Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6b96f5a0fa48e17…

MALICIOUS

PDF

33.9 KB Created: 2020-02-08 21:01:01 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 11.0 (Windows))
MD5: ec08f31822356afb2140ad838702d554 SHA-1: 4048a07e65564ee8fb8932ef004b5edf8bc1355b SHA-256: a6b96f5a0fa48e17951e7a88ab3a989f0f1c90347670522b34171117166f78a1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm designed to direct users to a multitude of external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/riding-the-rails-in-the-usa-trains-in-american-life.pdf
    • http://www.gorillawalker.com/hiatus-hernia-the-new-self-help-series.pdf
    • http://www.gorillawalker.com/morocco-overland-route-guide-from-the-atlas-to-the-sahara.pdf
    • http://www.gorillawalker.com/parvana-s-journey-breadwinner-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/1001-surprising-things-you-should-know-about-christianity.pdf
    • http://www.gorillawalker.com/air-traffic-control-modernization-management-challenges-associted-with-program.pdf
    • http://www.gorillawalker.com/regular-show-vol-3.pdf
    • http://www.gorillawalker.com/nightlife.pdf
    • http://www.gorillawalker.com/don-t-blink-now-capturing-the-hidden-world-of-sea.pdf
    • http://www.gorillawalker.com/juegos-de-magia-magic-games-minimagia-spanish-edition.pdf
    • http://www.gorillawalker.com/american-church-and-church-school-hymnal-bethany-edition-a-new.pdf
    • http://www.gorillawalker.com/the-california-vegetables-in-garden-and-field-a-manual-of.pdf
    • http://www.gorillawalker.com/the-enemy-within-volume-iii-of-mission-earth.pdf
    • http://www.gorillawalker.com/r-c-gorman-the-drawings.pdf
    • http://www.gorillawalker.com/the-amazon-rain-forest-endangered-animals-habitats-greenhaven.pdf
    • http://www.gorillawalker.com/berlin-wandkalender-2015.pdf
    • http://www.gorillawalker.com/r-b-keyboard-the-complete-guide-with-cd-hal-leonard.pdf
    • http://www.gorillawalker.com/law-liberty-and-morality.pdf
    • http://www.gorillawalker.com/the-journal-of-animal-behavior.pdf
    • http://www.gorillawalker.com/rock-my-soul-sheet-music-satb.pdf
    • http://www.gorillawalker.com/plankton-stratigraphy-cambridge-earth-science-series-vol-1.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-corporate-law-and-governance-oxford-handbooks.pdf
    • http://www.gorillawalker.com/e-mail-etiquette-do-s-don-ts-and-disaster-tales.pdf
    • http://www.gorillawalker.com/fire-in-the-hills-the-revival-which-spread-from-ruanda.pdf
    • http://www.gorillawalker.com/southern-living-the-official-sec-tailgating-cookbook-great-food-legendary.pdf
    • http://www.gorillawalker.com/advances-in-algebraic-quantum-field-theory-mathematical-physics-studies.pdf
    • http://www.gorillawalker.com/the-nazi-officers-wife-summary-and-analysis-of-the-nazi.pdf
    • http://www.gorillawalker.com/shooting-field-and-covert-the-badminton-library-of-sports-and.pdf
    • http://www.gorillawalker.com/moon-austin-san-antonio-and-the-hill-country-moon-handbooks.pdf
    • http://www.gorillawalker.com/the-effect-of-family-size-and-birth-order-on-an.pdf
    • http://www.gorillawalker.com/invitation-to-discrete-mathematics.pdf
    • http://www.gorillawalker.com/vietnam-war-facts-at-your-fingertips-military-history.pdf
    • http://www.gorillawalker.com/bio-dynamic-agriculture-an-introduction.pdf
    • http://www.gorillawalker.com/student-atlas-of-world-geography-6th-sixth-edition-byallen.pdf
    • http://www.gorillawalker.com/republican-party-reptile-the-confessions-adventures-essays-and-other-outrages.pdf
    • http://www.gorillawalker.com/the-admirable-crichton.pdf
    • http://www.gorillawalker.com/minerals-earth-science-rocks.pdf
    • http://www.gorillawalker.com/in-a-deep-funk-dance-set-for-solo-bass-clarinet.pdf
    • http://www.gorillawalker.com/a-history-of-homosexuality-in-europe-berlin-london-paris-1919.pdf
    • http://www.gorillawalker.com/thrass-assessment-book-thrass-teaching-handwriting-reading-spelling-skills.pdf
    • http://www.gorillawalker.com/r-b-keyboard-the-complete-gui
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.