Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ab6b57debba01b0…

MALICIOUS

PDF

42.6 KB Created: 2018-11-30 20:34:18 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: 2ef6c09fbaea5da865315baaf9bc7ad2 SHA-1: f66e49820493123c454febf0246292da08b22982 SHA-256: 0ab6b57debba01b088ebb9db491798fbd72f845b00d0063f1ee2bea3abe54a90
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample was identified as malicious by an ML classifier and exhibits a PDF_SEO_LINK_FARM heuristic, indicating it contains a large number of external PDF links. These links, such as http://www.gorillawalker.com/beautiful-joe-a-dog-s-own-story.pdf, are likely intended to manipulate search engine rankings or serve as a distribution point for further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beautiful-joe-a-dog-s-own-story.pdf
    • http://www.gorillawalker.com/what-color-is-your-parachute-a-practical-manual-for-job.pdf
    • http://www.gorillawalker.com/people-of-ancient-egypt.pdf
    • http://www.gorillawalker.com/the-inward-journey-of-isaac-penington-pendle-hill-pamphlets-book.pdf
    • http://www.gorillawalker.com/biotechnology-science-for-the-new-millennium-instructors-guide-biotechnology-science.pdf
    • http://www.gorillawalker.com/let-my-prayer-rise-to-god-a-spirituality-for-praying.pdf
    • http://www.gorillawalker.com/how-i-made-my-first-million-from-poker.pdf
    • http://www.gorillawalker.com/svea-rikes-historia-under-konung-gustaf-adolf-den-stores-regering.pdf
    • http://www.gorillawalker.com/abhisamayalamkara-with-vrtti-and-aloka-volume-4-fifth-to-eighth.pdf
    • http://www.gorillawalker.com/a-big-collection-of-alphabets-leisure-arts-4362.pdf
    • http://www.gorillawalker.com/story-of-l.pdf
    • http://www.gorillawalker.com/50-ways-to-get-hired.pdf
    • http://www.gorillawalker.com/the-heritage-of-world-civilizations-teaching-and-learning-classroom-edition.pdf
    • http://www.gorillawalker.com/colors-bright-baby-touch-and-feel.pdf
    • http://www.gorillawalker.com/master-locksmithing-an-expert-s-guide-to-master-keying-intruder.pdf
    • http://www.gorillawalker.com/one-holiday-ever-after.pdf
    • http://www.gorillawalker.com/raising-sexually-healthy-kids.pdf
    • http://www.gorillawalker.com/uto-aztecan-cognate-sets.pdf
    • http://www.gorillawalker.com/bones-of-the-master-a-buddhist-monk-s-search-for.pdf
    • http://www.gorillawalker.com/understanding-and-controlling-the-irritable-bowel.pdf
    • http://www.gorillawalker.com/poppea-piano-vocal-score-faber-edition.pdf
    • http://www.gorillawalker.com/creating-holy-spaces-worship-visuals-for-the-revised-common-lectionary.pdf
    • http://www.gorillawalker.com/song-of-hope.pdf
    • http://www.gorillawalker.com/the-one-minute-businessman-s-devotional.pdf
    • http://www.gorillawalker.com/ka-zar-by-mark-waid-andy-kubert-volume-1.pdf
    • http://www.gorillawalker.com/the-love-object-selected-stories.pdf
    • http://www.gorillawalker.com/windows-10-the-missing-manual.pdf
    • http://www.gorillawalker.com/postgis-in-action-2nd-edition.pdf
    • http://www.gorillawalker.com/barter-telemarketing-script-presentations.pdf
    • http://www.gorillawalker.com/the-match-complete-strangers-a-miracle-face-transplant-two-lives.pdf
    • http://www.gorillawalker.com/the-midnight-moon.pdf
    • http://www.gorillawalker.com/through-fire-and-water-an-overview-of-mennonite-history.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-the-2003-isda-credit-derivatives-definitions.pdf
    • http://www.gorillawalker.com/persuasion-theory-and-research.pdf
    • http://www.gorillawalker.com/grandmother-remembers-holidays-an-album-of-memories-and-photos-for.pdf
    • http://www.gorillawalker.com/bournonville-ballet-technique-fifty-enchainements.pdf
    • http://www.gorillawalker.com/how-to-get-all-the-money-you-need-to-buy.pdf
    • http://www.gorillawalker.com/static-shock-trial-by-fire.pdf
    • http://www.gorillawalker.com/advances-in-laser-remote-sensing-for-terrestrial-oceanographic-applications-spie.pdf
    • http://www.gorillawalker.com/standard-poor-s-stock-bond-guide-2000-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.