Malicious PDF — malware analysis report

Static analysis result for SHA-256 f31d560b970623b4…

MALICIOUS

PDF

33.5 KB Created: 2020-02-20 04:52:05 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: 4f0d9d76d3e51fa37bbcf0337c6ea1a8 SHA-1: 2f77c15cb40fdca22bd8be2a14e6bee36b5cf264 SHA-256: f31d560b970623b421b74bdfba50ca0f2256b66d4e9b140b3324fde76774b9ef
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bryce-canyon-national-park-utah.pdf
    • http://www.gorillawalker.com/banknotes-of-british-malaya-the-frank-goon-collection-including-the.pdf
    • http://www.gorillawalker.com/barack-hussein-obama.pdf
    • http://www.gorillawalker.com/introduction-to-soil-physics.pdf
    • http://www.gorillawalker.com/optoelectronic-integrated-circuits-ix-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/tartas-dulces-y-saladas-sweet-and-salty-tarts-companeros-de.pdf
    • http://www.gorillawalker.com/barron-s-esl-guide-to-american-business-english.pdf
    • http://www.gorillawalker.com/benign-prostatic-hyperplasia-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/100-irish-rugby-greats-kindle-edition.pdf
    • http://www.gorillawalker.com/suetonius-life-of-augustus-clarendon-ancient-history-series.pdf
    • http://www.gorillawalker.com/the-indian-captive-a-narrative-of-the-adventures-and-sufferings.pdf
    • http://www.gorillawalker.com/the-absolute-best-hors-d-oeuvres-recipes-cookbooks-kindle-edition.pdf
    • http://www.gorillawalker.com/life-magazine-july-25-1960.pdf
    • http://www.gorillawalker.com/the-armies-of-the-ant.pdf
    • http://www.gorillawalker.com/educational-psychology-theory-and-practice-seventh-edition.pdf
    • http://www.gorillawalker.com/paine-political-writings-cambridge-texts-in-the-history-of-political.pdf
    • http://www.gorillawalker.com/cpcu-core-review-are-144-reinsurance-principles-and-practices.pdf
    • http://www.gorillawalker.com/fishers-of-men-a-law-enforcement-memoir.pdf
    • http://www.gorillawalker.com/einf-hrung-in-die-akupunktur-tafeln-und-selektor-german-edition.pdf
    • http://www.gorillawalker.com/historia-de-las-doctrinas-econ-micas-0-spanish-edition.pdf
    • http://www.gorillawalker.com/pilates-basics-for-the-mind-body-and-spirit-dvd.pdf
    • http://www.gorillawalker.com/european-artists-iii-signatures-and-monograms-from-1800.pdf
    • http://www.gorillawalker.com/namibia-physical.pdf
    • http://www.gorillawalker.com/transforming-culture-creating-and-sustaining-a-better-manufacturing-organization.pdf
    • http://www.gorillawalker.com/the-iron-thorn-the-iron-codex-book-one.pdf
    • http://www.gorillawalker.com/geological-map-of-qinghai-xizang-tibet-plateau-and-adjacent-areas.pdf
    • http://www.gorillawalker.com/acoustic-folk-guitar-rhythm-echoes.pdf
    • http://www.gorillawalker.com/study-guide-for-understanding-nursing-research-building-an-evidence-based.pdf
    • http://www.gorillawalker.com/james-madison-a-life-reconsidered.pdf
    • http://www.gorillawalker.com/by-wendell-potter-deadly-spin-an-insurance-company-insider-speaks.pdf
    • http://www.gorillawalker.com/breeders-cup-thoroughbred-racing-s-championship-day.pdf
    • http://www.gorillawalker.com/ultrastructure-of-the-oligochaeta.pdf
    • http://www.gorillawalker.com/bundu.pdf
    • http://www.gorillawalker.com/ghid-turistic-romania-cu-harta-romana.pdf
    • http://www.gorillawalker.com/using-pastels.pdf
    • http://www.gorillawalker.com/a-houseboat-on-the-styx-with-the-pursuit-of-the.pdf
    • http://www.gorillawalker.com/postmodern-american-fiction-a-norton-anthology.pdf
    • http://www.gorillawalker.com/subterranean-twin-cities.pdf
    • http://www.gorillawalker.com/agent-of-change-print-culture-studies-after-elizabeth-l-eisenstein.pdf
    • http://www.gorillawalker.com/matt-redman-where-angels-fear-to-tread.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.