Malicious PDF — malware analysis report

Static analysis result for SHA-256 182b86f4041e8a59…

MALICIOUS

PDF

44.0 KB Created: 2018-11-30 20:31:48 +03:00 Authoring application: Adobe Illustrator CS2 (via Adobe PDF library 7.77)
MD5: d9f42ee07c9353f445aa70e6e24a35a9 SHA-1: 879b92f9ad96c4035ff4f531c97ec4ad7582a49d SHA-256: 182b86f4041e8a59e4c2cbfedd7336890a3ff997cc82e0fe72209bc770c73c99
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute potentially malicious content. While no scripts were explicitly extracted, the ML classifier and the PDF_SEO_LINK_FARM heuristic strongly suggest malicious intent. The document body appears to be truncated and unreadable, preventing a more detailed analysis of its specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/birds-of-prey.pdf
    • http://www.gorillawalker.com/space-technology-and-applications-international-forum-staif-2005-conference-on.pdf
    • http://www.gorillawalker.com/preventing-pressure-ulcers-a-patient-s-guide-sudoc-he-20.pdf
    • http://www.gorillawalker.com/botanical-materia-medica-and-pharmacology-drugs-considered-from-a-botanical.pdf
    • http://www.gorillawalker.com/the-dead-and-the-living-in-paris-and-london-1500.pdf
    • http://www.gorillawalker.com/the-party-girl-diet-keep-the-party-going-while-you.pdf
    • http://www.gorillawalker.com/mary-martha-and-lazarus-the-lion-story-bible-44.pdf
    • http://www.gorillawalker.com/the-conservation-and-improvement-of-sloping-lands-practical-application-vol.pdf
    • http://www.gorillawalker.com/knifepoint-breakers-book-3.pdf
    • http://www.gorillawalker.com/simplified-mechanics-and-strength-of-materials.pdf
    • http://www.gorillawalker.com/dc-heroclix-legacy-booster-pack.pdf
    • http://www.gorillawalker.com/heaven-and-hell-my-life-in-the-eagles-1974-2001.pdf
    • http://www.gorillawalker.com/learning-and-applying-solidworks-2009-2010.pdf
    • http://www.gorillawalker.com/the-railroads-of-san-antonio-and-south-central-texas.pdf
    • http://www.gorillawalker.com/in-control-a-guide-for-teens-with-diabetes-kindle-edition.pdf
    • http://www.gorillawalker.com/brain-quest-presidents.pdf
    • http://www.gorillawalker.com/elijah-op-70-part-i-recitative-aria-draw-near-all.pdf
    • http://www.gorillawalker.com/everquest-temple-of-solusek-ro-everquest-role-playing-game.pdf
    • http://www.gorillawalker.com/what-s-what-in-the-bible.pdf
    • http://www.gorillawalker.com/beat-the-taxman-2007-easy-ways-to-save-tax-in.pdf
    • http://www.gorillawalker.com/battling-the-life-and-death-forces-of-sadomasochism-clinical-perspectives.pdf
    • http://www.gorillawalker.com/who-s-reddie.pdf
    • http://www.gorillawalker.com/so-many-so-much-so-far-so-fast-united-states.pdf
    • http://www.gorillawalker.com/pasta-made-from-scratch.pdf
    • http://www.gorillawalker.com/mental-health-aspects-of-autism-and-asperger-syndrome.pdf
    • http://www.gorillawalker.com/inside-photography-ten-interviews-with-editors.pdf
    • http://www.gorillawalker.com/criminal-law-writing-lesson-this-is-the-criminal-law-lesson.pdf
    • http://www.gorillawalker.com/hit-and-run-lurlene-mcdaniel.pdf
    • http://www.gorillawalker.com/the-art-of-chinese-landscape-painting-in-the-caves-of.pdf
    • http://www.gorillawalker.com/small-people-in-colorado-places.pdf
    • http://www.gorillawalker.com/the-war-against-iraq-lucent-library-of-homeland-security.pdf
    • http://www.gorillawalker.com/the-cult-of-draupadi-volume-1-mythologies-from-gingee-to.pdf
    • http://www.gorillawalker.com/riots-revolutions-and-the-scottish-covenanters-the-work-of-alexander.pdf
    • http://www.gorillawalker.com/the-darkest-hour-the-swordmage-trilogy-book-2-magic-of.pdf
    • http://www.gorillawalker.com/full-tilt-ireland-to-india-with-a-bicycle-century-travellers.pdf
    • http://www.gorillawalker.com/tarascon-pocket-pharmacopoeia-2013-classic-shirt-pocket-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-multicultural-education-from-theory-to-practice.pdf
    • http://www.gorillawalker.com/angelina-at-the-palace-angelina-ballerina.pdf
    • http://www.gorillawalker.com/carpe-jugulum-a-novel-of-discworld.pdf
    • http://www.gorillawalker.com/richer-than-all-his-tribe.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.