Malicious PDF — malware analysis report

Static analysis result for SHA-256 1aa56e3765cf10fb…

MALICIOUS

PDF

32.7 KB Created: 2020-01-17 19:19:15 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 3abfa6e892d930d017d4dcdbb05f5307 SHA-1: 2530e3b6b213506f2fdf47ea34baad7db6ec27d5 SHA-256: 1aa56e3765cf10fb107fda4ca2e5954d7ea305412e4524815bba27bb5561d208
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute other malicious content, rather than a direct exploit. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/inductive-reasoning-experimental-developmental-and-computational-approaches.pdf
    • http://www.gorillawalker.com/irving-penn-beyond-beauty.pdf
    • http://www.gorillawalker.com/testing-the-boundaries-to-lutheran-identity-second-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/chemistry-for-the-utterly-confused-text-only-1st-first-edition.pdf
    • http://www.gorillawalker.com/essentials-of-mis-global-edition.pdf
    • http://www.gorillawalker.com/marriage-in-the-early-church-sources-of-early-christian-thought.pdf
    • http://www.gorillawalker.com/bandung-1955-little-histories-monash-papers-on-southeast-asia.pdf
    • http://www.gorillawalker.com/auto-oxidation-potential-of-raw-and-retored-oil-shale.pdf
    • http://www.gorillawalker.com/concert-and-contest-collection-for-tenor-saxophone-solo-part-rubank.pdf
    • http://www.gorillawalker.com/cmos-projects-and-experiments-fun-with-the-4093-integrated-circuit.pdf
    • http://www.gorillawalker.com/negotiating-with-the-dead-a-writer-on-writing.pdf
    • http://www.gorillawalker.com/all-i-want-for-christmas-is-a-vampire-love-at.pdf
    • http://www.gorillawalker.com/high-street-gibson-family-saga-book-2.pdf
    • http://www.gorillawalker.com/mtel-history-06-social-science-xam-mtel.pdf
    • http://www.gorillawalker.com/millwrighting-101-the-best-guide-on-the-web-to-help.pdf
    • http://www.gorillawalker.com/statistical-mechanics-kinetic-theory-and-stochastic-process.pdf
    • http://www.gorillawalker.com/walt-disney-lives-and-times.pdf
    • http://www.gorillawalker.com/duo-for-viola-violoncello.pdf
    • http://www.gorillawalker.com/dreams-of-the-oasis-iv.pdf
    • http://www.gorillawalker.com/street-french-slang-dictionary-thesaurus.pdf
    • http://www.gorillawalker.com/lingua-digitalis-pictograms-of-the-interface-age.pdf
    • http://www.gorillawalker.com/conducting-multinational-research-applying-organizational-psychology-in-the-workplace-apa.pdf
    • http://www.gorillawalker.com/sessions-the-sex-shrink-of-seattle-vol-4-sessions-serial.pdf
    • http://www.gorillawalker.com/a-methodology-of-the-heart-evoking-academic-and-daily-life.pdf
    • http://www.gorillawalker.com/primer-libro-spanish-edition.pdf
    • http://www.gorillawalker.com/order-of-assassins.pdf
    • http://www.gorillawalker.com/san-juan-islands-cruise-guide-a-boaters-handbook-for-camping.pdf
    • http://www.gorillawalker.com/seeing-excellence-learning-from-great-procurement-teams.pdf
    • http://www.gorillawalker.com/bedazzled-5000-years-of-jewelry-the-walters-art-museum.pdf
    • http://www.gorillawalker.com/a-history-of-video-art-the-development-of-form-and.pdf
    • http://www.gorillawalker.com/hot-blood-xi-fatal-attractions.pdf
    • http://www.gorillawalker.com/build-a-home-theater-pc-mythtv-or-kodi-xbmc-keys.pdf
    • http://www.gorillawalker.com/r-cookbook-o-reilly-cookbooks-kindle-edition.pdf
    • http://www.gorillawalker.com/recent-developments-in-gravitational-physics-proceedings-of-the-15th-sigrav.pdf
    • http://www.gorillawalker.com/japanese-aircraft-of-the-pacific-war.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-5-computer-pick-s-system-win.pdf
    • http://www.gorillawalker.com/tracing-our-polish-roots-american-origins.pdf
    • http://www.gorillawalker.com/a-history-of-vocational-and-career-education-in-ohio-1828.pdf
    • http://www.gorillawalker.com/le-zebre-audiobook-pack-book-cd-french-edition.pdf
    • http://www.gorillawalker.com/differential-forms-in-algebraic-topology-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.