Malicious PDF — malware analysis report

Static analysis result for SHA-256 99bb5bcae5c53f99…

MALICIOUS

PDF

45.2 KB Created: 2019-03-17 08:21:41 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 9a77f057aa3d8c62f14026fe82c272d6 SHA-1: f42a0409d6b9cb0d3e1942c18875dbcb3bc77707 SHA-256: 99bb5bcae5c53f999a767e71d6160ad269875db701e2419c0a16cd777904971e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The primary IOCs are the URLs pointing to the linked PDF files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-labor-of-love-how-to-write-a-eulogy.pdf
    • http://www.gorillawalker.com/companion-to-medieval-and-renaissance-music.pdf
    • http://www.gorillawalker.com/3d-printing-business-how-to-get-rich-from-home-with.pdf
    • http://www.gorillawalker.com/mel-bay-s-mandolin-scales-chart.pdf
    • http://www.gorillawalker.com/worship-the-missing-jewel-volume1-of-2.pdf
    • http://www.gorillawalker.com/never-ending-stories-adaptation-canonisation-and-ideology-in-children-s.pdf
    • http://www.gorillawalker.com/unbridled-and-unridden-the-double-rider-men-s-club-4.pdf
    • http://www.gorillawalker.com/state-of-the-art-film-writings-1983-1985.pdf
    • http://www.gorillawalker.com/principles-of-plasma-mechanics.pdf
    • http://www.gorillawalker.com/the-rifle-its-development-for-big-game-hunting.pdf
    • http://www.gorillawalker.com/knight-the-warrior-and-world-of-chivalry-general-military.pdf
    • http://www.gorillawalker.com/otto-has-a-birthday-party.pdf
    • http://www.gorillawalker.com/clinical-gastroenterology.pdf
    • http://www.gorillawalker.com/agile-project-management-for-busy-managers-kindle-edition.pdf
    • http://www.gorillawalker.com/iso-15500-14-2002-road-vehicles-compressed-natural-gas-cng.pdf
    • http://www.gorillawalker.com/our-favorite-recipes-for-one-or-two-our-favorite-recipes.pdf
    • http://www.gorillawalker.com/comfort-food-without-borders-volume-one-from-appetizers-to-pastas.pdf
    • http://www.gorillawalker.com/handbook-in-research-and-evaluation-a-collection-of-principles-methods.pdf
    • http://www.gorillawalker.com/digital-holography-microscopy-applications-three-dimensional-object-analysis-and-tracking.pdf
    • http://www.gorillawalker.com/octonauts-search-and-find.pdf
    • http://www.gorillawalker.com/oae-early-childhood-education-012-secrets-study-guide-oae-test.pdf
    • http://www.gorillawalker.com/the-great-deceiver-seing-satan-for-what-he-is.pdf
    • http://www.gorillawalker.com/49th-fighter-group-aces-of-the-pacific-aviation-elite-units.pdf
    • http://www.gorillawalker.com/place-in-research-theory-methodology-and-methods-routledge-advances-in.pdf
    • http://www.gorillawalker.com/two-billion-eyes-the-story-of-china-central-television.pdf
    • http://www.gorillawalker.com/iron-and-human-disease.pdf
    • http://www.gorillawalker.com/hermeneutical-procedure-and-theological-method-in-origen-s-exegesis-patristische.pdf
    • http://www.gorillawalker.com/30000-toefl-gre-vocabulary.pdf
    • http://www.gorillawalker.com/fight-to-the-death-viv-graham-and-lee-duffy-too.pdf
    • http://www.gorillawalker.com/pollination-power.pdf
    • http://www.gorillawalker.com/metallogeny-of-tin-lecture-notes-in-earth-sciences.pdf
    • http://www.gorillawalker.com/hawaiian-style-ukulele-volume-2.pdf
    • http://www.gorillawalker.com/software-project-estimation-the-fundamentals-for-providing-high-quality-information.pdf
    • http://www.gorillawalker.com/wild-wicked-wanton-an-alpha-shifter-erotic-romance-claimed-by.pdf
    • http://www.gorillawalker.com/not-june-cleaver-women-and-gender-in-postwar-america-1945.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-new-audiovisual-aesthetics-oxford-handbooks.pdf
    • http://www.gorillawalker.com/the-definitive-guide-to-apache-mod-rewrite-definitive-guides-kindle.pdf
    • http://www.gorillawalker.com/tuva-or-bust-richard-feynman-s-last-journey.pdf
    • http://www.gorillawalker.com/broken-glass.pdf
    • http://www.gorillawalker.com/minolta-classic-cameras-for-maxxum-7000-9000-7000i-8000i-xd.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.