Malicious PDF — malware analysis report

Static analysis result for SHA-256 99b9ee62da47499a…

MALICIOUS

PDF

41.5 KB Created: 2019-04-10 12:10:09 +03:00 Authoring application: tFPDF 1.03
MD5: 7b4be9f530fe77124bead6feefe16885 SHA-1: 3a4be7533714d82fa3735f3cd9e3fa38ab1a7f99 SHA-256: 99b9ee62da47499a2af60685403dcd7d19e1b8a0078d5b178816418cd60e0b7b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous external resources, likely for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9006

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/feyland-the-bright-court-feyland-trilogy-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/until-you-see-me.pdf
    • http://www.gorillawalker.com/shakespeare-feminism-and-gender-new-casebooks.pdf
    • http://www.gorillawalker.com/once-there-was-twice-there-wasn-t-fifty-turkish-folktales.pdf
    • http://www.gorillawalker.com/a-history-of-edged-weapon-warfare.pdf
    • http://www.gorillawalker.com/a-yanqui-in-patagonia.pdf
    • http://www.gorillawalker.com/walking-naked-women-society-spirituality-in-south-india.pdf
    • http://www.gorillawalker.com/franchise-bible-how-to-buy-a-franchise-or-franchise-your.pdf
    • http://www.gorillawalker.com/the-emancipated-spectator.pdf
    • http://www.gorillawalker.com/bull-the-biography.pdf
    • http://www.gorillawalker.com/mcgraw-hill-spectrum-geography-grade-4-regions-of-the-u.pdf
    • http://www.gorillawalker.com/acta-universitatis-lundensis-lunds-universitets-rsskrift-volume-29-swedish-edition.pdf
    • http://www.gorillawalker.com/what-fatima-did-oberon-modern-plays-kindle-edition.pdf
    • http://www.gorillawalker.com/advances-in-fetal-and-neonatal-physiology-proceedings-of-the-center.pdf
    • http://www.gorillawalker.com/national-geographic-december-1972-vol-142-no-6.pdf
    • http://www.gorillawalker.com/redneck-succubus-queen-of-the-trailer-park-demon-queen-of.pdf
    • http://www.gorillawalker.com/poesias-completas-complete-poetry-el-libro-de-bolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/the-subjection-of-women-dover-thrift-editions.pdf
    • http://www.gorillawalker.com/we-are-amused-cartoonist-s-view-of-royalty.pdf
    • http://www.gorillawalker.com/how-to-draw-sci-fi-pocket-manga.pdf
    • http://www.gorillawalker.com/they-were-legal-balzac-y-lopez-the-history-of-an.pdf
    • http://www.gorillawalker.com/when-leaders-learn-and-when-they-don-t-mikhail-gorbachev.pdf
    • http://www.gorillawalker.com/gas-chromatography-in-biology-and-medicine-a-ciba-foundation-symposium.pdf
    • http://www.gorillawalker.com/the-italian-wars-1494-1559-war-state-and-society-in.pdf
    • http://www.gorillawalker.com/teaching-american-history-an-inquiry-approach-engaging-students.pdf
    • http://www.gorillawalker.com/dictionary-of-early-christian-literature-a-herder-herder-book.pdf
    • http://www.gorillawalker.com/piero-manzoni.pdf
    • http://www.gorillawalker.com/practice-guidelines-for-acute-care-nurse-practitioners.pdf
    • http://www.gorillawalker.com/porn-shop-princess-a-chastity-feminization-sissy-training-crossdressing-tale.pdf
    • http://www.gorillawalker.com/scooby-snacks-recipe-book.pdf
    • http://www.gorillawalker.com/african-hosts-and-their-guests-cultural-dynamics-of-tourism.pdf
    • http://www.gorillawalker.com/the-germans-meridian.pdf
    • http://www.gorillawalker.com/salinisation-of-land-and-water-resources.pdf
    • http://www.gorillawalker.com/at-the-aquarium-dover-coloring-books.pdf
    • http://www.gorillawalker.com/the-great-american-dust-bowl.pdf
    • http://www.gorillawalker.com/handbook-of-heating-ventilation-and-air-conditioning-handbook-series-for.pdf
    • http://www.gorillawalker.com/music-in-a-dry-country-wine-song-book-2.pdf
    • http://www.gorillawalker.com/grand-diplome-cooking-course-classic-fish-dishes-chaudfroids-strawberry-mille.pdf
    • http://www.gorillawalker.com/summer-of-fear.pdf
    • http://www.gorillawalker.com/skin-pathology-2e.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.