Malicious PDF — malware analysis report

Static analysis result for SHA-256 abdc87d52227b9f8…

MALICIOUS

PDF

46.4 KB Created: 2019-02-14 08:25:49 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: 63410f316f2d5a46619815beb570bde4 SHA-1: 5451e96ea4313ffa845523824ecf82bb0ec58141 SHA-256: abdc87d52227b9f89b392a794b3468b30a88977800e33515f49b7b5172035dc0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7924

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/view-from-the-back-of-the-class-t-ai-chi.pdf
    • http://www.gorillawalker.com/teaching-children-about-health-a-multidisciplinary-approach.pdf
    • http://www.gorillawalker.com/creativity-mental-illness-and-crime.pdf
    • http://www.gorillawalker.com/the-greek-girl-s-story-abb-pr-vost-translated-and.pdf
    • http://www.gorillawalker.com/egyptian-arabic-lonely-planet-phrasebooks.pdf
    • http://www.gorillawalker.com/the-mind-play-study-guide.pdf
    • http://www.gorillawalker.com/the-wonderful-world-of-power-hand-tool-wood-carving-40.pdf
    • http://www.gorillawalker.com/poetic-healing.pdf
    • http://www.gorillawalker.com/the-course-serious-hold-em-strategy-for-smart-players.pdf
    • http://www.gorillawalker.com/pearls-scriptures-to-live-by.pdf
    • http://www.gorillawalker.com/materia-medica-of-homoeopathic-medicines.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-for-today.pdf
    • http://www.gorillawalker.com/insiders-guide-to-north-carolina-s-outer-banks-26th-insiders.pdf
    • http://www.gorillawalker.com/architecture-2011-engagement-calendar-calendar.pdf
    • http://www.gorillawalker.com/into-the-outside.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-5430-219-23p-tank.pdf
    • http://www.gorillawalker.com/finding-an-angel-investor-in-a-day-get-it-done.pdf
    • http://www.gorillawalker.com/keswick-project-maps.pdf
    • http://www.gorillawalker.com/in-cordata-storia-di-un-amicizia-tra-due-generazioni-da.pdf
    • http://www.gorillawalker.com/beyond-his-control-memoir-of-a-disobedient-daughter.pdf
    • http://www.gorillawalker.com/feminist-interpretations-of-friedrich-nietzsche-re-reading-the-canon.pdf
    • http://www.gorillawalker.com/fourteen-lessons-in-yogi-philosophy-and-oriental-occultism.pdf
    • http://www.gorillawalker.com/napoleon-s-buttons-17-molecules-that-changed-history-unabridged-audible.pdf
    • http://www.gorillawalker.com/the-engineering-geology-of-weak-rock-engineering-geology-special-publications.pdf
    • http://www.gorillawalker.com/cultural-analysis-politics-public-law-and-administration-v-1.pdf
    • http://www.gorillawalker.com/how-rude-the-teen-guide-to-good-manners-proper-behavior.pdf
    • http://www.gorillawalker.com/redisplaying-museum-collections-contemporary-display-and-interpretation-in-british-museums.pdf
    • http://www.gorillawalker.com/scarlet-letters-the-ever-increasing-intolerance-of-the-cult-of.pdf
    • http://www.gorillawalker.com/the-laboratory-guinea-pig.pdf
    • http://www.gorillawalker.com/political-women-women-are-still-underrepresented-in-canadian-politics-an.pdf
    • http://www.gorillawalker.com/nuclear-structure-volume-ii-nuclear-deformations.pdf
    • http://www.gorillawalker.com/everyday-mysticism-meeting-god-face-to-face.pdf
    • http://www.gorillawalker.com/the-upper-room-a-mama-ruby-book-1.pdf
    • http://www.gorillawalker.com/10-critical-components-for-success-in-the-special-education-classroom.pdf
    • http://www.gorillawalker.com/bono-in-conversation-with-michka-assayas.pdf
    • http://www.gorillawalker.com/eight-new-generation-african-poets-a-chapbook-box-set.pdf
    • http://www.gorillawalker.com/d-gustez-ma-cuisine-m-diterran-enne-french-edition.pdf
    • http://www.gorillawalker.com/how-to-build-a-bow-top-gypsy-caravan-a-step.pdf
    • http://www.gorillawalker.com/workbook-to-accompany-effective-dental-assisting.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-lewis-and-clark-expedition-facts-on-file.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.