Malicious PDF — malware analysis report

Static analysis result for SHA-256 5da93003a5829a5e…

MALICIOUS

PDF

43.2 KB Created: 2018-11-30 20:09:24 +03:00 Authoring application: Adobe Illustrator CS5.1 (via GPL Ghostscript 9.10)
MD5: 83dc15a9370ac31bc9742e1ab8cd2a5d SHA-1: a61c2a3af290ef5f04242274ab80ddf087598396 SHA-256: 5da93003a5829a5ed785e667349cf7c73ed420e632e5f9f68ab185d7f0320487
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/draft-guidance-notes-for-the-protection-of-persons-against-ionising.pdf
    • http://www.gorillawalker.com/herd-health-food-animal-production-medicine.pdf
    • http://www.gorillawalker.com/iditarod-the-1000-mile-marathon.pdf
    • http://www.gorillawalker.com/exploring-polar-frontiers-2-volumes-a-historical-encyclopedia.pdf
    • http://www.gorillawalker.com/third-reference-catalogue-of-bright-galaxies-volume-1.pdf
    • http://www.gorillawalker.com/exodus-a-self-study-guide.pdf
    • http://www.gorillawalker.com/i-was-a-teen-guitarist-4-the-clash.pdf
    • http://www.gorillawalker.com/frommer-s-seattle-portland-2000-city-biennial.pdf
    • http://www.gorillawalker.com/the-lyle-s-golden-syrup-cookbook-storecupboard-series.pdf
    • http://www.gorillawalker.com/northern-fishes-with-special-reference-to-the-upper-mississippi-valley.pdf
    • http://www.gorillawalker.com/supply-chain-management-for-refurbishment.pdf
    • http://www.gorillawalker.com/flight-mechanics-of-high-performance-aircraft-cambridge-aerospace-series.pdf
    • http://www.gorillawalker.com/brotherhood-to-nationhood-george-manuel-and-the-making-of-the.pdf
    • http://www.gorillawalker.com/lonely-planet-ukraine-country-travel-guide-paperback-2011-author-marc.pdf
    • http://www.gorillawalker.com/honeybone-book-5-i-love-you-goodbye.pdf
    • http://www.gorillawalker.com/wonderful-you.pdf
    • http://www.gorillawalker.com/qui-tam-the-false-claims-act-and-related-federal-statutes.pdf
    • http://www.gorillawalker.com/the-complete-make-up-artist.pdf
    • http://www.gorillawalker.com/a-guide-to-pre-federal-records-in-the-national-archives.pdf
    • http://www.gorillawalker.com/rules-for-building-and-classing-offshore-mobile-drilling-units.pdf
    • http://www.gorillawalker.com/365-style.pdf
    • http://www.gorillawalker.com/linkin-park-the-unauthorised-biography-in-words-and-pictures-book.pdf
    • http://www.gorillawalker.com/elvis-presley.pdf
    • http://www.gorillawalker.com/the-baby-sleep-solution-a-proven-program-to-teach-your.pdf
    • http://www.gorillawalker.com/principles-of-taxation-for-business-and-investment-planning-2016-edition.pdf
    • http://www.gorillawalker.com/secret-song-medieval-song-quartet-book-4.pdf
    • http://www.gorillawalker.com/african-yearbook-of-international-law-annuaire-africain-de-droit-international.pdf
    • http://www.gorillawalker.com/holt-call-to-freedom-beginnings-to-1877-student-edition-beginnings.pdf
    • http://www.gorillawalker.com/diamonds-in-the-rough-the-secret-diamond-sisters.pdf
    • http://www.gorillawalker.com/diabetic-nephropathy.pdf
    • http://www.gorillawalker.com/a-long-way-from-chicago-puffin-modern-classics.pdf
    • http://www.gorillawalker.com/cucked-by-the-minotaur-humiliating-the-hero-cuckolded-by-monsters.pdf
    • http://www.gorillawalker.com/an-archaeological-guide-to-central-and-southern-mexico.pdf
    • http://www.gorillawalker.com/snakes-and-sinners-hunter-s-blood-series-volume-2.pdf
    • http://www.gorillawalker.com/protest-movements-and-dissent-in-the-social-sciences-a-multidisciplinary.pdf
    • http://www.gorillawalker.com/the-plum-in-golden-vase-vols-1-and-2-jing.pdf
    • http://www.gorillawalker.com/halloween-at-the-memphis-zoo.pdf
    • http://www.gorillawalker.com/human-neuroanatomy.pdf
    • http://www.gorillawalker.com/catch-up-developing-countries-in-the-world-economy.pdf
    • http://www.gorillawalker.com/dimensional-analysis-and-group-theory-in-astrophysics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.