Malicious PDF — malware analysis report

Static analysis result for SHA-256 fab8ef2869b74207…

MALICIOUS

PDF

41.1 KB Created: 2018-12-05 08:13:41 +03:00 Authoring application: LaTeX with hyperref package (via PDFlib PLOP 2.0.0p6 (SunOS)/Acrobat Distiller 5.0.5 (Windows))
MD5: dac82cde2d176b84465843bdbfb8c119 SHA-1: 960f683866ee7de9c81b381d4803d604b9f54146 SHA-256: fab8ef2869b74207753611876ecc6ce69a6a411acbc6efa4e81b0e0a1d11dfe4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear user-facing text, but the sheer volume of links suggests a malicious intent, likely related to SEO manipulation or directing users to potentially harmful content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rancher-s-pregnant-bargain-farm-fresh-submission-western-erotic-romance.pdf
    • http://www.gorillawalker.com/josef-jaeger.pdf
    • http://www.gorillawalker.com/el-indio-que-mat-al-padre-pro-spanish-edition.pdf
    • http://www.gorillawalker.com/renaissance-of-italian-cooking.pdf
    • http://www.gorillawalker.com/self-analysis.pdf
    • http://www.gorillawalker.com/soul-eater-vol-22-paperback.pdf
    • http://www.gorillawalker.com/the-long-good-night-my-father-s-journey-into-alzheimer.pdf
    • http://www.gorillawalker.com/evaporites-and-hydrocarbons.pdf
    • http://www.gorillawalker.com/1812-the-war-and-its-moral-scholar-s-choice-edition.pdf
    • http://www.gorillawalker.com/financial-freedom-a-step-by-step-practical-guide-for-walking.pdf
    • http://www.gorillawalker.com/nurse-s-personal-preceptor.pdf
    • http://www.gorillawalker.com/michael-mann-crime-auteur.pdf
    • http://www.gorillawalker.com/sadhana-a-way-to-god-christian-exercises-in-eastern-form.pdf
    • http://www.gorillawalker.com/while-the-music-lasts-my-life-in-politics.pdf
    • http://www.gorillawalker.com/the-apocryphal-gospels-a-very-short-introduction-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/computer-forensics-computer-crime-scene-investigation-networking-series-charles-river.pdf
    • http://www.gorillawalker.com/analyzing-bach-cantatas.pdf
    • http://www.gorillawalker.com/municipal-yellow-book-summer-2015-who-s-who-in-the.pdf
    • http://www.gorillawalker.com/what-we-ate-with-mickey-everything-our-family-of-five.pdf
    • http://www.gorillawalker.com/spiritual-economies-islam-globalization-and-the-afterlife-of-development-expertise.pdf
    • http://www.gorillawalker.com/the-enlightenment-workbook-of-buddhist-mysticism.pdf
    • http://www.gorillawalker.com/two-girls-of-gettysburg-kindle-edition.pdf
    • http://www.gorillawalker.com/outside-the-not-so-big-house-creating-the-landscape-of.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-g-nter-grass-cambridge-companions-to.pdf
    • http://www.gorillawalker.com/acting-shakespeare-applause-books.pdf
    • http://www.gorillawalker.com/the-realm-of-glory-how-to-tap-into-higher-realms.pdf
    • http://www.gorillawalker.com/holy-gifts-the-true-meaning-of-gold-frankincense-and-myrrh.pdf
    • http://www.gorillawalker.com/moths-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/synthetic-methods-of-organometallic-and-inorganic-chemistry-catalysis-synthetic-methods.pdf
    • http://www.gorillawalker.com/lanvin.pdf
    • http://www.gorillawalker.com/the-starter-wife.pdf
    • http://www.gorillawalker.com/soaped-kindle-edition.pdf
    • http://www.gorillawalker.com/portrayal-of-old-age-in-twentieth-century-canadian-novels-canadian.pdf
    • http://www.gorillawalker.com/norma-libretto-italian-english-g-schirmer-s-collection-of-opera.pdf
    • http://www.gorillawalker.com/album-etude-op-2-no-3-march-op-12-no.pdf
    • http://www.gorillawalker.com/women-power-and-politics.pdf
    • http://www.gorillawalker.com/demystifying-frad-functional-requirements-for-authority-data-third-millennium-cataloging.pdf
    • http://www.gorillawalker.com/schubert-four-impromptus-for-the-piano-opus-90.pdf
    • http://www.gorillawalker.com/the-effect-adhd-has-on-marriage.pdf
    • http://www.gorillawalker.com/the-big-red-fez-original-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.