Malicious PDF — malware analysis report

Static analysis result for SHA-256 f99ba1ca122b4a9e…

MALICIOUS

PDF

44.3 KB Created: 2018-11-30 20:24:54 +03:00 Authoring application: www.freepdfconvert.com (via http://www.freepdfconvert.com)
MD5: c32dd66bda9395f9848032354015a1c1 SHA-1: 5b5f54ed08de7ce5006bb43caf4109c3a3e83935 SHA-256: f99ba1ca122b4a9ea5ab8e6b50335e7f1bca407641f024911ee243660ecbcae3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine rankings or redirect users to potentially harmful websites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/metaphor-and-emotion-language-culture-and-body-in-human-feeling.pdf
    • http://www.gorillawalker.com/evaluation-essentials-methods-for-conducting-sound-research.pdf
    • http://www.gorillawalker.com/hogan-future-roots.pdf
    • http://www.gorillawalker.com/konstantin-grcic-decisive-design-a-d-series.pdf
    • http://www.gorillawalker.com/soccer-mom-takes-one-for-the-team.pdf
    • http://www.gorillawalker.com/people-in-action-step-up-art-and-design.pdf
    • http://www.gorillawalker.com/systems-of-north-american-witchcraft-and-sorcery-anthropological-monographs-of.pdf
    • http://www.gorillawalker.com/chopin-the-ultimate-piano-collection-schirmer-s-library-of-musical.pdf
    • http://www.gorillawalker.com/if-poes.pdf
    • http://www.gorillawalker.com/jewish-music-classics-tara-books.pdf
    • http://www.gorillawalker.com/fish-physiology-the-multifunctional-gut-of-fish-volume-30.pdf
    • http://www.gorillawalker.com/hillary-clinton-vs-jeb-bush-on-the-issues-presidential-candidates.pdf
    • http://www.gorillawalker.com/nikon-system-handbook.pdf
    • http://www.gorillawalker.com/jo-frost-s-confident-toddler-care-the-ultimate-guide-to.pdf
    • http://www.gorillawalker.com/regulating-readers-gender-and-literary-criticism-in-the-eighteenth-century.pdf
    • http://www.gorillawalker.com/red-angel.pdf
    • http://www.gorillawalker.com/gandhi-the-power-of-pacifism-discoveries.pdf
    • http://www.gorillawalker.com/visual-communication-from-theory-to-practice.pdf
    • http://www.gorillawalker.com/una-despues-de-la-medianoche-one-past-midnight-los-langoliers.pdf
    • http://www.gorillawalker.com/renaissance-comic-tales-of-love-treachery-and-revenge-kindle-edition.pdf
    • http://www.gorillawalker.com/the-war-managers.pdf
    • http://www.gorillawalker.com/in-and-out-of-the-working-class.pdf
    • http://www.gorillawalker.com/delmar-s-special-procedures-nursing-skills.pdf
    • http://www.gorillawalker.com/shoot-em-ups-the-complete-reference-guide-to-westerns-of.pdf
    • http://www.gorillawalker.com/burma-insight-guides.pdf
    • http://www.gorillawalker.com/cancer-pain-management-jones-and-bartlett-series-in-oncology.pdf
    • http://www.gorillawalker.com/bacon-s-reversible-maps-no-1-motor-road-map-of.pdf
    • http://www.gorillawalker.com/richard-wright-an-annotated-bibliography-of-criticism-and-commentary-1983.pdf
    • http://www.gorillawalker.com/paradoxes-of-conscience-in-the-high-middle-ages-abelard-heloise.pdf
    • http://www.gorillawalker.com/defa-east-german-cinema-1946-1992.pdf
    • http://www.gorillawalker.com/the-jesus-revolution-learning-from-christ-s-first-followers.pdf
    • http://www.gorillawalker.com/showcase-presents-adam-strange-1.pdf
    • http://www.gorillawalker.com/cookin-cajun-in-the-bush.pdf
    • http://www.gorillawalker.com/folds-bodies-blobs-collected-essays-books-by-architects.pdf
    • http://www.gorillawalker.com/australian-terriers-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/every-man-a-warrior-book-3-money-sex-work-hard.pdf
    • http://www.gorillawalker.com/the-stress-of-her-regard.pdf
    • http://www.gorillawalker.com/the-oxford-india-anthology-of-modern-urdu-literature-poetry-and.pdf
    • http://www.gorillawalker.com/niki-de-saint-phalle.pdf
    • http://www.gorillawalker.com/the-making-of-a-full-house-family-tg-transformation.pdf
    • http://www.gorillawalker.com/chopin-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.freepdfconvert.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.