Malicious PDF — malware analysis report

Static analysis result for SHA-256 ea9433330dc379c4…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 21:32:42 +03:00 Authoring application: TeX (via pdfTeX-1.40.9)
MD5: 62a3717e6e57be1d8cd1024acd81f285 SHA-1: 5c7036f19d1959f235f8916e0f87656438e838ff SHA-256: ea9433330dc379c4c62ffa58bb000f26c7273e7bdec077e8fd6095363f6b5438
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/knopf-mapguide-sydney.pdf. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/knopf-mapguide-sydney.pdf
    • http://www.gorillawalker.com/time-honored-norwegian-recipes-adapted-to-the-american-kitchen.pdf
    • http://www.gorillawalker.com/btec-level-3-national-sport-book-2-book-2-btec.pdf
    • http://www.gorillawalker.com/practical-laboratory-skills-training-guides-gas-chromatography-valid-analytical-measurement.pdf
    • http://www.gorillawalker.com/the-billionaire-s-convenient-bride.pdf
    • http://www.gorillawalker.com/dramatizing-the-content-with-curriculum-based-readers-theatre-grades-6.pdf
    • http://www.gorillawalker.com/new-perspectives-on-html-and-xhtml-comprehensive.pdf
    • http://www.gorillawalker.com/new-dictionary-of-the-history-of-ideas-004.pdf
    • http://www.gorillawalker.com/mommy-s-best-kisses-board-book.pdf
    • http://www.gorillawalker.com/t-potencial-infinito-spanish-edition.pdf
    • http://www.gorillawalker.com/slave-masters-slave-trade-book-2.pdf
    • http://www.gorillawalker.com/raise-the-bar-an-action-based-method-for-maximum-customer.pdf
    • http://www.gorillawalker.com/talking-to-strangers-anxieties-of-citizenship-since-brown-v-board.pdf
    • http://www.gorillawalker.com/portable-literature-reading-reacting-writing-the-kirszner-mandell-literature-series.pdf
    • http://www.gorillawalker.com/bimbo-milk.pdf
    • http://www.gorillawalker.com/a-home-run-for-bunny.pdf
    • http://www.gorillawalker.com/all-that-life-can-afford-a-celebration-of-the-carlton.pdf
    • http://www.gorillawalker.com/masteringengineering-with-pearson-etext-standalone-access-card-for-engineering-mechanics.pdf
    • http://www.gorillawalker.com/encyclopedia-of-genetic-disorders-birth-defects.pdf
    • http://www.gorillawalker.com/the-paradox-of-sleep-the-story-of-dreaming.pdf
    • http://www.gorillawalker.com/force-and-motion-discovery-education-how-it-works.pdf
    • http://www.gorillawalker.com/bud-s-easy-term-paper-kit.pdf
    • http://www.gorillawalker.com/color-chemistry-3rd-edition.pdf
    • http://www.gorillawalker.com/chapter-007-prices-and-exchange-rates-purchasing-power-parity-kindle.pdf
    • http://www.gorillawalker.com/php-crash-course-the-ultimate-beginner-s-course-to-learning.pdf
    • http://www.gorillawalker.com/fractales-la-geometr-a-de-la-vida-con-fotos-spanish.pdf
    • http://www.gorillawalker.com/gender-and-information-technology-moving-beyond-access-to-co-create.pdf
    • http://www.gorillawalker.com/the-overstreet-comic-book-price-guide-1992.pdf
    • http://www.gorillawalker.com/living-life-as-a-thank-you-the-transformative-power-of.pdf
    • http://www.gorillawalker.com/i-esdras-from-origin-to-translation.pdf
    • http://www.gorillawalker.com/awesome-almanac-indiana.pdf
    • http://www.gorillawalker.com/gender-and-history-in-medieval-english-romance-and-chronicle-studies.pdf
    • http://www.gorillawalker.com/aussie-surfing-heroes-kindle-edition.pdf
    • http://www.gorillawalker.com/beginning-autocad-2016.pdf
    • http://www.gorillawalker.com/principal-actuarial-clerk-passbooks-career-examination-passbooks.pdf
    • http://www.gorillawalker.com/advances-in-diagnostic-and-therapeutic-ultrasound-imaging-bioinformatics-biomedical-imaging.pdf
    • http://www.gorillawalker.com/shrewd-as-serpents-and-innocent-as-doves-a-practical-security.pdf
    • http://www.gorillawalker.com/haunted-texas-ghosts-and-strange-phenomena-of-the-lone-star.pdf
    • http://www.gorillawalker.com/chasing-phantoms.pdf
    • http://www.gorillawalker.com/india-joint-venture-construction-plans-for-proposed-430-000-000.pdf
    • http://www.gorillawalker.com/new-perspect
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.