Malicious PDF — malware analysis report

Static analysis result for SHA-256 688005ca399a5fb6…

MALICIOUS

PDF

41.2 KB Created: 2019-02-14 08:12:22 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: efab7625989d7e0aeeeb5326d387bb83 SHA-1: fc82636778d2b58bc7c27509faf66c2c039a265b SHA-256: 688005ca399a5fb6a82bed511f0e0ac0f0ed96fca0564fe87b5caad7364c21d6
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS heuristic and the sheer volume of external links suggest a malicious intent, possibly for SEO poisoning or to distribute further malware. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/blue-guide-paris-versailles-9th-ed.pdf
    • http://www.gorillawalker.com/arte-po.pdf
    • http://www.gorillawalker.com/the-easy-way-to-chinese-cooking-traditional-recipes-and-cooking.pdf
    • http://www.gorillawalker.com/insight-flexi-map-kuala-lumpur-insight-flexi-maps-of-unknown.pdf
    • http://www.gorillawalker.com/a-less-perfect-union.pdf
    • http://www.gorillawalker.com/engineering-manual-of-automatic-control-for-commercial-buildings-i-p.pdf
    • http://www.gorillawalker.com/the-ness-of-brodgar.pdf
    • http://www.gorillawalker.com/absidioles-harp-solo.pdf
    • http://www.gorillawalker.com/minecraft-50-creative-furniture-ideas-kindle-edition.pdf
    • http://www.gorillawalker.com/daring-to-win-special-forces-at-war.pdf
    • http://www.gorillawalker.com/divali-we-love-festivals.pdf
    • http://www.gorillawalker.com/liberalism-concepts-social-thought.pdf
    • http://www.gorillawalker.com/mug-ems-meals-more.pdf
    • http://www.gorillawalker.com/psychopharmakologie-to-go-ein-praxisorientierter-berblick-ber-psychopharmaka-in-der.pdf
    • http://www.gorillawalker.com/mali-cultures-of-the-world.pdf
    • http://www.gorillawalker.com/crimson-dawn-the-exilon-5-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/in-search-of-human-nature.pdf
    • http://www.gorillawalker.com/how-carrots-won-the-trojan-war-curious-but-true-stories.pdf
    • http://www.gorillawalker.com/101-questions-adventists-ask.pdf
    • http://www.gorillawalker.com/love-on-the-rocks-men-women-and-alcohol-in-post.pdf
    • http://www.gorillawalker.com/utah-2013-deluxe-wall-calendar.pdf
    • http://www.gorillawalker.com/an-anthology-of-captain-and-the-kids-comics.pdf
    • http://www.gorillawalker.com/analytic-geometry-with-introductory-chapter-on-the-calculus.pdf
    • http://www.gorillawalker.com/essential-help-for-your-nerves-recover-from-nervous-fatigue-and.pdf
    • http://www.gorillawalker.com/doodle-texas-doodle-books.pdf
    • http://www.gorillawalker.com/a-road-back-from-schizophrenia-a-memoir.pdf
    • http://www.gorillawalker.com/mourning-sickness-hegel-and-the-french-revolution-cultural-memory-in.pdf
    • http://www.gorillawalker.com/mural-xxl-what-graffiti-and-street-art-did-next.pdf
    • http://www.gorillawalker.com/policing-methamphetamine-narcopolitics-in-rural-america.pdf
    • http://www.gorillawalker.com/the-berlin-aging-study-aging-from-70-to-100.pdf
    • http://www.gorillawalker.com/harry-potter-magical-music-from-the-first-five-years-at.pdf
    • http://www.gorillawalker.com/mart-guix-food-designing.pdf
    • http://www.gorillawalker.com/common-stocks-as-long-term-investments.pdf
    • http://www.gorillawalker.com/educacion-de-los-aztecas-the-aztecs-education-spanish-edition.pdf
    • http://www.gorillawalker.com/concrete-pipes-and-pipelines.pdf
    • http://www.gorillawalker.com/fundamentals-of-nursing-2-volume-set.pdf
    • http://www.gorillawalker.com/poetry-for-young-people-robert-browning.pdf
    • http://www.gorillawalker.com/formation-and-struggles-the-church-ad-33-450-the-birth.pdf
    • http://www.gorillawalker.com/monkey-kung-fu-history-tradition.pdf
    • http://www.gorillawalker.com/practical-design-of-ships-and-mobile-units-developments-in-marine.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.