Malicious PDF — malware analysis report

Static analysis result for SHA-256 a99a83d0839750ec…

MALICIOUS

PDF

44.9 KB Created: 2019-04-10 12:10:10 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 263c1410de9d2d9707bc97f066e37eb9 SHA-1: 49c95ee0f01307f37e57daf4c0305e69b447637f SHA-256: a99a83d0839750ecb2e7384103cc25a1557cb4cc60cb797f1dea739b6a299234
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This heuristic firing, PDF_SEO_LINK_FARM, indicates a potential attempt to manipulate search engine results or distribute malicious content through a link farm. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gis-and-spatial-analysis-for-the-social-sciences-coding-mapping.pdf
    • http://www.gorillawalker.com/contaminant-hydrogeology.pdf
    • http://www.gorillawalker.com/superstar-watch-boxcar-children.pdf
    • http://www.gorillawalker.com/allgemeine-elektrotechnik-nachrichtentechnik-impulstechnik-f-r-upn-rechner-anwendung-programmierbarer.pdf
    • http://www.gorillawalker.com/how-to-learn-and-memorize-greek-vocabulary-using-a-memory.pdf
    • http://www.gorillawalker.com/21st-century-adult-cancer-sourcebook-primary-cns-lymphoma-clinical-data.pdf
    • http://www.gorillawalker.com/multivariate-analysis-techniques-in-social-science-research-from-problem-to.pdf
    • http://www.gorillawalker.com/alfred-kropp-the-thirteenth-skull.pdf
    • http://www.gorillawalker.com/orgasms-after-60.pdf
    • http://www.gorillawalker.com/dancing-with-the-devil-how-puff-burned-the-bad-boys.pdf
    • http://www.gorillawalker.com/help-me-be-good-about-being-greedy-paperback.pdf
    • http://www.gorillawalker.com/juicing-recipes-73-juicing-recipes-for-weight-loss-healthy-living.pdf
    • http://www.gorillawalker.com/the-blue-grass-of-southwest-virginia-bulletin-virginia-agricultural-experiment.pdf
    • http://www.gorillawalker.com/solutions-of-the-examples-in-hall-and-knight-s-elementary.pdf
    • http://www.gorillawalker.com/variety-in-written-english-texts-in-society-societies-in-text.pdf
    • http://www.gorillawalker.com/the-wrong-man-jason-kolarich.pdf
    • http://www.gorillawalker.com/advanced-cleaning-product-formulations-vol-1.pdf
    • http://www.gorillawalker.com/golden-perspective-zehave-gold-2-siren-publishing-menage-and-more.pdf
    • http://www.gorillawalker.com/the-teddy-bear-men-theodore-roosevelt-and-clifford-berryman.pdf
    • http://www.gorillawalker.com/the-tqm-trilogy-using-iso-9000-the-deming-prize-and.pdf
    • http://www.gorillawalker.com/international-competition-law-a-new-dimension-for-the-wto.pdf
    • http://www.gorillawalker.com/spanish-picture-dictionary-berlitz-kids.pdf
    • http://www.gorillawalker.com/from-multiscale-modeling-to-meso-science-a-chemical-engineering-perspective.pdf
    • http://www.gorillawalker.com/mahamudra-for-the-modern-world-an-unprecedented-training-course-in.pdf
    • http://www.gorillawalker.com/location-location-location-a-plant-location-and-site-selection-guide.pdf
    • http://www.gorillawalker.com/a-guide-to-countries-of-the-world-oxford-paperback-reference.pdf
    • http://www.gorillawalker.com/mitos-y-misterios-egipcios-spanish-edition.pdf
    • http://www.gorillawalker.com/interactive-art-and-embodiment-the-implicit-body-as-performance-arts.pdf
    • http://www.gorillawalker.com/periplus-pocket-japanese-dictionary-japanese-english-english-japanese-second-edition.pdf
    • http://www.gorillawalker.com/cassie-s-influence-cassie-s-space-book-6.pdf
    • http://www.gorillawalker.com/developing-web-widget-with-html-css-json-and-ajax-a.pdf
    • http://www.gorillawalker.com/process-planning-and-cost-estimation.pdf
    • http://www.gorillawalker.com/the-works-of-the-author-of-the-night-thoughts-volume.pdf
    • http://www.gorillawalker.com/kerry-cork-limerick-irish-discovery-maps-series.pdf
    • http://www.gorillawalker.com/communctn-between-cultures-the-wadsworth-series-in-speech-communication.pdf
    • http://www.gorillawalker.com/caillou-no-more-diapers-hand-in-hand.pdf
    • http://www.gorillawalker.com/the-developing-mind-second-edition-how-relationships-and-the-brain.pdf
    • http://www.gorillawalker.com/spira-el-hada-de-fuego-cuentos-prodigiosos-de-mallorca-menorca.pdf
    • http://www.gorillawalker.com/la-formation-et-utilisation-des-feldshers-en-urss-etude-cahiers.pdf
    • http://www.gorillawalker.com/a-physical-and-topographical-sketch-of-the-mississippi-territory-lower.pdf
    • http://www.gorillawalker.com/multivariate-analysis-techniques-in-social-science-research-from-pro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.