Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa88bf6b6deeff8f…

MALICIOUS

PDF

43.2 KB Created: 2019-04-11 04:10:23 +03:00 Authoring application: Adobe Acrobat Pro 11.0.0
MD5: affb8333002ddb73674c5ba44a52c55b SHA-1: 0a5e4bfd0d853bd9a13dee7662dafa806c7f29f8 SHA-256: aa88bf6b6deeff8f443cc8ff8d32f8238a044711451e79846781fcea7c0eea8d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to malicious content. The document body is heavily obfuscated and does not provide further clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/life-stories-of-the-nicaraguan-revolution.pdf
    • http://www.gorillawalker.com/guatemala-faces-of-the-earth.pdf
    • http://www.gorillawalker.com/i-say-you-say-feelings.pdf
    • http://www.gorillawalker.com/fallingwater-the-model.pdf
    • http://www.gorillawalker.com/when-it-s-love.pdf
    • http://www.gorillawalker.com/breakfast-inn-style-historic-and-romantic-inns-of-the-southeast.pdf
    • http://www.gorillawalker.com/the-memory-of-water.pdf
    • http://www.gorillawalker.com/stories-of-old-time-oklahoma.pdf
    • http://www.gorillawalker.com/the-reeducation-trials-in-communist-romania-1952-1960-east-european.pdf
    • http://www.gorillawalker.com/el-vino-nuevo-atlas-mundial-spanish-edition.pdf
    • http://www.gorillawalker.com/improve-your-communication-skills-creating-success.pdf
    • http://www.gorillawalker.com/time-out-1000-films-to-change-your-life-time-out.pdf
    • http://www.gorillawalker.com/betty-crockers-new-microwaving-for-one-or-two.pdf
    • http://www.gorillawalker.com/kanji-in-context-reference-book.pdf
    • http://www.gorillawalker.com/a-festival-of-violence-an-analysis-of-southern-lynchings-1882.pdf
    • http://www.gorillawalker.com/therapist-s-guide-to-posttraumatic-stress-disorder-intervention-practical-resources.pdf
    • http://www.gorillawalker.com/architecture-nineteenth-and-twentieth-centuries-pelican-history-of-art.pdf
    • http://www.gorillawalker.com/the-hidden-agenda-an-extraordinary-true-story-behind-colombia-s.pdf
    • http://www.gorillawalker.com/the-freedom-of-the-seas-or-the-right-which-belongs.pdf
    • http://www.gorillawalker.com/the-winning-lineup-a-guide-for-baseball-and-softball-coaches.pdf
    • http://www.gorillawalker.com/jersey-rambles-coast-and-country.pdf
    • http://www.gorillawalker.com/free-play-improvisation-in-life-and-art.pdf
    • http://www.gorillawalker.com/bloom-s-how-to-write-about-emily-dickinson-bloom-s.pdf
    • http://www.gorillawalker.com/surface-anatomy-of-acupuncture-an-anatomical-guide-for-point-location.pdf
    • http://www.gorillawalker.com/9787030196750-mechanical-drawing-on-the-11th-five-year-plan-of.pdf
    • http://www.gorillawalker.com/diagnosis-of-defective-colour-vision-2e.pdf
    • http://www.gorillawalker.com/metagenomics-for-microbiology.pdf
    • http://www.gorillawalker.com/feng-shui-diaries-volume-1-ruby-kindle-edition.pdf
    • http://www.gorillawalker.com/scarecrows-definitions-s-kindle-edition.pdf
    • http://www.gorillawalker.com/keeping-kids-fit-a-family-plan-for-raising-active-healthy.pdf
    • http://www.gorillawalker.com/kwanzaa-holiday-10-kwanzaa-children-picture-book-great-bedtime-story.pdf
    • http://www.gorillawalker.com/aotus-the-owl-monkey.pdf
    • http://www.gorillawalker.com/100-days-math-division-series-4-digit-dividends-1-digit.pdf
    • http://www.gorillawalker.com/carta-fisica-corografica-del-lazio-e-umbria.pdf
    • http://www.gorillawalker.com/pandas-a-portrait-of-the-animal-world.pdf
    • http://www.gorillawalker.com/psalm-110-and-the-logic-of-hebrews-the-library-of.pdf
    • http://www.gorillawalker.com/complete-lyric-pieces-for-piano-dover-music-for-piano-by.pdf
    • http://www.gorillawalker.com/saint-patrick-s-day-the-gordonston-ladies-dog-walking-club.pdf
    • http://www.gorillawalker.com/surface-production-operations-design-of-oil-handling-systems-and-facilities.pdf
    • http://www.gorillawalker.com/1998-1999-medical-students-guide-to-successful-residency-matching-paperback.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.