Malicious PDF — malware analysis report

Static analysis result for SHA-256 1191db111420b2b4…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 20:01:46 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 17fb2585bcc90cd493c22167c5f48ade SHA-1: 2e0761755c6d61c3838669b909e9431fae68acea SHA-256: 1191db111420b2b4d9034bc955382ff8977e52f4e4a53afb6bf70c918f37b429
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This technique, identified by the PDF_SEO_LINK_FARM heuristic, suggests an attempt to manipulate search engine rankings or to distribute a large volume of content, potentially as a lure or to obscure malicious activity. The ML classifier also flagged the PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-wisdom-of-grandmothers.pdf
    • http://www.gorillawalker.com/transportation-systems-analysis-models-and-applications-springer-optimization-and-its.pdf
    • http://www.gorillawalker.com/gayl-jones-the-language-of-voice-and-freedom-in-her.pdf
    • http://www.gorillawalker.com/a-sensual-menage-collection-menage-erotica.pdf
    • http://www.gorillawalker.com/selbsterfahrung-handwerk-und-spiel-ein-versuch.pdf
    • http://www.gorillawalker.com/personality-development-and-psychotherapy-in-our-diverse-society-a-sourcebook.pdf
    • http://www.gorillawalker.com/retardation-of-evaporation-by-monolayers-transport-processes.pdf
    • http://www.gorillawalker.com/passage-into-light-the-russians.pdf
    • http://www.gorillawalker.com/bleach-vol-3.pdf
    • http://www.gorillawalker.com/gale-encyclopedia-of-psychology.pdf
    • http://www.gorillawalker.com/who-gets-whatand-why-the-new-economics-of-matchmaking-and.pdf
    • http://www.gorillawalker.com/great-german-recipes.pdf
    • http://www.gorillawalker.com/la-guerre-d-algerie-a-coeur-ouvert-l-aberrante-imperitie.pdf
    • http://www.gorillawalker.com/sonata-for-viola-op-92-no-3.pdf
    • http://www.gorillawalker.com/moon-awakening-children-of-the-moon-book-1.pdf
    • http://www.gorillawalker.com/alleluia-easter-lilies-offering-envelope-2014-package-of-50.pdf
    • http://www.gorillawalker.com/aristibule-and-king-noz.pdf
    • http://www.gorillawalker.com/veron-corals-of-australia-and-the-indo-pacific.pdf
    • http://www.gorillawalker.com/a-century-of-shoes.pdf
    • http://www.gorillawalker.com/sport-and-public-policy-ebook-social-political-and-economic-perspectives.pdf
    • http://www.gorillawalker.com/ansel-adams-at-100-2002-wall-calendar.pdf
    • http://www.gorillawalker.com/handbook-of-character-studies-psychoanalytic-explorations.pdf
    • http://www.gorillawalker.com/macarthur-strikes-back.pdf
    • http://www.gorillawalker.com/five-civilized-tribes-and-the-osage-nation-annotated-acts-of.pdf
    • http://www.gorillawalker.com/hillside-landscaping-a-complete-guide-to-successful-gardens-on-sloping.pdf
    • http://www.gorillawalker.com/the-official-encyclopedia-of-bridge.pdf
    • http://www.gorillawalker.com/the-faith-life.pdf
    • http://www.gorillawalker.com/3-gymnop-dies-nos-1-and-3-for-orchestra-study.pdf
    • http://www.gorillawalker.com/exercise-and-older-adults-sudoc-he-1-1011-ex-3.pdf
    • http://www.gorillawalker.com/civil-rights-the-constitution-and-congress-1863-1869.pdf
    • http://www.gorillawalker.com/the-waves.pdf
    • http://www.gorillawalker.com/la-colpa-della-verit-italian-edition.pdf
    • http://www.gorillawalker.com/help-me-talk-right-how-to-teach-a-child-to.pdf
    • http://www.gorillawalker.com/driving-while-black-highways-shopping-malls-taxi-cabs-sidewalks-how.pdf
    • http://www.gorillawalker.com/concert-favorites-volume-2-keyboard-percussion-essentialelements-2000-band-series.pdf
    • http://www.gorillawalker.com/algebraic-spaces-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/mother-s-day-surprise.pdf
    • http://www.gorillawalker.com/teach-yourself-visually-salesforce-com-teach-yourself-visually-tech.pdf
    • http://www.gorillawalker.com/dinosaur-art-the-world-s-greatest-paleoart.pdf
    • http://www.gorillawalker.com/le-basque-french-country-dance-for-horn-and-piano.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.