Malicious PDF — malware analysis report

Static analysis result for SHA-256 180e14ca3ba329e2…

MALICIOUS

PDF

42.4 KB Created: 2018-11-30 01:49:27 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 718b7c8285393df14d4d9885b8f7c33c SHA-1: 7ac1b4bb3ce3dbb43f009b666f3d4aec75c3561f SHA-256: 180e14ca3ba329e24163b8c74d8c620d1b54e8bf006635ecf209344e7d17a30c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'www.gorillawalker.com'. This is indicative of a link farm or SEO manipulation tactic. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' and the sheer volume of URLs suggest a malicious intent to drive traffic or potentially distribute further content. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/expert-economic-testimony-reference-guides-for-judges-and-attorneys-kindle.pdf
    • http://www.gorillawalker.com/search-engine-marketing-inc-driving-search-traffic-to-your-company.pdf
    • http://www.gorillawalker.com/encyclopedia-of-real-estate-terms-based-on-american-english-practice.pdf
    • http://www.gorillawalker.com/terrible-horrible-edie-new-york-review-children-s-collection.pdf
    • http://www.gorillawalker.com/beginning-life-contemporary-issues-in-science.pdf
    • http://www.gorillawalker.com/george-w-smalley-forty-years-a-foreign-correspondent.pdf
    • http://www.gorillawalker.com/30-second-ancient-rome-the-50-most-important-achievements-of.pdf
    • http://www.gorillawalker.com/power-electronics-handbook.pdf
    • http://www.gorillawalker.com/governing-at-the-top-building-a-board-superintendent-strategic-governing.pdf
    • http://www.gorillawalker.com/contemporary-strategy-analysis-7th-seventh-edition.pdf
    • http://www.gorillawalker.com/perfect-cooking-with-exotic-fruit-and-vegetables.pdf
    • http://www.gorillawalker.com/complete-funk-bass.pdf
    • http://www.gorillawalker.com/dr-buynak-s-1-2-3-diabetes-diabetes-diet.pdf
    • http://www.gorillawalker.com/how-is-soil-made-everybody-digs-soil.pdf
    • http://www.gorillawalker.com/a-sketch-of-the-life-and-labours-of-george-whitefield.pdf
    • http://www.gorillawalker.com/shreveport-s-historic-oakland-cemetery-spirits-of-pioneers-and-heroes.pdf
    • http://www.gorillawalker.com/les-rem.pdf
    • http://www.gorillawalker.com/the-betrayal-bond-breaking-free-of-exploitive-relationships.pdf
    • http://www.gorillawalker.com/nonlocal-bifurcations-mathematical-surveys-and-monographs.pdf
    • http://www.gorillawalker.com/the-complete-home-health-advisor.pdf
    • http://www.gorillawalker.com/miss-smilla-s-feeling-for-snow-the-making-of-a.pdf
    • http://www.gorillawalker.com/sea-and-smoke-world-class-dishes-from-an-untamed-island.pdf
    • http://www.gorillawalker.com/architectural-engineering-design-template-to-compile-the-example-water-supply.pdf
    • http://www.gorillawalker.com/winds-of-fate-book-two-in-the-riders-of-the.pdf
    • http://www.gorillawalker.com/diy-preppers-guide-easy-diy-survival-hacks-that-everyone-can.pdf
    • http://www.gorillawalker.com/the-art-of-godmachine.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-surgery-for-the-colon-rectum-and.pdf
    • http://www.gorillawalker.com/practical-epilepsy.pdf
    • http://www.gorillawalker.com/the-smiths-louder-than-bombs.pdf
    • http://www.gorillawalker.com/conquest-star-force-series-4.pdf
    • http://www.gorillawalker.com/our-kiss.pdf
    • http://www.gorillawalker.com/an-interactive-introduction-to-mathematical-analysis.pdf
    • http://www.gorillawalker.com/piano-concerto-no-3-op-30-study-score.pdf
    • http://www.gorillawalker.com/body-parts-a-practical-guide-for-artists.pdf
    • http://www.gorillawalker.com/u-s-virgin-islands-alive.pdf
    • http://www.gorillawalker.com/the-global-bakery-cakes-from-the-world-s-kitchens.pdf
    • http://www.gorillawalker.com/les-cartes-pilates-50-exercices-pour-fortifier-et-tonifier-votre.pdf
    • http://www.gorillawalker.com/knitting-stitch-led-design.pdf
    • http://www.gorillawalker.com/the-articles-of-confederation-explained-a-clause-by-clause-study.pdf
    • http://www.gorillawalker.com/mi-mar-y-yo-el-mundo-azul-de-puerto-rico.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.