Malicious PDF — malware analysis report

Static analysis result for SHA-256 abcc3a01496af160…

MALICIOUS

PDF

42.6 KB Created: 2018-12-02 10:56:31 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 1205e8c5a0809712152410d25588a1ff SHA-1: 61301ea3aa8cedc46cf118f31b35af6e81929c98 SHA-256: abcc3a01496af160c61ef0872bd5eff6d6c20b9b006340a2964d2ff76efec7f6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1598 External Remote Services

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the same domain, suggesting a link farm or a method to distribute content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/telsiks-99-4th-international-conference-on-telecommunications-in-modern-satellite.pdf
    • http://www.gorillawalker.com/never-just-a-game-players-owners-and-american-baseball-to.pdf
    • http://www.gorillawalker.com/nacidos-en-mauthausen-testimonios-y-memori-spanish-edition.pdf
    • http://www.gorillawalker.com/complete-hydrangeas.pdf
    • http://www.gorillawalker.com/let-s-review-algebra-2-trigonometry-barron-s-review-course.pdf
    • http://www.gorillawalker.com/cura-vegetariana-de-la-artritis-spanish-edition.pdf
    • http://www.gorillawalker.com/osborne-little-style-decorating-themes-and-combinations.pdf
    • http://www.gorillawalker.com/gauguin-art-activity-pack.pdf
    • http://www.gorillawalker.com/web-design-from-the-ground-up-xhtml-css-and-web.pdf
    • http://www.gorillawalker.com/orientation-swap-px-the-priest-gay-erotica.pdf
    • http://www.gorillawalker.com/youtube-marketing-handbook.pdf
    • http://www.gorillawalker.com/messe-solenelle-kalmus-edition.pdf
    • http://www.gorillawalker.com/the-consolations-of-writing-literary-strategies-of-resistance-from-boethius.pdf
    • http://www.gorillawalker.com/personal-disaster-planning-handbook.pdf
    • http://www.gorillawalker.com/trick-r-treat-days-of-the-dead.pdf
    • http://www.gorillawalker.com/owning-the-beast-kindle-edition.pdf
    • http://www.gorillawalker.com/home-networking-technologies-and-standards-artech-house-telecommunications-library.pdf
    • http://www.gorillawalker.com/snow-leopards-big-cats.pdf
    • http://www.gorillawalker.com/silently-we-defend.pdf
    • http://www.gorillawalker.com/caravan-kidd-vol-1.pdf
    • http://www.gorillawalker.com/breaking-bread-in-l-aquila.pdf
    • http://www.gorillawalker.com/an-introduction-to-probability-theory.pdf
    • http://www.gorillawalker.com/gamma-2001-gamma-ray-astrophysics-2001-baltimore-maryland-4-6.pdf
    • http://www.gorillawalker.com/the-derrick-s-hand-book-of-petroleum-a-complete-chronological.pdf
    • http://www.gorillawalker.com/new-zealand-globetrotter-travel-atlas-by-lay-graeme-2011-paperback.pdf
    • http://www.gorillawalker.com/cooksville-second-wave-long-buried-secrets-in-a-small-town.pdf
    • http://www.gorillawalker.com/symphony-no-7-in-b-minor-d-759-unfinished-symphony.pdf
    • http://www.gorillawalker.com/ultimate-autos-the-kings-of-bling.pdf
    • http://www.gorillawalker.com/a-day-of-dragon-blood-dragonlore-book-2-paperback.pdf
    • http://www.gorillawalker.com/essential-wordstar-with-mailmerge-and-spellstar-the-essential-series.pdf
    • http://www.gorillawalker.com/guide-to-anura-132-dhapura.pdf
    • http://www.gorillawalker.com/marrakesh-express-un-avventura-fai-da-te-in-marocco-italian.pdf
    • http://www.gorillawalker.com/successful-party-on-thanksgiving-different-ways-to-celebrate-thanksgiving.pdf
    • http://www.gorillawalker.com/pharmaceutical-calculations-13th-edition.pdf
    • http://www.gorillawalker.com/health-and-environmental-safety-of-nanomaterials-polymer-nancomposites-and-other.pdf
    • http://www.gorillawalker.com/sams-teach-yourself-c-in-21-days-5th-edition-kindle.pdf
    • http://www.gorillawalker.com/cathodic-protection-of-reinforced-concrete-bridge-decks.pdf
    • http://www.gorillawalker.com/the-architecture-of-mckim-mead-and-white-1879-1915.pdf
    • http://www.gorillawalker.com/age-of-heroes.pdf
    • http://www.gorillawalker.com/the-letters-of-john-of-salisbury-volume-2-the-later.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.