Malicious PDF — malware analysis report

Static analysis result for SHA-256 99f5901ef5897027…

MALICIOUS

PDF

43.3 KB Created: 2018-11-30 20:34:24 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 1097b42f934e6366e71c63decdca310a SHA-1: 486491b8c132e5305895fd4ecc649e02b4554215 SHA-256: 99f5901ef5897027b733fa9b5052d738d955047d60a25efaedf863f5f23c16da
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, but the presence of numerous links suggests a campaign focused on driving traffic to these external resources, potentially for SEO manipulation or to host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/organic-chemistry-an-acid-base-approach-second-edition.pdf
    • http://www.gorillawalker.com/forever-you-the-jade-series-5-volume-5.pdf
    • http://www.gorillawalker.com/african-american-males-and-the-u-s-justice-system-of.pdf
    • http://www.gorillawalker.com/desperate-journeys-worldwide-library-mysteries.pdf
    • http://www.gorillawalker.com/the-caveman-diet-plan-a-beginners-guide-to-paleo-weight.pdf
    • http://www.gorillawalker.com/the-orcs-of-thar-dungeons-dragons-gazetteer-gaz-10-9241.pdf
    • http://www.gorillawalker.com/last-letter-home-solo-version-for-baritone-and-piano.pdf
    • http://www.gorillawalker.com/replaced-by-my-husband-s-girlfriend-the-cuckquean-chronicles-book.pdf
    • http://www.gorillawalker.com/tangled-autumn-and-the-edge-of-winter-betty-neels-the.pdf
    • http://www.gorillawalker.com/permutation-parametric-and-bootstrap-tests-of-hypotheses-springer-series-in.pdf
    • http://www.gorillawalker.com/from-the-ballroom-to-hell-grace-and-folly-in-nineteenth.pdf
    • http://www.gorillawalker.com/aquatic-entomology.pdf
    • http://www.gorillawalker.com/n-is-for-new-york-alphabet-cities.pdf
    • http://www.gorillawalker.com/battlefield-medicine-a-history-of-the-military-ambulance-from-the.pdf
    • http://www.gorillawalker.com/a-place-in-the-sun-liberation-theology-in-the-third.pdf
    • http://www.gorillawalker.com/high-peaks-of-the-east.pdf
    • http://www.gorillawalker.com/violin-concerto-for-violin-and-piano.pdf
    • http://www.gorillawalker.com/magna-carta-law-liberty-legacy.pdf
    • http://www.gorillawalker.com/e-commerce-and-the-internet-economy-higher-vocational-institutions-nationwide.pdf
    • http://www.gorillawalker.com/hecho-en-mexico-made-in-mexico-literatura-mondadori-spanish-edition.pdf
    • http://www.gorillawalker.com/wimpy-kid-2014-calendar-illustrated-by-jeff-kinney.pdf
    • http://www.gorillawalker.com/garden-city-long-island-in-early-photographs-1869-1919-new.pdf
    • http://www.gorillawalker.com/bedtime.pdf
    • http://www.gorillawalker.com/caring-for-preschool-children.pdf
    • http://www.gorillawalker.com/introduction-to-organic-electronic-and-optoelectronic-materials-and-devices-optical.pdf
    • http://www.gorillawalker.com/jes-s-ese-gran-desconocido-saber-y-entender-spanish-edition.pdf
    • http://www.gorillawalker.com/the-rules-of-work.pdf
    • http://www.gorillawalker.com/manhattan-letters-from-prehistory.pdf
    • http://www.gorillawalker.com/verrines-sweet-and-savory-parfaits-made-easy.pdf
    • http://www.gorillawalker.com/franklin-executive-vocabulary-for-effective-communication-2180-most-common-words.pdf
    • http://www.gorillawalker.com/material-change-design-thinking-and-the-social-entrepreneurship-movement.pdf
    • http://www.gorillawalker.com/supplement-to-using-maps-and-aerial-photography-in-your-genealogical.pdf
    • http://www.gorillawalker.com/rand-mcnally-quick-reference-world-atlas-world-atlas-quick-reference.pdf
    • http://www.gorillawalker.com/holt-social-studies-united-states-history-spanish-english-interactive-reader.pdf
    • http://www.gorillawalker.com/diabetic-neuropathy-oxford-diabetes-library.pdf
    • http://www.gorillawalker.com/understanding-vulnerability-a-nursing-and-healthcare-approach.pdf
    • http://www.gorillawalker.com/li-ang-s-visionary-challenges-to-gender-sex-and-politics.pdf
    • http://www.gorillawalker.com/wish-upon-a-duke-the-dukes-club-book-3-kindle.pdf
    • http://www.gorillawalker.com/two-sides-of-terri.pdf
    • http://www.gorillawalker.com/you-haven-t-taught-until-they-have-learned-john-wooden.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.