Malicious PDF — malware analysis report

Static analysis result for SHA-256 18a5304d51ce26be…

MALICIOUS

PDF

46.7 KB Created: 2018-12-02 20:13:01 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: d7e4cbc06b22917bc9e46211ff7f9278 SHA-1: 9322030f830b184f06d6dbfb2adf2e98a07a3d05 SHA-256: 18a5304d51ce26be2377ea290d69475143da4806fd8cd605fa7f09e3b2f7d087
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to the same domain, suggesting a link farm or a method to distribute or obscure malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/my-body-is-where-i-live.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-automobile-lighting-equipment-excluding.pdf
    • http://www.gorillawalker.com/on-the-border-of-fire-origins-of-the-national-religious.pdf
    • http://www.gorillawalker.com/the-shiny-seventh-the-7th-service-battalion-bedfordshire-regiment-at.pdf
    • http://www.gorillawalker.com/remote-sensing-in-soil-science-volume-15-developments-in-soil.pdf
    • http://www.gorillawalker.com/the-yada-yada-prayer-group-gets-rolling-party-edition-with.pdf
    • http://www.gorillawalker.com/vertical-gardening-for-beginners-ideas-for-growing-beautiful-space-saving.pdf
    • http://www.gorillawalker.com/a-diary-of-the-japanese-occupation-december-7-1941-may.pdf
    • http://www.gorillawalker.com/pacto-fiscal-en-guatemala-lecciones-de-una-negociaci.pdf
    • http://www.gorillawalker.com/the-interventional-cardiac-catheterization-handbook-3e.pdf
    • http://www.gorillawalker.com/power-powerlessness-in-jewish-history.pdf
    • http://www.gorillawalker.com/john-cena-the-rock-100-things-all-wwe-fans-should.pdf
    • http://www.gorillawalker.com/nanda-devi-the-tragic-expedition.pdf
    • http://www.gorillawalker.com/annihilation-a-novel-the-southern-reach-trilogy.pdf
    • http://www.gorillawalker.com/joseph-haydn-nelson-mass-missa-in-angustiis-vocal-score-sop.pdf
    • http://www.gorillawalker.com/limit-algebras-an-introduction-to-subalgebras-pitman-research-notes-in.pdf
    • http://www.gorillawalker.com/langenscheidt-s-hebrew-english-english-hebrew-pocket-dictionary.pdf
    • http://www.gorillawalker.com/life-application-study-bible-indexed-nasb.pdf
    • http://www.gorillawalker.com/collins-complete-photography-manual.pdf
    • http://www.gorillawalker.com/job-the-story-of-a-holocaust-survivor.pdf
    • http://www.gorillawalker.com/culture-and-the-senses-embodiment-identity-and-well-being-in.pdf
    • http://www.gorillawalker.com/the-rebirths-of-tao-tao-series-book-three.pdf
    • http://www.gorillawalker.com/aristocracy-and-its-enemies-in-the-age-of-revolution.pdf
    • http://www.gorillawalker.com/cape-cod-the-delaplaine-2014-long-weekend-guide-long-weekend.pdf
    • http://www.gorillawalker.com/only-this.pdf
    • http://www.gorillawalker.com/military-sketching-and-map-reading-including-panoramic-sketching-and-aerial.pdf
    • http://www.gorillawalker.com/mendel-s-principles-of-heredity-a-defence-classic-reprint.pdf
    • http://www.gorillawalker.com/ocala-national-forest-images-of-america-arcadia-publishing-images-of.pdf
    • http://www.gorillawalker.com/threat-level-red-the-disavowed-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/play-showtime-for-alto-saxophone-bk-2-hits-from-the.pdf
    • http://www.gorillawalker.com/children-s-book-about-tigers-kindle-edition.pdf
    • http://www.gorillawalker.com/company-law-and-csr-new-legal-and-economic-challenges.pdf
    • http://www.gorillawalker.com/how-to-secure-your-h-1b-visa-a-practical-guide.pdf
    • http://www.gorillawalker.com/land-of-the-great-image.pdf
    • http://www.gorillawalker.com/taxi-driver-wisdom.pdf
    • http://www.gorillawalker.com/totally-tasteless-and-inappropriate-status-updates-from-my-social-media.pdf
    • http://www.gorillawalker.com/oae-assessment-of-professional-knowledge-multi-age-pk-12-004.pdf
    • http://www.gorillawalker.com/reborn-vol-14.pdf
    • http://www.gorillawalker.com/williams-sonoma-complete-pasta-cookbook-williams-sonoma-complete-cookbooks.pdf
    • http://www.gorillawalker.com/nonprofit-law-for-religious-organizations-essential-questions-answers.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.