Malicious PDF — malware analysis report

Static analysis result for SHA-256 aaea0452f853edcc…

MALICIOUS

PDF

33.1 KB Created: 2019-12-14 12:41:32 +03:00 Authoring application: Acrobat PDFMaker 9.1 для Word (via Adobe PDF Library 9.0)
MD5: fdac6982879f33dfe6160b2308d57549 SHA-1: 3055f960b0d3f3b696c21f7814cd8c4a2a100107 SHA-256: aaea0452f853edccacd0596acdb7591c5d0f7533ef80623b11c2386d7cadd6d1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or SEO poisoning attempt. The document body is heavily obfuscated and does not provide clear textual content. The primary attack pattern involves directing users to a large collection of URLs, likely for malicious redirection or content delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-new-photo-crafts-photo-transfer-techniques-and-projects-for.pdf
    • http://www.gorillawalker.com/daniel-fast-slow-cooker-recipes-quick-easy-meals-for-breakfast.pdf
    • http://www.gorillawalker.com/activities-for-fluency-grades-5-6.pdf
    • http://www.gorillawalker.com/the-secret-history-of-lucifer.pdf
    • http://www.gorillawalker.com/sailing-world-dr-crash-2012.pdf
    • http://www.gorillawalker.com/canterwood-crest-stable-of-stories-take-the-reins-behind-the.pdf
    • http://www.gorillawalker.com/a-gem-of-a-daughter-jewels.pdf
    • http://www.gorillawalker.com/first-day-in-grapes-first-day-in-grapes.pdf
    • http://www.gorillawalker.com/midsummer-night-s-dream-op-61-french-english-language-edition.pdf
    • http://www.gorillawalker.com/project-notepad.pdf
    • http://www.gorillawalker.com/macroeconomics-principles-and-policy-available-titles-aplia.pdf
    • http://www.gorillawalker.com/the-agricultural-revolution-in-prehistory-why-did-foragers-become-farmers.pdf
    • http://www.gorillawalker.com/praxis-ii-teaching-reading-5204-exam-flashcard-study-system-praxis.pdf
    • http://www.gorillawalker.com/the-political-economy-of-central-asia.pdf
    • http://www.gorillawalker.com/exquisite-desire.pdf
    • http://www.gorillawalker.com/warm-nuts-for-men-who-travel-abroad.pdf
    • http://www.gorillawalker.com/research-methods-a-process-of-inquiry-7th-edition.pdf
    • http://www.gorillawalker.com/abrir-la-mano-del-pensamiento-fundamentos-de-la-pr-ctica.pdf
    • http://www.gorillawalker.com/marriage-law-and-policy-in-the-chinese-people-s-republic.pdf
    • http://www.gorillawalker.com/approach-the-rejection-free-way-for-marketers-to-reach-your.pdf
    • http://www.gorillawalker.com/explore-canada-the-adventurer-s-guide.pdf
    • http://www.gorillawalker.com/nes-essential-components-of-elementary-reading-instruction-secrets-study-guide.pdf
    • http://www.gorillawalker.com/drinking-in-america-our-secret-history.pdf
    • http://www.gorillawalker.com/a-fundamental-fear-critique-influence-change-kindle-edition.pdf
    • http://www.gorillawalker.com/the-secret-of-the-long-lost-cousin-can-you-solve.pdf
    • http://www.gorillawalker.com/electric-machinery-and-power-system-fundamentals-1st-first-edition.pdf
    • http://www.gorillawalker.com/teaching-and-addresses.pdf
    • http://www.gorillawalker.com/doing-my-part-home-front-heroes.pdf
    • http://www.gorillawalker.com/magnify-the-lord-scripture-songs-for-choir-or-congregation-arranged.pdf
    • http://www.gorillawalker.com/endless-appetites-how-the-commodities-casino-creates-hunger-and-unrest.pdf
    • http://www.gorillawalker.com/ultrasonic-instruments-and-devices.pdf
    • http://www.gorillawalker.com/the-holy-spirit.pdf
    • http://www.gorillawalker.com/healthy-and-fit-25-more-delicious-and-healthy-smoothie-recipes.pdf
    • http://www.gorillawalker.com/my-first-story-north-west-tales.pdf
    • http://www.gorillawalker.com/seeds-for-democratization-in-ethiopia-why-unity-of-purpose-matters.pdf
    • http://www.gorillawalker.com/the-hour-of-dreams-the-pace-series-4.pdf
    • http://www.gorillawalker.com/three-girls-and-a-wedding.pdf
    • http://www.gorillawalker.com/delilah-cream-for-the-cowboys-2-bbw-mfm-dp-menage.pdf
    • http://www.gorillawalker.com/fractional-calculus-models-and-numerical-methods-series-on-complexity-nonlinearity.pdf
    • http://www.gorillawalker.com/discovery-at-rosehill-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.