Malicious PDF — malware analysis report

Static analysis result for SHA-256 770382372aaaaaed…

MALICIOUS

PDF

42.5 KB Created: 2019-03-18 08:34:18 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: 71e49ec7e7fc764cc33102d5c2827959 SHA-1: 3337415598761360ee77a78368fc2ed67d9118a5 SHA-256: 770382372aaaaaedc4e836307e78b06b7335be6db90b79f4afddf6669f476281
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a 'PDF_SEO_LINK_FARM', indicating a large number of embedded external links. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to distribute further malware or engage in SEO-based phishing. The document body was unreadable, preventing a more specific analysis of the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-wounded-woman-hope-and-healing-for-those-who-hurt.pdf
    • http://www.gorillawalker.com/naciste-para-ser-lider-you-were-born-to-be-leader.pdf
    • http://www.gorillawalker.com/el-pequeno-vampiro-the-little-vampire-spanish-edition.pdf
    • http://www.gorillawalker.com/drumset-101-a-contemporary-approach-to-playing-the-drums-book.pdf
    • http://www.gorillawalker.com/welder-s-guide.pdf
    • http://www.gorillawalker.com/urbanism-health-and-human-biology-in-industrialised-countries-society-for.pdf
    • http://www.gorillawalker.com/build-our-nation-workbook-for-reading-and-review.pdf
    • http://www.gorillawalker.com/ohio-life-health-insurance-6th-edition.pdf
    • http://www.gorillawalker.com/blackjack-a-professional-reference-the-encyclopedia-of-casino-twenty-one.pdf
    • http://www.gorillawalker.com/chess-openings-theory-and-practice.pdf
    • http://www.gorillawalker.com/championship-laser-racing.pdf
    • http://www.gorillawalker.com/community-and-nurse-managed-health-centers-getting-them-started-and.pdf
    • http://www.gorillawalker.com/billy-connolly-s-route-66.pdf
    • http://www.gorillawalker.com/dr-bob-and-his-library-a-major-a-a-spiritual.pdf
    • http://www.gorillawalker.com/i-wish.pdf
    • http://www.gorillawalker.com/dialogues-of-the-buddha-vol-i-ii-iii-translated-from.pdf
    • http://www.gorillawalker.com/community-health-nursing-caring-for-the-public-s-health-hospital.pdf
    • http://www.gorillawalker.com/developing-child-the-12th-edition.pdf
    • http://www.gorillawalker.com/we-ve-had-a-hundred-years-of-psychotherapy-and-the.pdf
    • http://www.gorillawalker.com/an-historical-grammar-of-japanese.pdf
    • http://www.gorillawalker.com/snakebite-lives-and-legends-of-central-pennsylvania.pdf
    • http://www.gorillawalker.com/louis-vuitton-100-legendary-trunks.pdf
    • http://www.gorillawalker.com/fly-fishing-the-yellowstone-river-an-angler-s-guide-the.pdf
    • http://www.gorillawalker.com/start-exploring-masterpieces-coloring-book.pdf
    • http://www.gorillawalker.com/strategies-for-retrenchment-and-turnaround-the-politics-of-survival-de.pdf
    • http://www.gorillawalker.com/dictionary-of-the-bach-flower-remedies-positive-and-negative-aspects.pdf
    • http://www.gorillawalker.com/my-ultimate-sister-disaster-a-novel.pdf
    • http://www.gorillawalker.com/spacecraft-solar-cell-arrays.pdf
    • http://www.gorillawalker.com/grammatical-variation-in-british-english-dialects-a-study-in-corpus.pdf
    • http://www.gorillawalker.com/girls-will-be-girls-dressing-up-playing-parts-and-daring.pdf
    • http://www.gorillawalker.com/asparagus-casserole-recipes-family-casserole-recipes-book-89-kindle-edition.pdf
    • http://www.gorillawalker.com/the-last-empress-madame-chiang-kai-shek-and-the-birth.pdf
    • http://www.gorillawalker.com/one-tribe-awp-award-series-in-the-novel.pdf
    • http://www.gorillawalker.com/mexico-westbook-a-road-and-recreation-guide-to-today-s.pdf
    • http://www.gorillawalker.com/last-dance-in-phoenix-kindle-edition.pdf
    • http://www.gorillawalker.com/fishing-stories-everyman-s-pocket-classics.pdf
    • http://www.gorillawalker.com/concerto-in-d-minor-for-2-violins-violoncello-strings-and.pdf
    • http://www.gorillawalker.com/the-emtala-answer-book.pdf
    • http://www.gorillawalker.com/manuel-and-the-lobsterman.pdf
    • http://www.gorillawalker.com/when-you-re-good-to-mama-choral-octavo-faber-choral.pdf
    • http://www.gorillawalker.com/urban
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.