Malicious PDF — malware analysis report

Static analysis result for SHA-256 661668087aa0eb7b…

MALICIOUS

PDF

34.5 KB Created: 2019-11-10 05:17:55 +03:00 Authoring application: Adobe InDesign CS5 (7.0.4) (via Adobe PDF Library 9.9)
MD5: 56f794975ad385f805abf9dcd12768ea SHA-1: 272d2673d94fd237af64cd6b1262ebbdcda299ac SHA-256: 661668087aa0eb7b6e65fc53f71e17717d7e94e781d1832d0aa9180b860cacae
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be SEO manipulation or potentially distributing further malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8531

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lonely-planet-reisef-hrer-china-lonely-planet-reisef-hrer-deutsch.pdf
    • http://www.gorillawalker.com/stories-of-a-street-performer-the-memoirs-of-a-master.pdf
    • http://www.gorillawalker.com/by-michelin-travel-publications-michelin-green-guide-perou-peru-in.pdf
    • http://www.gorillawalker.com/dark-heat-the-dark-kings-stories.pdf
    • http://www.gorillawalker.com/poet-in-our-time-signature.pdf
    • http://www.gorillawalker.com/chinese-made-nice-easy-languages-made-nice-easy.pdf
    • http://www.gorillawalker.com/introduction-to-cataloguing-practice.pdf
    • http://www.gorillawalker.com/atlanta-1864-sherman-marches-south-campaign.pdf
    • http://www.gorillawalker.com/the-practical-nomad-guide-to-the-online-travel-marketplace.pdf
    • http://www.gorillawalker.com/essential-mandarin-chinese-phrase-book-essential-phrasebook-series.pdf
    • http://www.gorillawalker.com/native-trees-of-western-washington-a-photographic-guide.pdf
    • http://www.gorillawalker.com/repentance.pdf
    • http://www.gorillawalker.com/der-demographische-wandel-und-seine-auswirkungen-auf-das-bildungssystem-in.pdf
    • http://www.gorillawalker.com/meet-the-ancient-egyptians-niles-and-niles-of-fun-the.pdf
    • http://www.gorillawalker.com/great-body-percussion-songs-themed-songs-for-singing-schools-the.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-troubleshooting-operator-level-5-ton-6x6.pdf
    • http://www.gorillawalker.com/case-studies-in-natural-medicine.pdf
    • http://www.gorillawalker.com/dive-guide-south-africa-over-180-top-dive-and-snorkel.pdf
    • http://www.gorillawalker.com/reason-interpretation-and-islam-essays-in-the-philosophy-religion.pdf
    • http://www.gorillawalker.com/wind-raker.pdf
    • http://www.gorillawalker.com/exotic-options-and-hybrids-a-guide-to-structuring-pricing-and.pdf
    • http://www.gorillawalker.com/tested-advertising-methods-prentice-hall-business-classics.pdf
    • http://www.gorillawalker.com/i-m-chocolate-you-re-vanilla-raising-healthy-black-and.pdf
    • http://www.gorillawalker.com/metal-detecting-learning-how-the-easy-way.pdf
    • http://www.gorillawalker.com/ceramic-manufacturing-practices-and-technologies-ceramic-transactions-vol-70.pdf
    • http://www.gorillawalker.com/logische-untersuchungen-zweiter-band-untersuchungen-zur-ph-nomenologie-und-theorie.pdf
    • http://www.gorillawalker.com/the-greatest-pop-hits-of-1999-so-far-trombone.pdf
    • http://www.gorillawalker.com/project-management-tools-and-techniques-a-practical-guide.pdf
    • http://www.gorillawalker.com/cognitive-behaviour-therapy-100-key-points-and-techniques.pdf
    • http://www.gorillawalker.com/occupational-exposure-to-hazardous-chemicals-in-laboratories-sudoc-l-1.pdf
    • http://www.gorillawalker.com/gonzo.pdf
    • http://www.gorillawalker.com/dreary-izzy.pdf
    • http://www.gorillawalker.com/louder-than-words-a-mother-s-journey-in-healing-autism.pdf
    • http://www.gorillawalker.com/trend-trading-set-ups-entering-and-exiting-trends-for-maximum.pdf
    • http://www.gorillawalker.com/fortran-with-engineering-applications.pdf
    • http://www.gorillawalker.com/the-science-of-etymology.pdf
    • http://www.gorillawalker.com/the-extraordinary-adventures-of-ad-le-blanc-sec-pterror-over.pdf
    • http://www.gorillawalker.com/markov-random-fields-for-vision-and-image-processing.pdf
    • http://www.gorillawalker.com/billionaire-untamed-bbw-werelion-shifter-menage-the-pride-book-1.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-nuclear-biological-and-chemical-warfare-historical-dictionaries.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.