Malicious PDF — malware analysis report

Static analysis result for SHA-256 aabfc6928756e26f…

MALICIOUS

PDF

32.9 KB Created: 2019-12-13 19:47:58 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 1cbef5d73d6ab584c07e536bd30cf3c4 SHA-1: 10345b54e4cd5edb3043ad1b83c0bb60d9c8396f SHA-256: aabfc6928756e26fdd9629e350870c65025ddd3d309ef7d87c5d274a1f57f409
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/today-i-m-alice-the-heartbreaking-memoir-of-a-woman.pdf
    • http://www.gorillawalker.com/death-s-angel-lost-angels-book-3.pdf
    • http://www.gorillawalker.com/a-wedding-by-dawn.pdf
    • http://www.gorillawalker.com/el-nino-autista-deteccion-evolucion-y-tratamiento-infancia-y-desarrollo.pdf
    • http://www.gorillawalker.com/sound-speech-music-in-soviet-and-post-soviet-cinema.pdf
    • http://www.gorillawalker.com/the-early-child-development-piaget-and-vygotsky-theories-comparison.pdf
    • http://www.gorillawalker.com/masculine-landscapes-walt-whitman-and-the-homoerotic-text.pdf
    • http://www.gorillawalker.com/sex-crimes.pdf
    • http://www.gorillawalker.com/the-adventures-of-hajji-baba-of-ispahan.pdf
    • http://www.gorillawalker.com/spring-miki-falls.pdf
    • http://www.gorillawalker.com/confucian-democracy-a-deweyan-reconstruction-suny-series-in-chinese-philosophy.pdf
    • http://www.gorillawalker.com/when-a-mate-wants-out-secrets-for-saving-a-marriage.pdf
    • http://www.gorillawalker.com/i-still-love-you-and-all-that-jazz-friendship-and.pdf
    • http://www.gorillawalker.com/principles-of-macroeconomics-the-freedom-to-choose.pdf
    • http://www.gorillawalker.com/burning-secret.pdf
    • http://www.gorillawalker.com/latin-american-icons-fame-across-borders.pdf
    • http://www.gorillawalker.com/praise-worship-through-dance.pdf
    • http://www.gorillawalker.com/making-hispanics-how-activists-bureaucrats-and-media-constructed-a-new.pdf
    • http://www.gorillawalker.com/by-grace-you-have-been-saved-bible-studies-on-healing.pdf
    • http://www.gorillawalker.com/the-zombie-chasers-5-nothing-left-to-ooze-paperback.pdf
    • http://www.gorillawalker.com/freak-story-1967-1969.pdf
    • http://www.gorillawalker.com/children-s-handbook-scotland-a-benefits-guide-for-children-living.pdf
    • http://www.gorillawalker.com/hemidemisemiquavers-and-other-such-things-a-concise-guide-to-music.pdf
    • http://www.gorillawalker.com/the-penitent-the-children-of-lilith.pdf
    • http://www.gorillawalker.com/johannes-cabal-the-fear-institute-the-fear-institute-johannes-cabal.pdf
    • http://www.gorillawalker.com/rohinton-mistry-writers-of-the-indian-diaspora.pdf
    • http://www.gorillawalker.com/tai-chi-ruler-chinese-yoga-for-health-and-longevity.pdf
    • http://www.gorillawalker.com/bond-markets-analysis-and-strategies-7th-edition.pdf
    • http://www.gorillawalker.com/here-lies-the-librarian.pdf
    • http://www.gorillawalker.com/sweet-maxwell-international-sports-law-review-2013-bound-volume.pdf
    • http://www.gorillawalker.com/full-contact-redemption-book-3.pdf
    • http://www.gorillawalker.com/chastity-discipline-a-story-of-bisexual-chastity-sissy-cuckold-slavery.pdf
    • http://www.gorillawalker.com/the-rock-kindle-edition.pdf
    • http://www.gorillawalker.com/turf-stars-horses-to-follow-flat-season-2015-kindle-edition.pdf
    • http://www.gorillawalker.com/building-construction-cost-data-1992.pdf
    • http://www.gorillawalker.com/clive-brittain-the-smiling-pioneer-the-biography-of-clive-brittain.pdf
    • http://www.gorillawalker.com/annual-review-of-condensed-matter-physics-2014.pdf
    • http://www.gorillawalker.com/who-s-pulling-your-strings-how-to-break-the-cycle.pdf
    • http://www.gorillawalker.com/the-yorkshire-terrier-kindle-edition.pdf
    • http://www.gorillawalker.com/the-aa-100-walks-in-wales-the-marches-walks-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.