Malicious PDF — malware analysis report

Static analysis result for SHA-256 99f02961b6dc4230…

MALICIOUS

PDF

41.1 KB Created: 2018-12-28 08:08:50 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: 45c82c09fd305cb8e5219a85344f990e SHA-1: 631d70e662c4892878e9616d4e22bbcd3b869be7 SHA-256: 99f02961b6dc42304e6b8052eb1d085367429772f927286519bcdc0dd1e7df25
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or directing users to a large collection of potentially malicious or unwanted content hosted on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/street-rhyme-and-riffs.pdf
    • http://www.gorillawalker.com/a-geography-of-new-hampshire-with-a-new-map-of.pdf
    • http://www.gorillawalker.com/life-in-a-dolphin-pod-dolphin-worlds.pdf
    • http://www.gorillawalker.com/large-power-steam-turbines-design-and-operation-vol-2.pdf
    • http://www.gorillawalker.com/contemporary-hong-kong-politics-governance-in-the-post-1997-era.pdf
    • http://www.gorillawalker.com/pop-romance-for-cello.pdf
    • http://www.gorillawalker.com/curie-great-figures-in-history-series.pdf
    • http://www.gorillawalker.com/ecopreneurs.pdf
    • http://www.gorillawalker.com/attention-deficit-hyperactivity-disorder-adhd-pipeline-review-q4-2010-download.pdf
    • http://www.gorillawalker.com/king-james-bible-with-strong-s-numbers-to-linked-to.pdf
    • http://www.gorillawalker.com/the-lore-of-spices-their-history-nature-and-uses.pdf
    • http://www.gorillawalker.com/arctic-breeze.pdf
    • http://www.gorillawalker.com/the-holiness-pentecostal-movement-a-comprehensive-guide-atla-bibliography-series.pdf
    • http://www.gorillawalker.com/the-badminton-magazine-of-sports-and-pastimes-volume-xxxviii.pdf
    • http://www.gorillawalker.com/seashells-note-pad.pdf
    • http://www.gorillawalker.com/spider-webb-s-classic-tattoo-flash-2-bk-2.pdf
    • http://www.gorillawalker.com/the-small-business-marketing-bible-work-less-and-boom-your.pdf
    • http://www.gorillawalker.com/when-you-comin-back-red-ryder.pdf
    • http://www.gorillawalker.com/transportation-in-different-places-learning-about-our-global-community.pdf
    • http://www.gorillawalker.com/war-wings-films-of-the-first-air-war-second-book.pdf
    • http://www.gorillawalker.com/attack-of-the-mutant-goosebumps.pdf
    • http://www.gorillawalker.com/razi-crossing.pdf
    • http://www.gorillawalker.com/boys-in-the-pits-child-labour-in-coal-mines.pdf
    • http://www.gorillawalker.com/truck-vehicle-dynamics-suspensions.pdf
    • http://www.gorillawalker.com/work-and-pay-in-20th-century-britain.pdf
    • http://www.gorillawalker.com/ultimate-questions.pdf
    • http://www.gorillawalker.com/the-wood-felling-the-raid-and-other-stories-russian-edition.pdf
    • http://www.gorillawalker.com/malea-fashion-district-how-successful-managers-use-financial-information-to.pdf
    • http://www.gorillawalker.com/finding-france-western-provence.pdf
    • http://www.gorillawalker.com/accelerate-building-strategic-agility-for-a-faster-moving-world-kindle.pdf
    • http://www.gorillawalker.com/the-mercenary-s-tale-in-the-company-of-men-book.pdf
    • http://www.gorillawalker.com/second-edition-consumer-law-2010-isbn-4887309694-japanese-import.pdf
    • http://www.gorillawalker.com/canon-eos-rebel-t3-1100d-for-dummies.pdf
    • http://www.gorillawalker.com/fire-mountains-of-the-west-the-cascade-and-mono-lake.pdf
    • http://www.gorillawalker.com/man-of-the-year-pb.pdf
    • http://www.gorillawalker.com/instant-parties-everything-you-need-for-great-spur-of-the.pdf
    • http://www.gorillawalker.com/signing-naturally-teacher-s-curriculum-guide-level-one-vista-curriculum.pdf
    • http://www.gorillawalker.com/the-essential-guide-to-prepping-45-survival-tips-for-beginners.pdf
    • http://www.gorillawalker.com/the-golden-age-of-shotgunning.pdf
    • http://www.gorillawalker.com/mugs-of-love-kindle-edition.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.