Malicious PDF — malware analysis report

Static analysis result for SHA-256 abaab0e96586dcaf…

MALICIOUS

PDF

42.9 KB Created: 2019-02-13 19:56:23 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 4d3d47a822a7528e552e817f964175de SHA-1: b6ce87c281bea7a7641f74f1088aa2cd87850003 SHA-256: abaab0e96586dcaf7d4e8ed7b148a259d56e9b5a2f9752189ccd982b94d880b6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded links to external PDF files hosted on gorillawalker.com. This suggests a link farm or content distribution strategy. The primary attack pattern is likely SEO manipulation or potentially hosting malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-washer-of-the-ford-legendary-moralities-and-barbaric-tales.pdf
    • http://www.gorillawalker.com/out-of-the-labyrinth-for-those-who-want-to-believe.pdf
    • http://www.gorillawalker.com/before-the-movies-american-magic-lantern-entertainment-and-the-nation.pdf
    • http://www.gorillawalker.com/a-professional-s-guide-to-ending-violence-quickly-how-bouncers.pdf
    • http://www.gorillawalker.com/lord-john-and-the-private-matter.pdf
    • http://www.gorillawalker.com/the-complete-flower-paintings-and-drawings-of-graham-stuart-thomas.pdf
    • http://www.gorillawalker.com/moving-the-multiservice-center-cases-in-decision-making-managing-local.pdf
    • http://www.gorillawalker.com/holy-legionary-youth-fascist-activism-in-interwar-romania.pdf
    • http://www.gorillawalker.com/art-and-faith-in-mexico-the-nineteenth-century-retablo-tradition.pdf
    • http://www.gorillawalker.com/unions-and-labor-laws-point-counterpoint.pdf
    • http://www.gorillawalker.com/the-niv-harmony-of-the-gospels.pdf
    • http://www.gorillawalker.com/partial-outsourcing-a-real-options-perspective-an-article-from-international.pdf
    • http://www.gorillawalker.com/world-cinema-critical-approaches.pdf
    • http://www.gorillawalker.com/breaking-open-the-word-of-god-cycle-a-resources-for.pdf
    • http://www.gorillawalker.com/my-hippie-grandmother.pdf
    • http://www.gorillawalker.com/minecraft-the-adventures-of-fart-man-the-beginning-minecraft-stories.pdf
    • http://www.gorillawalker.com/erte-art-to-wear-the-complete-jewelery.pdf
    • http://www.gorillawalker.com/el-camino-a-la-grandeza-financiera-los-10-pasos-para.pdf
    • http://www.gorillawalker.com/patterns-in-child-phonology.pdf
    • http://www.gorillawalker.com/working-words-in-spelling.pdf
    • http://www.gorillawalker.com/la-fille-aux-cheveux-de-lin-extrait-des-preludes-pour.pdf
    • http://www.gorillawalker.com/understanding-tomorrow-s-mind-advances-in-chaos-theory-quantum-theory.pdf
    • http://www.gorillawalker.com/korea-business-the-portable-encyclopedia-for-doing-business-with-korea.pdf
    • http://www.gorillawalker.com/bundle-historical-geology-6th-exploring-tropical-cyclones-gis-investigations-for.pdf
    • http://www.gorillawalker.com/the-pasta-book-williams-sonoma.pdf
    • http://www.gorillawalker.com/suspended-sentences-from-the-life-of-a-climbing-cameraman.pdf
    • http://www.gorillawalker.com/city-of-light-an-outcast-novel.pdf
    • http://www.gorillawalker.com/simplified-classics-piano-solo-later-elementary.pdf
    • http://www.gorillawalker.com/digital-libraries.pdf
    • http://www.gorillawalker.com/john-brimhall-s-3300-keyboard-chords-the-popular-chord-encyclopedia.pdf
    • http://www.gorillawalker.com/breakups-and-rejections-all-occasions-lines-for-all-occasions.pdf
    • http://www.gorillawalker.com/the-mickey-mouse-make-it-book-disney-s-wonderful-world.pdf
    • http://www.gorillawalker.com/stubborn-child.pdf
    • http://www.gorillawalker.com/lighthouses-of-new-england-quilting.pdf
    • http://www.gorillawalker.com/colorado-the-centennial-state-it-s-my-state.pdf
    • http://www.gorillawalker.com/mechanics-and-reliability-of-flexible-magnetic-media.pdf
    • http://www.gorillawalker.com/frommer-s-easyguide-to-chicago-easy-guides.pdf
    • http://www.gorillawalker.com/trade-offs-negotiating-the-omnibus-trade-and-competitiveness-act.pdf
    • http://www.gorillawalker.com/arctic-monkeys-am-guitar-recorded-versions.pdf
    • http://www.gorillawalker.com/macroeconomics-principles-applications-and-tools-7th-edition-pearson-series-in.pdf
    • http://www.gorillawalker.com/a-professional-s-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.