Malicious PDF — malware analysis report

Static analysis result for SHA-256 abb1dc627baf7eee…

MALICIOUS

PDF

41.2 KB Created: 2018-11-26 20:06:47 +03:00 Authoring application: Adobe Illustrator CS5.1 (via GPL Ghostscript 9.10)
MD5: a6eada5e3ca4ff46040218d0f618944c SHA-1: d9de6de2e1872e4cd9e070568ba364a113cc572b SHA-256: abb1dc627baf7eee5014e00d365bd89f40d7f2456d915995b155b2bed3998041
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be the distribution of a large number of links, likely to manipulate search engine results or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/david-busch-s-digital-infrared-pro-secrets-david-busch-s.pdf
    • http://www.gorillawalker.com/the-spiritual-significance-of-malas-and-murtis.pdf
    • http://www.gorillawalker.com/british-vintage-model-cars-uk-version-british-scale-models-1.pdf
    • http://www.gorillawalker.com/how-we-compete-what-companies-around-the-world-are-doing.pdf
    • http://www.gorillawalker.com/mug-shots-desserts.pdf
    • http://www.gorillawalker.com/claim-wolves-of-the-city-1-werewolf-erotica.pdf
    • http://www.gorillawalker.com/ghosts-spirits-and-psychics-the-paranormal-from-alchemy-to-zombies.pdf
    • http://www.gorillawalker.com/guam-guide-dive-map-franko-maps-waterproof-map-japanese-edition.pdf
    • http://www.gorillawalker.com/tears-and-saints.pdf
    • http://www.gorillawalker.com/ulsterbus-and-citybus-v-6-the-hesketh-years-1988-2003.pdf
    • http://www.gorillawalker.com/sex-6-spanish-edition.pdf
    • http://www.gorillawalker.com/i-m-reading-about-california-california-experience.pdf
    • http://www.gorillawalker.com/trans-siberian-orchestra-the-christmas-attic-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/elminster-s-daughter-the-elminster-series.pdf
    • http://www.gorillawalker.com/distribution-and-possible-impacts-of-toxic-organic-pollutants-on-coral.pdf
    • http://www.gorillawalker.com/indesign-cs3-in-easy-steps-for-windows-and-mac.pdf
    • http://www.gorillawalker.com/togaf-9-foundation-part-2-exam-preparation-course-in-a.pdf
    • http://www.gorillawalker.com/ocean-wave-energy-conversion-alternate-energy-series.pdf
    • http://www.gorillawalker.com/canadian-family-law.pdf
    • http://www.gorillawalker.com/sodium-fast-reactors-with-closed-fuel-cycle-digital.pdf
    • http://www.gorillawalker.com/shareholder-democracy-a-primer-on-shareholder-activism-and-participation.pdf
    • http://www.gorillawalker.com/the-graveyard-book-cd-full-cast-production.pdf
    • http://www.gorillawalker.com/nothing-like-it-in-the-world-the-men-who-built.pdf
    • http://www.gorillawalker.com/abstract-algebra-academic-press-textbooks-in-mathematics.pdf
    • http://www.gorillawalker.com/survival-in-the-wilds.pdf
    • http://www.gorillawalker.com/oral-and-maxillofacial-surgery-vol-ii-vol-2.pdf
    • http://www.gorillawalker.com/analyzing-distribution-network-options-at-remingtin-medical-devices-pearson-cases.pdf
    • http://www.gorillawalker.com/bienes-intangibles-licencias-y-regal-as-compendio-de-propiedad-intelectual.pdf
    • http://www.gorillawalker.com/baltimore-iconoclast.pdf
    • http://www.gorillawalker.com/chinese-word-seek-puzzles-hsk-level-1-p-learn-chinese.pdf
    • http://www.gorillawalker.com/analysis-of-biomarker-data-a-practical-guide.pdf
    • http://www.gorillawalker.com/three-choral-hymns-satb-accompanied-choral-programme-series.pdf
    • http://www.gorillawalker.com/a-little-giant-book-tricks-pranks-little-giant-books.pdf
    • http://www.gorillawalker.com/so-speaks-the-heart-avon-historical-romance.pdf
    • http://www.gorillawalker.com/the-legacy-of-edward-w-said.pdf
    • http://www.gorillawalker.com/an-introduction-to-christian-ethics-5th-edition.pdf
    • http://www.gorillawalker.com/cynthia-a-companion-to-the-text-of-propertius.pdf
    • http://www.gorillawalker.com/clear-grammar-4-activities-for-spoken-and-written-communication.pdf
    • http://www.gorillawalker.com/organizational-change-for-corporate-sustainability-routledge-studies-in-organizational-change.pdf
    • http://www.gorillawalker.com/the-nativity-a-critical-examination.pdf
    • http://www.gorillawalker.com/ghosts-spirits-and-psychics-the-pa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.