Malicious PDF — malware analysis report

Static analysis result for SHA-256 ef7d65531165ec54…

MALICIOUS

PDF

40.3 KB Created: 2018-11-26 20:07:28 +03:00 Authoring application: TeX (via pdfTeX-0.14h)
MD5: ce9a1e7b18f864bdf133a0d254cb5c8a SHA-1: c3751fa1602e06ca46d3886b64e4bc5447f05062 SHA-256: ef7d65531165ec543d340155306924ad22489e4caba4d6d391ab16addaba24f7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection scheme. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely to distribute malware or phish users through these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/natural-history-of-weasels-and-stoats-natural-history-of-mammals.pdf
    • http://www.gorillawalker.com/1000-english-zulu-zulu-english-vocabulary-kindle-edition.pdf
    • http://www.gorillawalker.com/hawk-vlad-taltos.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-jeet-kune-do.pdf
    • http://www.gorillawalker.com/houghton-mifflin-social-studies-student-edition-level-5v2-us-hist.pdf
    • http://www.gorillawalker.com/arne-a-sketch-of-norwegian-country-life.pdf
    • http://www.gorillawalker.com/essays-on-human-rights-in-honour-of-professor-sir-nigel.pdf
    • http://www.gorillawalker.com/historia-tradiciones-y-leyendas-de-calles-de-m-xico-vol.pdf
    • http://www.gorillawalker.com/angel-voices.pdf
    • http://www.gorillawalker.com/chimo.pdf
    • http://www.gorillawalker.com/johnny-wood-spanish-edition-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/pianoworks-christmas-24-favourite-carols-and-songs-for-the-festive.pdf
    • http://www.gorillawalker.com/the-commanding-heights-the-battle-between-government-and-the-marketplace.pdf
    • http://www.gorillawalker.com/eat-right-4-your-type-complete-blood-type-encyclopedia.pdf
    • http://www.gorillawalker.com/irish-carol-vocal-score.pdf
    • http://www.gorillawalker.com/paging-god-religion-in-the-halls-of-medicine.pdf
    • http://www.gorillawalker.com/playing-with-magnets-fun-science-projects.pdf
    • http://www.gorillawalker.com/what-every-engineer-should-know-about-developing-plastics-products.pdf
    • http://www.gorillawalker.com/miami-insight-guide-insight-city-guides.pdf
    • http://www.gorillawalker.com/to-the-point-the-united-states-military-academy-1802-1902.pdf
    • http://www.gorillawalker.com/traveller-alien-module-2-vargr-the-third-imperium-traveller-sci.pdf
    • http://www.gorillawalker.com/job-scheduling-strategies-for-parallel-processing-18th-international-workshop-jsspp.pdf
    • http://www.gorillawalker.com/the-shadow-s-heart-the-risen-sun.pdf
    • http://www.gorillawalker.com/illustrator-cs-most-wanted-techniques-and-effects.pdf
    • http://www.gorillawalker.com/the-vagina-monologues-acting-edition.pdf
    • http://www.gorillawalker.com/forensic-science-fundamentals-and-investigations-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-dune-encyclopedia.pdf
    • http://www.gorillawalker.com/women-in-politics-management-and-decision-making-process-encyclopaedia-of.pdf
    • http://www.gorillawalker.com/the-chinese-exclusion-act-what-it-can-teach-us-about.pdf
    • http://www.gorillawalker.com/higurashi-when-they-cry-dice-killing-arc.pdf
    • http://www.gorillawalker.com/tarnow-stare-miasto-wielki-przewodnik-polish-edition.pdf
    • http://www.gorillawalker.com/the-human-body-smithsonian-invention-impact.pdf
    • http://www.gorillawalker.com/thai-everyday.pdf
    • http://www.gorillawalker.com/great-moments-in-hockey-great-moments-in-sports.pdf
    • http://www.gorillawalker.com/impacts-of-sea-level-rise-on-european-coastal-lowlands-institute.pdf
    • http://www.gorillawalker.com/the-eye-basic-sciences-in-practice-3e.pdf
    • http://www.gorillawalker.com/the-poetry-of-louise-gl-ck-a-thematic-introduction.pdf
    • http://www.gorillawalker.com/gospel-centred-preaching.pdf
    • http://www.gorillawalker.com/vow-of-devotion-2nd-novel-addition-one-urge-one-plea.pdf
    • http://www.gorillawalker.com/experience-clay-1st-edition-te.pdf
    • http://www.gorillawalker.com/essays-on-human-rights-in-honour-of-professor-sir-nigel
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.