Malicious PDF — malware analysis report

Static analysis result for SHA-256 99fa1c8916545ee4…

MALICIOUS

PDF

44.6 KB Created: 2018-11-14 10:41:53 +03:00 Authoring application: Adobe InDesign CS4 (6.0) (via Adobe PDF Library 9.0)
MD5: 0433336a07f3b15dc4f9331bbb9db0a4 SHA-1: 59fb36103672b905936e60d4d19280e5a22b7872 SHA-256: 99fa1c8916545ee42bb04f437cb5613ccaa68a610b9d7014d30ef203963ea141
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to various PDF documents hosted on 'gorillawalker.com', suggesting a link farm or SEO manipulation tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/semiconductor-circuits-theory-design-and-experiment.pdf
    • http://www.gorillawalker.com/sap-basics-for-it-admins-sap-transactions-tables-and-hana.pdf
    • http://www.gorillawalker.com/psalms-in-haiku-meditative-songs-of-prayer.pdf
    • http://www.gorillawalker.com/diagnosis-and-management-of-osteoporosis.pdf
    • http://www.gorillawalker.com/shattered-spaces-encountering-jewish-ruins-in-postwar-germany-and-poland.pdf
    • http://www.gorillawalker.com/the-vintage-sardar-the-very-best-of-kushwant-singh.pdf
    • http://www.gorillawalker.com/tics-tourette-syndrome-and-other-movement-disorders.pdf
    • http://www.gorillawalker.com/god-save-the-cook-world-cook-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/anal-pleasures-and-health-a-guide-for-men-and-women.pdf
    • http://www.gorillawalker.com/cheating-wife-hot-sex-stories.pdf
    • http://www.gorillawalker.com/british-custom-motorcycles-the-brit-chop-choppers-cruisers-bobbers-trikes.pdf
    • http://www.gorillawalker.com/the-diversity-of-invertebrates-a-laboratory-manual-gulf-of-mexico.pdf
    • http://www.gorillawalker.com/bodybuilding-the-10-commandments-of-six-pack-abs-kindle-edition.pdf
    • http://www.gorillawalker.com/je-veux-maintenant-parent-isabelle-filliozat-pr-sente-french-edition.pdf
    • http://www.gorillawalker.com/1999-the-arrl-handbook-for-radio-amateurs-arrl-handbook-for.pdf
    • http://www.gorillawalker.com/microneurosurgery-volume-i-microsurgical-anatomy-of-the-basal-cisterns-and.pdf
    • http://www.gorillawalker.com/the-art-of-bonsai.pdf
    • http://www.gorillawalker.com/principles-of-research-in-communication.pdf
    • http://www.gorillawalker.com/victerotica-i-a-carnal-collection-sex-stories-from-the-victorian.pdf
    • http://www.gorillawalker.com/digital-jacquard-design.pdf
    • http://www.gorillawalker.com/dashed-dreams-and-diamonds-stories-from-seven-women-of-the.pdf
    • http://www.gorillawalker.com/adolf-hitler-german-dictator-essential-lives.pdf
    • http://www.gorillawalker.com/ged-test-prep-physics-review-flashcards-ged-study-guide-book.pdf
    • http://www.gorillawalker.com/hal-leonard-rubank-selected-duets-for-flute-vol-1-easy.pdf
    • http://www.gorillawalker.com/the-walk-of-repentance-the-walk-series.pdf
    • http://www.gorillawalker.com/the-men-s-guide-to-the-women-s-bathroom.pdf
    • http://www.gorillawalker.com/capitalisms-and-capitalism-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/the-art-of-vampirella-the-warren-years-hc.pdf
    • http://www.gorillawalker.com/the-meowmorphosis-quirk-classics.pdf
    • http://www.gorillawalker.com/first-principles-the-crazy-business-of-doing-serious-science.pdf
    • http://www.gorillawalker.com/metal-gear-solid-3-snake-eater-the-official-guide.pdf
    • http://www.gorillawalker.com/las-matematicas-de-oz-the-mathematics-of-oz-gimnasia-mental.pdf
    • http://www.gorillawalker.com/the-grand-jury-an-essay-awarded-the-peter-stephen-duponceau.pdf
    • http://www.gorillawalker.com/juvenile-delinquency-instructor-s-annotated-edition.pdf
    • http://www.gorillawalker.com/we-the-people-an-introduction-to-american-politics-ninth-essentials.pdf
    • http://www.gorillawalker.com/christmas-joys-trombone-sax.pdf
    • http://www.gorillawalker.com/marvelous-images-on-values-and-the-arts.pdf
    • http://www.gorillawalker.com/somewhere-to-come-from-just-this-side-of-paradise.pdf
    • http://www.gorillawalker.com/asterix-and-the-golden-sickle-album-2-bk-2.pdf
    • http://www.gorillawalker.com/illusion-of-order-the-false-promise-of-broken-windows-policing.pdf
    • http://www.gorillawalker.com/shattered-spaces-encountering-jewish-ruins-in-postwar
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.