Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa21f6bac01d6614…

MALICIOUS

PDF

44.1 KB Created: 2019-03-17 12:30:58 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 0ac50590e7cb62de54c2d3ce0db3213f SHA-1: 2a54db1d0eb42dec96746552b0e95528ddb37a38 SHA-256: aa21f6bac01d661490cfcc77c7c0857fd9446f58395a8d88fa24cd06dc793815
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was heavily obfuscated, making it difficult to determine the exact nature of the lure beyond the link farm. The primary attack pattern involves directing users to a large collection of external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/when-i-was-a-young-man-a-memoir.pdf
    • http://www.gorillawalker.com/the-nose-book.pdf
    • http://www.gorillawalker.com/the-mascot-with-the-ascot.pdf
    • http://www.gorillawalker.com/people-need-roots-the-story-of-the-st-pancras-housing.pdf
    • http://www.gorillawalker.com/studyguide-for-medical-transcription-fundamentals-by-gilmore-diane.pdf
    • http://www.gorillawalker.com/european-rail-timetable-winter-2014-2015-december-2014-june-2015.pdf
    • http://www.gorillawalker.com/the-man-who-listens-to-horses-the-story-of-a.pdf
    • http://www.gorillawalker.com/the-unexpected-mate-reluctant-gay-werewolf-erotica.pdf
    • http://www.gorillawalker.com/oral-maxillofacial-pathology-3rd-08-by-neville-brad-w-damm.pdf
    • http://www.gorillawalker.com/ancestral-la-infecci.pdf
    • http://www.gorillawalker.com/wildest-dream-the-biography-of-george-mallory-kindle-edition.pdf
    • http://www.gorillawalker.com/ravcor-s-prize-spaced-out-for-love-2-siren-publishing.pdf
    • http://www.gorillawalker.com/windows-mfc-programming-i.pdf
    • http://www.gorillawalker.com/historia-de-la-psicologia-sistemas-movimientos-y-escuelas-biblioteca-universitaria.pdf
    • http://www.gorillawalker.com/rabbit-makes-a-monkey-of-lion-picture-puffins.pdf
    • http://www.gorillawalker.com/the-beauty-of-light-wiley-science-editions.pdf
    • http://www.gorillawalker.com/killer-abdominal-exercises-how-to-get-stunning-abs-without-limitting.pdf
    • http://www.gorillawalker.com/service-worlds-people-organisations-technologies.pdf
    • http://www.gorillawalker.com/malta-gozo-1-25-000-contoured-hiking-map-gps-compatible.pdf
    • http://www.gorillawalker.com/communication-acoustics-an-introduction-to-speech-audio-and-psychoacoustics.pdf
    • http://www.gorillawalker.com/a-journey-in-islamic-thought-the-life-of-fathi-osman.pdf
    • http://www.gorillawalker.com/winds-of-wyoming.pdf
    • http://www.gorillawalker.com/imprisoned-parallel-trilogy-book-2.pdf
    • http://www.gorillawalker.com/walking-shadow-spenser-mysteries.pdf
    • http://www.gorillawalker.com/liber-chaotica-vol-4-tzeentch-paperback.pdf
    • http://www.gorillawalker.com/100-winning-duplicate-tips-for-the-improving-tournament-player-master.pdf
    • http://www.gorillawalker.com/new-mymanagementlab-with-pearson-etext-access-card-for-organizational-behavior.pdf
    • http://www.gorillawalker.com/ball-milling-towards-green-synthesis-applications-projects-challenges-rsc-green.pdf
    • http://www.gorillawalker.com/italic-calligraphy-and-handwriting-exercises-and-texts.pdf
    • http://www.gorillawalker.com/the-wreck-of-the-lauradonna.pdf
    • http://www.gorillawalker.com/improbable-libraries-a-visual-journey-to-the-world-s-most.pdf
    • http://www.gorillawalker.com/altar-to-an-unknown-love-rob-bell-c-s-lewis.pdf
    • http://www.gorillawalker.com/regionalne-geologicke-mapy-slovenska-1-50-000.pdf
    • http://www.gorillawalker.com/sewed-up-tight-a-quilters-club-mystery-no-5-quilters.pdf
    • http://www.gorillawalker.com/boa-constrictors-as-pets-boa-constrictor-comprehensive-owner-s-guide.pdf
    • http://www.gorillawalker.com/the-new-yorker-book-of-golf-cartoons-new-yorker-book.pdf
    • http://www.gorillawalker.com/comics-buyers-guide-marvel-comics-checklist-price-guide-1961-to.pdf
    • http://www.gorillawalker.com/eat-less-exercise-more-life-plan.pdf
    • http://www.gorillawalker.com/preparing-for-disaster-building-household-and-community-capacity.pdf
    • http://www.gorillawalker.com/cruelty.pdf
    • http://www.gorillawalker.com/the-unexpected-mate-reluctant-gay-werewolf-eroti
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.