Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa2df21d47eca782…

MALICIOUS

PDF

40.9 KB Created: 2018-12-11 20:46:52 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: eb8d55388c248a93039ac82ab14fcfae SHA-1: 76f69ea20a40d31d3402b74f37a733229cad08cc SHA-256: aa2df21d47eca7828736a290b979e9fab59f6d30053b2c73bd2f6119b0850e87
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs are primarily to a single domain, suggesting a coordinated effort to manipulate search engine results or redirect users to potentially malicious content hosted on that domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/national-geographic-september-1987-vol-172-no-3.pdf
    • http://www.gorillawalker.com/espresso-seduction-billionaire-rags-to-riches-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-musicians-hand-a-clinical-guide.pdf
    • http://www.gorillawalker.com/guru-my-days-with-del-close.pdf
    • http://www.gorillawalker.com/the-kalevala-oxford-world-s-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/st-john-bosco-and-saint-dominic-savio-vision-books-s.pdf
    • http://www.gorillawalker.com/hot-ics-for-the-electronics-hobbyist.pdf
    • http://www.gorillawalker.com/die-meistersinger-von-n-rnberg-wwv-96-selections-for-theatre.pdf
    • http://www.gorillawalker.com/next-series-microsoft-office-365-the-next.pdf
    • http://www.gorillawalker.com/god-s-relentless-love.pdf
    • http://www.gorillawalker.com/god-s-secret-formula-deciphering-the-riddle-of-the-universe.pdf
    • http://www.gorillawalker.com/the-handholder-s-handbook-a-guide-for-caregivers-of-people.pdf
    • http://www.gorillawalker.com/yellow-line-orca-soundings.pdf
    • http://www.gorillawalker.com/inserts-for-liturgy-of-the-hours.pdf
    • http://www.gorillawalker.com/meeresstille.pdf
    • http://www.gorillawalker.com/out-of-sorts-making-peace-with-an-evolving-faith-digital.pdf
    • http://www.gorillawalker.com/nonfiction-for-high-school-a-sentence-composing-approach.pdf
    • http://www.gorillawalker.com/collector-s-encyclopedia-of-barbie-doll-exclusives-and-more-identification.pdf
    • http://www.gorillawalker.com/pursued-by-a-dragon-the-dragon-archives-book-2-kindle.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-style-an-illustrated-guide-to-dressing-well.pdf
    • http://www.gorillawalker.com/bulgaria-world-bibliographical-series.pdf
    • http://www.gorillawalker.com/enjoy-drawing-the-human-figure-a-new-concept-in-art.pdf
    • http://www.gorillawalker.com/the-systematic-theology-of-john-brown-of-haddington.pdf
    • http://www.gorillawalker.com/american-business-vocabulary.pdf
    • http://www.gorillawalker.com/worldview-the-history-of-a-concept.pdf
    • http://www.gorillawalker.com/tangled-loyalties-the-life-and-times-of-ilya-ehrenburg.pdf
    • http://www.gorillawalker.com/drawing-for-the-artistically-undiscovered-klutz.pdf
    • http://www.gorillawalker.com/cell-kindle-edition.pdf
    • http://www.gorillawalker.com/the-happiest-people-on-earth-the-long-awaited-personal-story.pdf
    • http://www.gorillawalker.com/irish-american-landmarks-a-traveler-s-guide-visible-ink-press.pdf
    • http://www.gorillawalker.com/animal-cognition-and-behavior.pdf
    • http://www.gorillawalker.com/the-theory-of-magnetism-made-simple-an-introduction-to-physical.pdf
    • http://www.gorillawalker.com/energy-law-in-india-second-edition.pdf
    • http://www.gorillawalker.com/thomas-jefferson-s-qur-an-islam-and-the-founders.pdf
    • http://www.gorillawalker.com/mount-hood-south-side-route.pdf
    • http://www.gorillawalker.com/homage-to-catalonia.pdf
    • http://www.gorillawalker.com/william-trevor-a-study-of-his-fiction.pdf
    • http://www.gorillawalker.com/chronicle-of-the-world.pdf
    • http://www.gorillawalker.com/30-dolci-squisiti-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/dreams-a-portal-to-the-source.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.