Malicious PDF — malware analysis report

Static analysis result for SHA-256 099b36f768cae06d…

MALICIOUS

PDF

45.0 KB Created: 2019-01-06 08:03:58 +03:00 Authoring application: Sejda (Ver. 1.0.0.M6-SNAPSHOT) (via iText 2.1.7 by 1T3XT)
MD5: 2f1547a63dbf4b3b69dbb7c3f0ed3bd3 SHA-1: eea8179660fbf25164ada8dd04bdbfe9f032abbd SHA-256: 099b36f768cae06ddb07f08f58643c4c09f6a66e8e31aaa1b6b3a088aa56aa15
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a vast collection of URLs, likely for SEO spam or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/schaum-s-outline-of-medical-terminology-schaum-s-outline-series.pdf
    • http://www.gorillawalker.com/le-villi-opera-completa-per-canto-e-pianoforte-by-giacomo.pdf
    • http://www.gorillawalker.com/the-ga-bar-cheat-sheet-plus-jul-15-feb-16.pdf
    • http://www.gorillawalker.com/the-vegetable-bible.pdf
    • http://www.gorillawalker.com/environmental-engineering-in-the-process-plant.pdf
    • http://www.gorillawalker.com/the-greening-of-psychology-the-vegetable-world-in-myth-dream.pdf
    • http://www.gorillawalker.com/the-seductress-a-billionaire-erotic-short-story-seductive-sixties-60s.pdf
    • http://www.gorillawalker.com/hiking-the-bigfoot-country-a-sierra-club-totebook.pdf
    • http://www.gorillawalker.com/the-super-duper-water-balloon-launcher-kit-ready-aim-splash.pdf
    • http://www.gorillawalker.com/easing-the-stress-of-injections-working-it-out-an-article.pdf
    • http://www.gorillawalker.com/beethoven-ludwig-sonata-no-5-in-f-major-spring-op.pdf
    • http://www.gorillawalker.com/muddied-oafs.pdf
    • http://www.gorillawalker.com/not-much-just-chillin-the-hidden-lives-of-middle-schoolers.pdf
    • http://www.gorillawalker.com/elements-of-distribution-theory-cambridge-series-in-statistical-and-probabilistic.pdf
    • http://www.gorillawalker.com/what-to-see-and-do-in-scandinavia-how-to-get.pdf
    • http://www.gorillawalker.com/a-casebook-of-cognitive-therapy-for-psychosis.pdf
    • http://www.gorillawalker.com/bioinformatics-methods-in-clinical-research-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/life-verses-the-bible-s-impact-on-famous-lives-great.pdf
    • http://www.gorillawalker.com/edge-volume-two-5-8-immortal-pentacle-sons-mc-edge.pdf
    • http://www.gorillawalker.com/silent-night-2-fear-street-super-chillers-no-5.pdf
    • http://www.gorillawalker.com/morning-star-conferences-on-the-virgin-mary.pdf
    • http://www.gorillawalker.com/the-cult-of-thinness-2nd-second-edition-text-only.pdf
    • http://www.gorillawalker.com/nighthawks.pdf
    • http://www.gorillawalker.com/american-writers-and-the-approach-of-world-war-ii-1935.pdf
    • http://www.gorillawalker.com/the-soul-of-boxing-what-motivates-the-world-s-greatest.pdf
    • http://www.gorillawalker.com/mission-design-data-for-venus-mars-and-jupiter-through-1990.pdf
    • http://www.gorillawalker.com/insider-computer-fraud-an-in-depth-framework-for-detecting-and.pdf
    • http://www.gorillawalker.com/culturally-competent-practice-skills-interventions-and-evaluations.pdf
    • http://www.gorillawalker.com/a-student-handbook-for-writing-in-biology-copublished-by-sinauer.pdf
    • http://www.gorillawalker.com/spanks-for-nothing-undeserved-discipline.pdf
    • http://www.gorillawalker.com/capstone-office-simulation-supreme-electronics-inc.pdf
    • http://www.gorillawalker.com/space-mission-patches.pdf
    • http://www.gorillawalker.com/the-beatles-unseen-behind-the-scenes-with-the-beatles.pdf
    • http://www.gorillawalker.com/palgrave-concise-historical-atlas-of-the-cold-war.pdf
    • http://www.gorillawalker.com/milan-falk-plan-italian-edition.pdf
    • http://www.gorillawalker.com/the-no-nonsense-guide-to-irritable-bowel-syndrome-ibs-digestive.pdf
    • http://www.gorillawalker.com/worker-participation-lessons-from-the-worker-co-ops-of-the.pdf
    • http://www.gorillawalker.com/natura-2000-auswirkung-und-umsetzung-im-innerstaatlichen-recht-forschungen-aus.pdf
    • http://www.gorillawalker.com/armageddon-science-the-science-of-mass-destruction.pdf
    • http://www.gorillawalker.com/a-riot-of-our-own-night-and-day-with-the.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.