Malicious PDF — malware analysis report

Static analysis result for SHA-256 18a055791a1e8184…

MALICIOUS

PDF

43.4 KB Created: 2018-11-14 08:38:25 +03:00 Authoring application: Adobe Acrobat 8.1 Combine Files (via Acrobat Distiller 8.1.0 (Windows))
MD5: 2111071d0819ea1fca1a5150ca06a9a5 SHA-1: 0d1a58afde9306f558d58a6cb7b1656fc4f7089f SHA-256: 18a055791a1e8184ef1a23e40cf4a8c112692bd26f0e43d7f0d646b3c2ebb71a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests an attempt to manipulate search engine results or redirect users to potentially malicious content hosted on the 'gorillawalker.com' domain. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/megan-meade-s-guide-to-the-mcgowan-boys-kindle-edition.pdf
    • http://www.gorillawalker.com/toward-the-unknown-region-full-score-a7885.pdf
    • http://www.gorillawalker.com/milk-and-honey-kindle-edition.pdf
    • http://www.gorillawalker.com/2005-oncology-nursing-drug-handbook.pdf
    • http://www.gorillawalker.com/the-stones-applaud-how-cystic-fibrosis-shaped-my-childhood-hardcover.pdf
    • http://www.gorillawalker.com/stray-birds-rabindra-rachnavali-english-and-bengali-edition.pdf
    • http://www.gorillawalker.com/nonsmooth-analysis-and-geometric-methods-in-deterministic-optimal-control-the.pdf
    • http://www.gorillawalker.com/homogenisation-averaging-processes-in-periodic-media-mathematical-problems-in-the.pdf
    • http://www.gorillawalker.com/born-of-proud-blood-between-the-rifle-and-the-spear.pdf
    • http://www.gorillawalker.com/poverty-international-migration-and-asylum-studies-in-development-economics-and.pdf
    • http://www.gorillawalker.com/skits-comedies-and-farces-for-teen-agers-a-collection-of.pdf
    • http://www.gorillawalker.com/the-child-care-act-1991.pdf
    • http://www.gorillawalker.com/faust-calla-editions.pdf
    • http://www.gorillawalker.com/global-deception-the-un-s-stealth-assault-on-america-s.pdf
    • http://www.gorillawalker.com/ada-2012-rationale-the-language-the-standard-libraries-lecture-notes.pdf
    • http://www.gorillawalker.com/civil-litigation-a-case-study.pdf
    • http://www.gorillawalker.com/problems-and-solutions-in-medical-physics-three-volume-set.pdf
    • http://www.gorillawalker.com/hercules-hwv-60-full-score-a2621.pdf
    • http://www.gorillawalker.com/the-fertile-earth-nature-s-energies-in-agriculture-soil-fertilisation.pdf
    • http://www.gorillawalker.com/the-kingdom-of-god-is-like.pdf
    • http://www.gorillawalker.com/bogs-baths-and-basins-the-story-of-domestic-sanitation.pdf
    • http://www.gorillawalker.com/holiday-tales-of-sholom-aleichem-a-146.pdf
    • http://www.gorillawalker.com/genetically-modified-foods-essential-viewpoints.pdf
    • http://www.gorillawalker.com/inclusive-yet-discerning-navigating-worship-artfully-the-calvin-institute-of.pdf
    • http://www.gorillawalker.com/turkeys-tuxes-and-tabbies-zoe-donovan-mystery-volume-10.pdf
    • http://www.gorillawalker.com/garlic-mint-and-sweet-basil-essays-on-marseilles-the-mediterranean.pdf
    • http://www.gorillawalker.com/historic-virginia-gardens-preservation-work-of-the-garden-club-of.pdf
    • http://www.gorillawalker.com/a-house-to-remember-10-rillington-place.pdf
    • http://www.gorillawalker.com/humphrey-s-bedtime-owlet-book.pdf
    • http://www.gorillawalker.com/saving-israel-how-the-jewish-people-can-win-a-war.pdf
    • http://www.gorillawalker.com/what-if-there-were-no-bees-a-book-about-the.pdf
    • http://www.gorillawalker.com/unexpected-pleasures-pleasure-montana-11-siren-publishing-menage-everlasting.pdf
    • http://www.gorillawalker.com/barmy-british-empire-horrible-histories.pdf
    • http://www.gorillawalker.com/king-arthur-and-his-knights-hardcover.pdf
    • http://www.gorillawalker.com/quakers-and-slavery-a-divided-spirit-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/distinguished-inns-of-north-america-a-collection-of-the-finest.pdf
    • http://www.gorillawalker.com/1997-uniform-building-code-volume-i-administrative-fire-and-life.pdf
    • http://www.gorillawalker.com/fluency-with-information-technology-skills-concepts-capabilities.pdf
    • http://www.gorillawalker.com/mastering-windows-xp-professional.pdf
    • http://www.gorillawalker.com/the-opus-majus-of-roger-bacon-vol-i.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.