Malicious PDF — malware analysis report

Static analysis result for SHA-256 f099dbcf233659dc…

MALICIOUS

PDF

44.4 KB Created: 2019-04-30 15:57:50 +03:00 Authoring application: - (via Xerox Fiery DC250 2.0[EFI Cyclone])
MD5: ab53210840cac86d52d9ea813c8d902f SHA-1: b7c9a3dadec0096b2811647246c5c2ca31989d95 SHA-256: f099dbcf233659dc1825d8cb30d3bd8afc35ec4d4badf1fd558489db4779ebea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a method to distribute malicious content through seemingly legitimate documents. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/national-audubon-society-guide-to-photographing-america-s-national-parks.pdf
    • http://www.gorillawalker.com/the-atlantic-provinces-in-confederation.pdf
    • http://www.gorillawalker.com/the-last-roulette-secret-kindle-edition.pdf
    • http://www.gorillawalker.com/30-minutes-pilates-korean-edition.pdf
    • http://www.gorillawalker.com/tarquin-number-challenges.pdf
    • http://www.gorillawalker.com/freedom-s-daughters-the-unsung-heroines-of-the-civil-rights.pdf
    • http://www.gorillawalker.com/grunewald-v-u-s-bolich-v-u-s-halperin-v.pdf
    • http://www.gorillawalker.com/invisible-armies-an-epic-history-of-guerrilla-warfare-from-ancient.pdf
    • http://www.gorillawalker.com/lupus-alternative-therapies-that-work.pdf
    • http://www.gorillawalker.com/working-gundogs-an-introduction-to-training-and-handling.pdf
    • http://www.gorillawalker.com/ultrasonics.pdf
    • http://www.gorillawalker.com/moving-on-from-the-middle-to-on-your-graduation-from.pdf
    • http://www.gorillawalker.com/global-companies-public-policy-the-growing-challenge-of-foreign-direct.pdf
    • http://www.gorillawalker.com/secrets-of-the-last-nazi-a-mindblowing-conspiracy-thriller-myles.pdf
    • http://www.gorillawalker.com/how-to-draw-steampunk-best-drawing-guide-on-how-to.pdf
    • http://www.gorillawalker.com/black-s-law-dictionary-7th-deluxe-edition.pdf
    • http://www.gorillawalker.com/bulldog-ingles-nuevas-guias-perros-de-raza-nuevas-guias-perros.pdf
    • http://www.gorillawalker.com/museum-trip.pdf
    • http://www.gorillawalker.com/hidden-the-intimate-lives-of-gay-men-past-and-present.pdf
    • http://www.gorillawalker.com/biology-of-aging-progress-in-molecular-and-subcellular-biology.pdf
    • http://www.gorillawalker.com/the-transformation-book.pdf
    • http://www.gorillawalker.com/the-attributes-of-god-volume-2-with-study-guide-deeper.pdf
    • http://www.gorillawalker.com/racconti-di-natale-con-calendario-dell-avvento.pdf
    • http://www.gorillawalker.com/prophet-on-the-run.pdf
    • http://www.gorillawalker.com/how-to-grow-as-a-graphic-designer.pdf
    • http://www.gorillawalker.com/social-work-social-welfare-and-american-society-5th-edition.pdf
    • http://www.gorillawalker.com/scholars-poets-and-radicals-discovering-forgotten-lives-in-the-blackwell.pdf
    • http://www.gorillawalker.com/the-weaver-and-the-throwster-the-19th-century-silk-industry.pdf
    • http://www.gorillawalker.com/welding-principles-practices-4th-fourth-edition-by-bohnart-edward-2011.pdf
    • http://www.gorillawalker.com/the-executive-job-market.pdf
    • http://www.gorillawalker.com/managing-a-construction-firm-on-just-24-hours-a-day.pdf
    • http://www.gorillawalker.com/coyote-satan-amerika-the-unspeakable-art-and-performances-of-reverend.pdf
    • http://www.gorillawalker.com/high-religion-a-cultural-and-political-history-of-sherpa-buddhism.pdf
    • http://www.gorillawalker.com/come-home-america-the-rise-and-fall-and-redeeming-promise.pdf
    • http://www.gorillawalker.com/castillos-de-carton-coleccion-maxi-spanish-edition.pdf
    • http://www.gorillawalker.com/why-be-catholic-ten-answers-to-a-very-important-question.pdf
    • http://www.gorillawalker.com/bad-things-tristan-danika-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-urban-code-of-china.pdf
    • http://www.gorillawalker.com/core-awareness-enhancing-yoga-pilates-exercise-dance.pdf
    • http://www.gorillawalker.com/by-thomas-kinkade-thomas-kinkade-gardens-of-grace-with-scripture.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.