Malicious PDF — malware analysis report

Static analysis result for SHA-256 98f88e6e286f2a6f…

MALICIOUS

PDF

43.7 KB Created: 2018-12-15 08:16:43 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: 9814c88bc8b6966390237e7023ef8937 SHA-1: eaa2cebdc270afa004bf527ed292708fff40a23a SHA-256: 98f88e6e286f2a6f67c9c1b909b1dc449cc29045b1fd508b86517d967a16cfd4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a significant number of external links to other PDF documents hosted on the same domain. This behavior is indicative of a link farm or a SEO poisoning attack, designed to either boost search engine rankings or redirect users to potentially harmful content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/obligations-of-citizenship-and-demands-of-faith-religious-accommodation-in.pdf
    • http://www.gorillawalker.com/feeling-the-spirit-faith-and-hope-in-an-evangelical-black.pdf
    • http://www.gorillawalker.com/beyond-our-dreams-spiritual-and-christian-adventures-in-the-astral.pdf
    • http://www.gorillawalker.com/the-litigators-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/animal-eyes-oxford-animal-biology-series.pdf
    • http://www.gorillawalker.com/magic-in-the-blood-allie-beckstrom-book-2.pdf
    • http://www.gorillawalker.com/john-harding-2-book-gothic-collection.pdf
    • http://www.gorillawalker.com/the-artful-journey-cultivating-and-soliciting-the-major-gift.pdf
    • http://www.gorillawalker.com/a-history-of-the-federal-reserve-volume-2-book-1.pdf
    • http://www.gorillawalker.com/psychopathia-sexualis-the-classic-study-of-deviant-sex.pdf
    • http://www.gorillawalker.com/the-handmade-soap-book.pdf
    • http://www.gorillawalker.com/best-lesbian-erotica-2008.pdf
    • http://www.gorillawalker.com/children-s-drawings-as-diagnostic-aids.pdf
    • http://www.gorillawalker.com/food-energy-and-society-resource-environmental-sciences-series.pdf
    • http://www.gorillawalker.com/mining-engineering-analysis-second-edition.pdf
    • http://www.gorillawalker.com/touch-magic.pdf
    • http://www.gorillawalker.com/polar-bears-amazing-pictures-and-facts-about-polar-bears-let.pdf
    • http://www.gorillawalker.com/under-the-sea-magnetic-story-play-scene.pdf
    • http://www.gorillawalker.com/mitos-y-leyendas-de-los-aztecas-incas-mayas-y-muiscas.pdf
    • http://www.gorillawalker.com/west-s-social-security-disability-practice-2006.pdf
    • http://www.gorillawalker.com/romancing-reality-homa-viator-scandal-called-beauty.pdf
    • http://www.gorillawalker.com/an-authentic-history-of-the-late-war-between-the-united.pdf
    • http://www.gorillawalker.com/engineering-graphics-and-design-a-problem-solving-approach-with-worksheets.pdf
    • http://www.gorillawalker.com/the-well-dressed-ape-natural-history-of-myself-byholmes.pdf
    • http://www.gorillawalker.com/stein-on-writing.pdf
    • http://www.gorillawalker.com/heart-of-vengeance-jewels-of-tomorrow.pdf
    • http://www.gorillawalker.com/michael-vey-rise-of-the-elgen-book-2.pdf
    • http://www.gorillawalker.com/the-story-of-jane-doe.pdf
    • http://www.gorillawalker.com/xaragua-cienfuegos-vi-bestseller-bibioteca-alberto-vazquz-figueroa-spanish-edition.pdf
    • http://www.gorillawalker.com/ich-und-die-welt-german-edition.pdf
    • http://www.gorillawalker.com/cognoscenti-seattle.pdf
    • http://www.gorillawalker.com/fasttrack-keyboard-method-book-2-fasttrack-series.pdf
    • http://www.gorillawalker.com/robert-sangster-tycoon-of-the-turf.pdf
    • http://www.gorillawalker.com/carving-shorebirds-with-full-size-templates.pdf
    • http://www.gorillawalker.com/writing-and-reading-across-the-curriculum-13th-edition.pdf
    • http://www.gorillawalker.com/just-cause-a-union-guide-to-winning-discipline-cases.pdf
    • http://www.gorillawalker.com/toward-sustainable-communities-solutions-for-citizens-and-their-governments.pdf
    • http://www.gorillawalker.com/course-ilt-project-management-basic-for-pmp-certification.pdf
    • http://www.gorillawalker.com/annotations-to-surplus-lines-statutes.pdf
    • http://www.gorillawalker.com/autism-through-a-sister-s-eyes-a-book-for-children.pdf
    • http://www.gorillawalker.com/the-litigators-unabridged-audib
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.