Malicious PDF — malware analysis report

Static analysis result for SHA-256 98fc4618aa972efd…

MALICIOUS

PDF

34.8 KB Created: 2020-02-08 18:40:00 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: f860ddcc1893ed690a3dbe567bf581f4 SHA-1: 28c808d613e8a68cdfa29f2a6f65163114f7e066 SHA-256: 98fc4618aa972efddbf551ab970c2d214c2c167254baf78120e310e4a8c5caf3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links to PDF documents on the domain www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content, potentially related to SEO manipulation or phishing lures. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sorcha-s-wolf-sisterhood-of-jade-volume-3.pdf
    • http://www.gorillawalker.com/el-ltimo-gladiador-spanish-edition.pdf
    • http://www.gorillawalker.com/make-him-beg-you-back-in-8-simple-steps-the.pdf
    • http://www.gorillawalker.com/hearing-god-for-intimacy-healing-creativity-meditation-and-dream-interpretation.pdf
    • http://www.gorillawalker.com/the-first-90-days-in-government-critical-success-strategies-for.pdf
    • http://www.gorillawalker.com/selling-of-contraception-the-dalkon-shield-case-sexuality-and-wo.pdf
    • http://www.gorillawalker.com/talking-to-humans-success-starts-with-understanding-your-customers.pdf
    • http://www.gorillawalker.com/beethoven-violin-concerto-cambridge-music-handbooks.pdf
    • http://www.gorillawalker.com/a-respectable-actress-digital.pdf
    • http://www.gorillawalker.com/how-to-forecast-interest-rates-a-guide-to-profits-for.pdf
    • http://www.gorillawalker.com/shattering-earthquakes-awesome-forces-of-nature.pdf
    • http://www.gorillawalker.com/valan-s-bondmate-zarronian-warriors-book-1.pdf
    • http://www.gorillawalker.com/earth-an-introduction-to-physical-geology-7th-edition-study-guide.pdf
    • http://www.gorillawalker.com/tombs-at-giza-volume-1-kaiemankh-g4561-and-seshemnefer-i.pdf
    • http://www.gorillawalker.com/poirot-s-finest-cases-eight-full-cast-bbc-radio-dramatisations.pdf
    • http://www.gorillawalker.com/diccionario-de-modismos-ingleses-y-norteamericanos-dictionary-of-english-and.pdf
    • http://www.gorillawalker.com/healing-psoriasis-the-natural-alternative-by-pagano-dc-john-o.pdf
    • http://www.gorillawalker.com/several-complex-variables-proceedings-of-the-1981-hangzhou-conference.pdf
    • http://www.gorillawalker.com/for-the-love-of-magic-a-spellbound-falls-romance.pdf
    • http://www.gorillawalker.com/great-seafood-dishes.pdf
    • http://www.gorillawalker.com/biology-and-fertility-of-tropical-soils-report-of-the-tropical.pdf
    • http://www.gorillawalker.com/the-montignac-diet-cookbook-by-michel-montignac-may-5-2010.pdf
    • http://www.gorillawalker.com/tattooed-hearts-martha-s-way-series-book-3.pdf
    • http://www.gorillawalker.com/an-aztec-in-spain-kindle-edition.pdf
    • http://www.gorillawalker.com/the-harvard-dictionary-of-music-harvard-university-press-reference-library.pdf
    • http://www.gorillawalker.com/a-field-guide-to-southern-new-england-railroad-depots-and.pdf
    • http://www.gorillawalker.com/electroactive-polymers-for-corrosion-control-acs-symposium-series.pdf
    • http://www.gorillawalker.com/chakras-awaken-your-internal-energy-balance-chakras-radiate-energy-and.pdf
    • http://www.gorillawalker.com/a-souvenir-disney-songbook-favorite-songs-from-disneyland-walt-disney.pdf
    • http://www.gorillawalker.com/quality-control-coaching-youth-soccer-basic-training.pdf
    • http://www.gorillawalker.com/prehistoric-monsters-pictureback-r.pdf
    • http://www.gorillawalker.com/ritual-purity-and-the-dead-sea-scrolls-studies-on-the.pdf
    • http://www.gorillawalker.com/sonata-for-treble-alto-recorder-basso-continuo-bk-cd.pdf
    • http://www.gorillawalker.com/the-market-gardener-a-successful-grower-s-handbook-for-small.pdf
    • http://www.gorillawalker.com/successful-construction-project-management-the-practical-guide.pdf
    • http://www.gorillawalker.com/teenage-doll.pdf
    • http://www.gorillawalker.com/cdc-prevention-guidelines-a-guide-for-action.pdf
    • http://www.gorillawalker.com/an-experimental-study-of-sleep-from-the-physiological-laboratory-of.pdf
    • http://www.gorillawalker.com/the-yummy-mummy-s-family-handbook.pdf
    • http://www.gorillawalker.com/ottolenghi-the-cookbook.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.