Malicious PDF — malware analysis report

Static analysis result for SHA-256 18217360eee8211c…

MALICIOUS

PDF

43.7 KB Created: 2018-12-14 20:07:17 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 2b7d4168e7680994e19c21f16ca5b31a SHA-1: 091f1fde74e6b9041306fe75e6fd7e23d182d842 SHA-256: 18217360eee8211c132eb9f41a490f2922a42d161dde87a4f2c2841c75c26148
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the creation of a link farm, likely to manipulate search engine rankings or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fashion-retailing-a-multi-channel-approach.pdf
    • http://www.gorillawalker.com/negotiate-wisely-in-business-technology.pdf
    • http://www.gorillawalker.com/virtual-currencies-from-secrecy-to-safety-the-evolving-landscape-in.pdf
    • http://www.gorillawalker.com/llewellyn-s-2016-daily-planetary-guide-complete-astrology-at-a.pdf
    • http://www.gorillawalker.com/brazil-food-and-festivals.pdf
    • http://www.gorillawalker.com/make-your-own-music-video-dv-expert-series.pdf
    • http://www.gorillawalker.com/informal-introduction-to-stochastic-processes-with-maple-universitext.pdf
    • http://www.gorillawalker.com/jan-de-wet-lofkleuter-bybelstories-en-liedjies-afrikaans-edition.pdf
    • http://www.gorillawalker.com/a-text-book-of-veterinary-ophthalmology-by-geo-g-van.pdf
    • http://www.gorillawalker.com/epilepsy-and-seizures-everything-you-need-to-know-your-personal.pdf
    • http://www.gorillawalker.com/parlor-games-deck-50-amusements-and-entertainments-for-everyone.pdf
    • http://www.gorillawalker.com/case-studies-on-performance-enhancing-sports-science-korean-edition.pdf
    • http://www.gorillawalker.com/corporate-and-white-collar-crime-selected-case-statutes-and-documents.pdf
    • http://www.gorillawalker.com/f-ck-i-m-in-my-twenties-by-emma-koenig.pdf
    • http://www.gorillawalker.com/cognitive-behavioral-therapy-for-impulsive-children-therapist-manual-3rd-edition.pdf
    • http://www.gorillawalker.com/master-the-toefl-cbt-2004-arco-master-the-toefl.pdf
    • http://www.gorillawalker.com/eye-of-the-tiger-my-life.pdf
    • http://www.gorillawalker.com/journey-of-a-healer.pdf
    • http://www.gorillawalker.com/apa-map-thailand.pdf
    • http://www.gorillawalker.com/the-brand-on-his-coat-biographies-of-some-western-australian.pdf
    • http://www.gorillawalker.com/bob-kasper-s-tactical-knives-street-smart-training-tactics-that.pdf
    • http://www.gorillawalker.com/crc-handbook-of-lubrication-theory-and-practice-of-tribology-volume.pdf
    • http://www.gorillawalker.com/by-ismail-tosun-modeling-in-transport-phenomena-second-edition-a.pdf
    • http://www.gorillawalker.com/foxwood-another-year-part-2-of-the-foxwood-trilogy-volume.pdf
    • http://www.gorillawalker.com/additives-for-plastics-state-of-the-art-volume-1-v.pdf
    • http://www.gorillawalker.com/dr-slump-vol-10.pdf
    • http://www.gorillawalker.com/modern-construction-envelopes.pdf
    • http://www.gorillawalker.com/the-essential-middle-east-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-christian-literature-2-vol-set.pdf
    • http://www.gorillawalker.com/cambodian-shop-signs.pdf
    • http://www.gorillawalker.com/el-puesto-es-suyo.pdf
    • http://www.gorillawalker.com/five-christmas-songs.pdf
    • http://www.gorillawalker.com/thieves-of-book-row-new-york-s-most-notorious-rare.pdf
    • http://www.gorillawalker.com/gilliflowers-bonds-of-affection-memoirs-of-a-houseboy-2008-volume.pdf
    • http://www.gorillawalker.com/miss-pickerell-goes-undersea.pdf
    • http://www.gorillawalker.com/homer-the-power-of-men-that-have-chests-notebook-an.pdf
    • http://www.gorillawalker.com/pcep-neonatal-care-book-iii-perinatal-continuing-education-program.pdf
    • http://www.gorillawalker.com/hawthorn-a-blythewood-novel.pdf
    • http://www.gorillawalker.com/lives-in-letters-princess-zinaida-volkonskaya-and-her-correspondence.pdf
    • http://www.gorillawalker.com/recharge-your-library-programs-with-pop-culture-and-technology-connect.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.