Malicious PDF — malware analysis report

Static analysis result for SHA-256 ffa947ee07d08ab1…

MALICIOUS

PDF

45.4 KB Created: 2019-01-06 08:24:34 +03:00 Authoring application: TeXmacs-1.0.7.3 (via GPL Ghostscript 8.70)
MD5: 6926588989792243f8ad543e2467dbd5 SHA-1: 376a6026bc9f99f29197f2696d46c462b8fe956a SHA-256: ffa947ee07d08ab1f344f120738d8ca92eebb02ffdc3db0da3524540c47ba969
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a website hosting numerous documents, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/archaeology-matters-action-archaeology-in-the-modern-world-key-questions.pdf
    • http://www.gorillawalker.com/going-places.pdf
    • http://www.gorillawalker.com/dying-from-improvement-inquests-and-inquiries-into-indigenous-deaths-in.pdf
    • http://www.gorillawalker.com/offshore-outsourcing-opportunities.pdf
    • http://www.gorillawalker.com/playing-to-win-how-strategy-really-works-by-a-g.pdf
    • http://www.gorillawalker.com/viola-making-plans.pdf
    • http://www.gorillawalker.com/dinassaut-operations-in-indochina-1946-1954.pdf
    • http://www.gorillawalker.com/wedding-photography-my-way-kindle-edition.pdf
    • http://www.gorillawalker.com/green-patriot-posters-images-for-a-new-activism.pdf
    • http://www.gorillawalker.com/landscapes-of-swiss-alps-snowmelt-and-spring-in-swiss-alps.pdf
    • http://www.gorillawalker.com/jim-henson-s-the-dark-crystal-creation-myths-vol-1.pdf
    • http://www.gorillawalker.com/united-states-code-service-lawyers-edition-court-rules-federal-rules.pdf
    • http://www.gorillawalker.com/a-trailside-guide-hiking-backpacking-new-edition-trailside-guides.pdf
    • http://www.gorillawalker.com/scholars-in-the-marketplace-the-dilemmas-of-neo-liberal-reform.pdf
    • http://www.gorillawalker.com/immigrant-odyssey-a-french-canadian-habitant-in-new-england.pdf
    • http://www.gorillawalker.com/deformations-in-affine-hypersurface-theory-berichte-aus-der-mathematik.pdf
    • http://www.gorillawalker.com/newport-seventh-day-baptist-trilogy.pdf
    • http://www.gorillawalker.com/everyone-leads.pdf
    • http://www.gorillawalker.com/the-roots-of-postmodernism.pdf
    • http://www.gorillawalker.com/alone-of-all-her-sex-cult-of-the-virgin-mary.pdf
    • http://www.gorillawalker.com/the-mercies-of-a-covenant-god-kindle-edition.pdf
    • http://www.gorillawalker.com/the-hymnal-of-the-protestant-episcopal-church.pdf
    • http://www.gorillawalker.com/good-food-for-bad-stomachs-500-delicious-and-nutritious-recipes.pdf
    • http://www.gorillawalker.com/allergy-in-the-21st-century-new-answers-to-old-questions.pdf
    • http://www.gorillawalker.com/targeted-therapy-of-lung-cancer-biological-chinese-edition.pdf
    • http://www.gorillawalker.com/awakening-the-energy-body-from-shamanism-to-bioenergetics.pdf
    • http://www.gorillawalker.com/return-of-the-magi-the-magi-saga-book-1.pdf
    • http://www.gorillawalker.com/broadway-boogie-woogie-damon-runyon-and-the-making-of-new.pdf
    • http://www.gorillawalker.com/complementary-and-alternative-medicine-for-psychologists-an-essential-resource.pdf
    • http://www.gorillawalker.com/iron-and-steamship-archaeology-success-and-failure-on-the-ss.pdf
    • http://www.gorillawalker.com/e-myth-mastery-cd-the-seven-essential-disciplines-for-building.pdf
    • http://www.gorillawalker.com/thin-layer-chromatography-a-scientific-report-of-the-istituto-superiore.pdf
    • http://www.gorillawalker.com/imagine-a-god-blessed-america-what-it-would-look-like.pdf
    • http://www.gorillawalker.com/the-robin-makes-a-laughing-sound.pdf
    • http://www.gorillawalker.com/when-they-weren-t-looking-sexy-small-town-romance-wardham.pdf
    • http://www.gorillawalker.com/democracy-and-its-critics.pdf
    • http://www.gorillawalker.com/cengage-advantage-community-psychology-linking-individuals-and-communities-cengage-advantage.pdf
    • http://www.gorillawalker.com/the-lost-gospel-the-quest-for-the-gospel-of-judas.pdf
    • http://www.gorillawalker.com/covert-gestures-crypto-islamic-literature-as-cultural-practice-in-early.pdf
    • http://www.gorillawalker.com/games-clubs-trials-the-boxset-the-ex-games-the-private.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.