Malicious PDF — malware analysis report

Static analysis result for SHA-256 18200d98eb590883…

MALICIOUS

PDF

44.4 KB Created: 2019-04-08 22:39:17 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: afb400d92d19dbe43207f05dd71455cc SHA-1: 6422a55190a0c4ded73f0f34b1a1c42512962bca SHA-256: 18200d98eb5908835651206cddafe74883886840515a00434a0705b19d4750ff
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a heuristic firing indicating a link farm, with 32 external PDF links embedded within the document. The document body also contains numerous URLs pointing to external PDF files, suggesting a tactic to manipulate search engine results or distribute content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8824

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/introduction-to-the-law-the-law-of-total-tricks-simplified.pdf
    • http://www.gorillawalker.com/drupal-7-views-to-the-point.pdf
    • http://www.gorillawalker.com/rivellino-portuguese-edition.pdf
    • http://www.gorillawalker.com/tattooed-the-sociogenesis-of-a-body-art-paperback-2003-michael.pdf
    • http://www.gorillawalker.com/the-way-of-council.pdf
    • http://www.gorillawalker.com/something-special-out-and-about-a-day-out-dvd.pdf
    • http://www.gorillawalker.com/twins-and-twin-relations.pdf
    • http://www.gorillawalker.com/assembling-ericksonian-therapy.pdf
    • http://www.gorillawalker.com/iso-8212-1986-soaps-and-detergents-techniques-of-sampling-during.pdf
    • http://www.gorillawalker.com/rebuilding-your-house.pdf
    • http://www.gorillawalker.com/on-the-causes-of-the-greatness-and-magnificence-of-cities.pdf
    • http://www.gorillawalker.com/correspondence-with-and-exhibits-furnished-by-the-michigan-mutual-life.pdf
    • http://www.gorillawalker.com/soaked-in-blood-a-compilation-of-historical-accounts-on-the.pdf
    • http://www.gorillawalker.com/all-for-jesus-god-at-work-in-the-christian-and.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-brain-games.pdf
    • http://www.gorillawalker.com/the-fall-auction-celebrated-cellars-including-the-collections-of-dr.pdf
    • http://www.gorillawalker.com/panam-spanish-edition.pdf
    • http://www.gorillawalker.com/arias-for-tenor-complete-package-with-diction-coach-and-accompaniment.pdf
    • http://www.gorillawalker.com/inventing-irish-america-generation-class-and-ethnic-identity-in-a.pdf
    • http://www.gorillawalker.com/international-company-taxation-an-introduction-to-the-legal-and-economic.pdf
    • http://www.gorillawalker.com/toward-a-nursing-practice-ability-as-a-life-supporter-to.pdf
    • http://www.gorillawalker.com/burma-railway-artist-the-war-drawings-of-jack-chalker.pdf
    • http://www.gorillawalker.com/easy-fish-and-game-cooking.pdf
    • http://www.gorillawalker.com/hidden-unveiling-japanese-design-curated-by-nendo.pdf
    • http://www.gorillawalker.com/wet-desperate-and-taken-by-strangers-in-public-box-set.pdf
    • http://www.gorillawalker.com/it-s-not-you-it-s-me-the-poetry-of.pdf
    • http://www.gorillawalker.com/insects-real-size-science.pdf
    • http://www.gorillawalker.com/sorrow-s-web-overcoming-the-legacy-of-maternal-depression.pdf
    • http://www.gorillawalker.com/transform-gender-transformation-feminization-erotica.pdf
    • http://www.gorillawalker.com/the-falkland-islands-and-their-natural-history.pdf
    • http://www.gorillawalker.com/la-batalla-de-cada-hombre-spanish-edition.pdf
    • http://www.gorillawalker.com/the-state-of-democracy-in-central-and-eastern-europe-a.pdf
    • http://www.gorillawalker.com/zoom-spanish-edition.pdf
    • http://www.gorillawalker.com/wages-paid-caribbean-modern-classics.pdf
    • http://www.gorillawalker.com/l-epidemiologie-des-maladies-des-animaux-d-elevage-et-la.pdf
    • http://www.gorillawalker.com/promoting-health-and-wellbeing-through-schools.pdf
    • http://www.gorillawalker.com/the-futurist-the-life-and-films-of-james-cameron.pdf
    • http://www.gorillawalker.com/what-11th-graders-need-to-do-get-recruited-for-a.pdf
    • http://www.gorillawalker.com/the-forging-of-a-black-community-seattle-s-central-district.pdf
    • http://www.gorillawalker.com/the-leading-women-stories-of-the-first-women-bishops-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.