Malicious PDF — malware analysis report

Static analysis result for SHA-256 18057b308c1444ec…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 20:01:15 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: 525c7bc267ffd371b851b8bb64c29281 SHA-1: ae040752bc524f52a14d6e90541fed05c5a3eb4c SHA-256: 18057b308c1444ecefdb770f334da57740b8d47394cd620dad4ead988497c8e1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or distributing links to other potentially malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/in-the-money-a-book-about-banking-money-matters.pdf
    • http://www.gorillawalker.com/perfectible-animals.pdf
    • http://www.gorillawalker.com/legal-aspects-of-drug-control-and-treatment-of-drug-dependent.pdf
    • http://www.gorillawalker.com/la-principaute-ayyoubide-d-alep-579-1183-658-1260-freiburger.pdf
    • http://www.gorillawalker.com/the-enchanted-islands-the-galapagos-discovered.pdf
    • http://www.gorillawalker.com/countering-north-korean-special-purpose-forces-vast-tunnel-network-infiltration.pdf
    • http://www.gorillawalker.com/dracula-the-company-of-monsters-vol-2.pdf
    • http://www.gorillawalker.com/scarlet-assassin.pdf
    • http://www.gorillawalker.com/cuando-nadie-entiende-when-no-one-understands-cartas-a-una.pdf
    • http://www.gorillawalker.com/sports-illustrated-blood-sweat-chalk-the-ultimate-football-playbook-how.pdf
    • http://www.gorillawalker.com/notes-on-haiti-made-during-a-residence-in-that-republic.pdf
    • http://www.gorillawalker.com/u2-no-line-on-the-horizon-tab.pdf
    • http://www.gorillawalker.com/decoding-theoryspeak-an-illustrated-guide-to-architectural-theory.pdf
    • http://www.gorillawalker.com/strange-borderlands-poems.pdf
    • http://www.gorillawalker.com/flights-of-fancy.pdf
    • http://www.gorillawalker.com/physics-in-the-steel-industry-aip-conference-proceedings.pdf
    • http://www.gorillawalker.com/reading-obama-dreams-hope-and-the-american-political-tradition.pdf
    • http://www.gorillawalker.com/weight-watchers-diet-a-beginner-s-guide-to-losing-up.pdf
    • http://www.gorillawalker.com/children-s-travel-sticker-passport-usa-with-80-four-color.pdf
    • http://www.gorillawalker.com/fishing-spot-locator-southern-ca.pdf
    • http://www.gorillawalker.com/peppermint.pdf
    • http://www.gorillawalker.com/match-day-one-day-and-one-dramatic-year-in-the.pdf
    • http://www.gorillawalker.com/a-matter-of-inches-how-i-survived-in-the-crease.pdf
    • http://www.gorillawalker.com/interracial-bwwm-romance-5-erotic-stories-bundle.pdf
    • http://www.gorillawalker.com/the-site-and-the-memory-ii-luogo-e-la-memoria.pdf
    • http://www.gorillawalker.com/gross-sarcastic-homicide-a-private-investigator-mystery-series-mary-cooper.pdf
    • http://www.gorillawalker.com/nelson-against-napoleon-from-the-nile-to-copenhagen-1798-1801.pdf
    • http://www.gorillawalker.com/the-mind-of-primitive-man.pdf
    • http://www.gorillawalker.com/tar-heel-traveler-eats-food-journeys-across-north-carolina.pdf
    • http://www.gorillawalker.com/crickets-against-rats-regia-aeronautica-in-the-spanish-civil-war.pdf
    • http://www.gorillawalker.com/dyslexia-games-letter-challenge-series-a-book-3-dyslexia-games.pdf
    • http://www.gorillawalker.com/animal-cognition.pdf
    • http://www.gorillawalker.com/a-casebook-on-the-roman-law-of-delict-classical-resources.pdf
    • http://www.gorillawalker.com/why-employees-don-t-do-what-they-re-supposed-to.pdf
    • http://www.gorillawalker.com/el-manual-del-inventor-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/topografia-para-principiantes-topography-for-beginners-spanish-edition.pdf
    • http://www.gorillawalker.com/wisdom-of-the-body-moving-an-introduction-to-body-mind.pdf
    • http://www.gorillawalker.com/the-politics-of-total-liberation-revolution-for-the-21st-century.pdf
    • http://www.gorillawalker.com/guided-inquiry-learning-in-the-21st-century-2nd-edition.pdf
    • http://www.gorillawalker.com/cyclades-the-aegean-islands.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.