • http://www.gorillawalker.com/edinburgh-and-midlothian-area-landranger-maps.pdf
    • http://www.gorillawalker.com/democracy-and-the-police-critical-perspectives-on-crime-and-law.pdf
    • http://www.gorillawalker.com/chi-s-sweet-home-volume-5.pdf
    • http://www.gorillawalker.com/shadowfever-fever-book-5-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/cryptococcus-from-human-pathogen-to-model-yeast.pdf
    • http://www.gorillawalker.com/lessons-for-extending-division-grades-4-5-teaching-arithmetic.pdf
    • http://www.gorillawalker.com/london-s-railways-1967-1977-a-snap-shot-in-time.pdf
    • http://www.gorillawalker.com/words-on-music-from-addison-to-barzun.pdf
    • http://www.gorillawalker.com/electromagnetic-analysis-and-design-in-magnetic-resonance-imaging-biomedical-engineering.pdf
    • http://www.gorillawalker.com/jane-austen-and-animals.pdf
    • http://www.gorillawalker.com/becoming-a-wise-parent-for-your-grown-child-giving-love.pdf
    • http://www.gorillawalker.com/vintage-snowmobiles-vol-ii-polaris-1973-1979-yamaha-1975-1980.pdf
    • http://www.gorillawalker.com/focus-on-phonics-1-sounds-and-names-of-letters-teacher.pdf
    • http://www.gorillawalker.com/brain-spanking-volume-ii-bang-you-re-still-alive-volume.pdf
    • http://www.gorillawalker.com/the-democratic-legitimacy-of-european-social-movement-organisations-all-for.pdf
    • http://www.gorillawalker.com/folk-song-sight-singing-book-1-bk-1.pdf
    • http://www.gorillawalker.com/civil-engineering-seismic-design-2nd-edition-of-the-national-institutions.pdf
    • http://www.gorillawalker.com/vying-for-allah-s-vote-understanding-islamic-parties-political-violence.pdf
    • http://www.gorillawalker.com/the-sworn-brothers-a-tale-of-the-early-days-of.pdf
    • http://www.gorillawalker.com/selected-poems-poets-penguin.pdf
    • http://www.gorillawalker.com/fundamentals-of-manufacturing-for-engineers.pdf
    • http://www.gorillawalker.com/horizon-berlin.pdf
    • http://www.gorillawalker.com/killer-dads-true-crime-dads-who-killed-their-kids-paternal.pdf
    • http://www.gorillawalker.com/the-twelve-steps-a-guide-for-adults-with-attention-deficit.pdf
    • http://www.gorillawalker.com/sublime-understanding-aesthetic-reflection-in-kant-and-hegel-studies-in.pdf
    • http://www.gorillawalker.com/aruba-travel-guide-sightseeing-hotel-restaurant-shopping-highlight.pdf
    • http://www.gorillawalker.com/atlas-da-exclus-o-social-no-brasil-a-exclus-o.pdf
    • http://www.gorillawalker.com/the-7-levels-of-change-the-guide-to-innovation-in.pdf
    • http://www.gorillawalker.com/east-is-west-and-west-is-east-gender-culture-and.pdf
    • http://www.gorillawalker.com/the-different-paths-of-buddhism-a-narrative-historical-introduction.pdf
    • http://www.gorillawalker.com/biblical-sense-the-book-of-deuteronomy.pdf
    • http://www.gorillawalker.com/ejb-jsp-java-on-the-edge.pdf
    • http://www.gorillawalker.com/battle-for-the-ashes-2005.pdf
    • http://www.gorillawalker.com/chimpanzees-amazing-animals.pdf
    • http://www.gorillawalker.com/grasslands.pdf
    • http://www.gorillawalker.com/soul-recovery-updated-equine-assisted-activities-for-healing-from-abuse.pdf
    • http://www.gorillawalker.com/coding-guide-for-chiropractic-services-2007-a-comprehensive-coding-billing.pdf
    • http://www.gorillawalker.com/how-and-why-to-build-a-wine-cellar-fourth-edition.pdf
    • http://www.gorillawalker.com/the-new-york-times-encyclopedia-of-film-1972-1974.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.