Malicious PDF — malware analysis report

Static analysis result for SHA-256 abb284af14d62f39…

MALICIOUS

PDF

43.9 KB Created: 2018-11-30 20:09:08 +03:00 Authoring application: Adobe InDesign CS5 (7.0.4) (via Adobe PDF Library 9.9)
MD5: 4003563ea4153db0119792ce06088b44 SHA-1: f1e935cca714c3712507387f29a2f809c929403e SHA-256: abb284af14d62f394428038364935c86694de9a6e4a7df7a99bb5ac65f7837b0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or direct users to potentially malicious content hosted on the linked domains. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/just-grace-kindle-edition.pdf
    • http://www.gorillawalker.com/war-women-and-children-in-ancient-rome-routledge-revivals.pdf
    • http://www.gorillawalker.com/the-sign-of-the-weeping-virgin-thorndike-press-large-print.pdf
    • http://www.gorillawalker.com/foundation-studies-op-63-clarinet.pdf
    • http://www.gorillawalker.com/manufacturing-of-natural-fibre-reinforced-polymer-composites.pdf
    • http://www.gorillawalker.com/montreal-at-the-crossroads-super-highways-turcot-and-environment.pdf
    • http://www.gorillawalker.com/kitchen-favorites-for-the-millennium-mililani-high-school-hawaii-cookbook.pdf
    • http://www.gorillawalker.com/mind-your-body-pilates-for-the-seated-professional.pdf
    • http://www.gorillawalker.com/modern-mysteries-of-the-moon-what-we-still-don-t.pdf
    • http://www.gorillawalker.com/lukurmata-household-archaeology-in-prehispanic-bolivia-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/daughters-unto-devils.pdf
    • http://www.gorillawalker.com/the-oxford-dictionary-of-synonyms-and-antonyms-by-oxford-may.pdf
    • http://www.gorillawalker.com/standard-lesson-commentary-2005-2006-king-james-version-international-sunday.pdf
    • http://www.gorillawalker.com/the-chronicle-of-malus-darkblade-vol-1-warhammer-anthology-paperback.pdf
    • http://www.gorillawalker.com/epstein-s-bankruptcy-and-related-law-in-a-nutshell-8th.pdf
    • http://www.gorillawalker.com/legal-research-in-scotland-guides-to-legal-research.pdf
    • http://www.gorillawalker.com/la-cenicienta-nivel-1-aprende-ingles-con-cuentos-de-hadas.pdf
    • http://www.gorillawalker.com/living-outside-the-box-tv-free-families-share-their-secrets.pdf
    • http://www.gorillawalker.com/bizarre-phenomena-and-unexplained-mysteries-the-supernatural.pdf
    • http://www.gorillawalker.com/de-haske-music-classical-solos-15-easy-solos-for-contest.pdf
    • http://www.gorillawalker.com/abraham-lincoln-vampire-hunter-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/the-furniture-bible-everything-you-need-to-know-to-identify.pdf
    • http://www.gorillawalker.com/changing-health-care-for-an-aging-society-planning-for-the.pdf
    • http://www.gorillawalker.com/yiddish-rhyming-dictionary-yidisher-gramen-leksikon-yiddish-edition.pdf
    • http://www.gorillawalker.com/risk-management-for-financial-planners-tools-techniques.pdf
    • http://www.gorillawalker.com/and-there-was-light-the-extraordinary-memoir-of-a-blind.pdf
    • http://www.gorillawalker.com/cowboy-s-womb-a-baby-for-the-farm.pdf
    • http://www.gorillawalker.com/early-singapore-1300s-1819-evidence-in-maps-text-and-artefacts.pdf
    • http://www.gorillawalker.com/texas-joins-the-united-states-building-america.pdf
    • http://www.gorillawalker.com/expertddx-ultrasound-published-by-amirsys-expertddx-tm.pdf
    • http://www.gorillawalker.com/1-fiji-tonga-travel-reference-map-scale-varies.pdf
    • http://www.gorillawalker.com/a-da-act-iii-scena-e-duetto-ciel-mio-padre.pdf
    • http://www.gorillawalker.com/challenger-at-sea.pdf
    • http://www.gorillawalker.com/official-wimbledon-tennis-coaching-video-part-1.pdf
    • http://www.gorillawalker.com/semantics-culture-and-cognition-universal-human-concepts-in-culture-specific.pdf
    • http://www.gorillawalker.com/sacagawea-journey-into-the-west-graphic-biographies.pdf
    • http://www.gorillawalker.com/optimizing-talent-workbook-building-an-unbeatable-talent-brand.pdf
    • http://www.gorillawalker.com/our-friendship-with-multiple-sclerosis.pdf
    • http://www.gorillawalker.com/human-trafficking-around-the-world-hidden-in-plain-sight.pdf
    • http://www.gorillawalker.com/cpag-s-income-related-benefits-1994-the-legislation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.