Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa788ecfa635054c…

MALICIOUS

PDF

43.0 KB Created: 2018-12-02 10:56:55 +03:00 Authoring application: - (via Apache FOP Version 0.93)
MD5: 2b0369d1868bf7f07be6445fcbb5ad0a SHA-1: 58c46922e52fc9e86a2fa92da3d9c151768890e9 SHA-256: aa788ecfa635054cc78e81df34183145382bbeb2f8414631f99b0fdaa073d429
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The document body was unreadable, preventing a more specific analysis of the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/disputers-of-the-tao-philosophical-argument-in-ancient-china.pdf
    • http://www.gorillawalker.com/asian-nurse-hotties-adult-picture-book-kindle-edition.pdf
    • http://www.gorillawalker.com/silent-warfare-managing-nuclear-chemical-biological-wmd-disasters.pdf
    • http://www.gorillawalker.com/intern-affairs-lesbian-doctor-sex.pdf
    • http://www.gorillawalker.com/following-the-indian-wars-the-story-of-the-newspaper-correspondents.pdf
    • http://www.gorillawalker.com/insatiable-the-compelling-story-of-four-teens-food-and-its.pdf
    • http://www.gorillawalker.com/the-neanderthal-legacy-an-archaeological-perspective-from-western-europe.pdf
    • http://www.gorillawalker.com/the-lady-or-the-tiger.pdf
    • http://www.gorillawalker.com/00104-15-introduction-to-power-tools-trainee-guide.pdf
    • http://www.gorillawalker.com/the-american-dream-the-sandbox-the-death-of-bessie-smith.pdf
    • http://www.gorillawalker.com/mexican-americans-american-mexicans-from-conquistadors-to-chicanos-american-century.pdf
    • http://www.gorillawalker.com/journal-d-un-degonfle-t2-rodrick-fait-sa-loi-diary.pdf
    • http://www.gorillawalker.com/seeking-her-mates-boxed-set-a-shifter-menage-serial-all.pdf
    • http://www.gorillawalker.com/assassin-s-creed-el-cakr-vol-5.pdf
    • http://www.gorillawalker.com/emma-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/stay-alive-4-flood.pdf
    • http://www.gorillawalker.com/if-i-were-an-astronaut-dream-big.pdf
    • http://www.gorillawalker.com/liverpool-docks-images-of-england.pdf
    • http://www.gorillawalker.com/harry-potter-and-the-chamber-of-secrets-2003-calendar.pdf
    • http://www.gorillawalker.com/the-black.pdf
    • http://www.gorillawalker.com/hidden-in-the-rubble-a-haitian-pilgrimage-to-compassion-and.pdf
    • http://www.gorillawalker.com/capture-of-bcr-abl-for-induction-of-apoptosis-in-chronic.pdf
    • http://www.gorillawalker.com/aini-akbari-in-books.pdf
    • http://www.gorillawalker.com/construction-materials-for-civil-structural-engineering-part-i-concrete.pdf
    • http://www.gorillawalker.com/the-orb-of-truth.pdf
    • http://www.gorillawalker.com/the-handbook-of-family-dispute-resolution-mediation-theory-and-practice.pdf
    • http://www.gorillawalker.com/resilience-reflections-on-the-burdens-and-gifts-of-facing-life.pdf
    • http://www.gorillawalker.com/introduction-to-64-bit-assembly-programming-for-linux-and-os.pdf
    • http://www.gorillawalker.com/suddenly-sixty-and-other-shocks-of-later-life.pdf
    • http://www.gorillawalker.com/gallium-nitride-based-technologies-spie-critical-reviews-vol-cr83.pdf
    • http://www.gorillawalker.com/advanced-chess-tactics.pdf
    • http://www.gorillawalker.com/secrets-from-the-vinyl-cafe.pdf
    • http://www.gorillawalker.com/desserts-and-drinks-for-any-occasion-easy-to-prepare-desserts.pdf
    • http://www.gorillawalker.com/iconographer-s-sketchbook-drawings-and-patterns-the-postnikov-collection-the.pdf
    • http://www.gorillawalker.com/essential-mathematics-for-life-essential-mathematics-for-life-series.pdf
    • http://www.gorillawalker.com/toxin.pdf
    • http://www.gorillawalker.com/resilience-discovering-a-new-strength-at-times-of-stress.pdf
    • http://www.gorillawalker.com/yemen-sudoc-prex-3-10-4-y-3-11.pdf
    • http://www.gorillawalker.com/the-art-of-the-limerick-hardcover.pdf
    • http://www.gorillawalker.com/easyjet-the-story-of-england-s-biggest-low-cost-airline.pdf
    • http://www.gorillawalker.com/foll
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.