Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff99865018a9b5ca…

MALICIOUS

PDF

40.9 KB Created: 2019-03-17 13:08:55 +03:00 Authoring application: ScanSnap Manager (via Acrobat Distiller 10.1.7 (Windows))
MD5: b7c3783c0227d43fe3372bac2d8fba7a SHA-1: 40a5c18e4ac4b70235aaa9fb928aecb2d7db53ba SHA-256: ff99865018a9b5ca87c5bd4420f49cffed920deab01b219070d8a08c5cc9a041
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-color-of-truth-mcgeorge-bundy-and-william-bundy-brothers.pdf
    • http://www.gorillawalker.com/catastrophic-care-how-american-health-care-killed-my-father-and.pdf
    • http://www.gorillawalker.com/civilian-oversight-of-policing.pdf
    • http://www.gorillawalker.com/how-to-land-a-top-paying-webmasters-job-your-complete.pdf
    • http://www.gorillawalker.com/thomas-guide-2000-sacramento-county-including-portions-of-placer-and.pdf
    • http://www.gorillawalker.com/we-moon-2016-calendar-quantum-leap-year.pdf
    • http://www.gorillawalker.com/concerto-for-violin-cello-and-orchestra-rt-vii-5-full.pdf
    • http://www.gorillawalker.com/boss-radio-khj-in-the-neon-fun-jungle-kindle-edition.pdf
    • http://www.gorillawalker.com/the-men-behind-the-curtain.pdf
    • http://www.gorillawalker.com/predestined-for-hell.pdf
    • http://www.gorillawalker.com/pirate-tales-salty-s-tales.pdf
    • http://www.gorillawalker.com/quilts-of-the-southwest.pdf
    • http://www.gorillawalker.com/the-passion-of-music-and-dance-body-gender-and-sexuality.pdf
    • http://www.gorillawalker.com/your-right-to-child-custody-visitation-and-support-4e-legal.pdf
    • http://www.gorillawalker.com/nothing-but-the-blues.pdf
    • http://www.gorillawalker.com/vassalord-volume-2-v-2.pdf
    • http://www.gorillawalker.com/uncensored-sex-pictures-of-a-horny-blonde-college-girl-stripping.pdf
    • http://www.gorillawalker.com/a-highlander-of-her-own.pdf
    • http://www.gorillawalker.com/cimarosa-carol.pdf
    • http://www.gorillawalker.com/personal-finance.pdf
    • http://www.gorillawalker.com/encyclopedia-brown-and-the-case-of-the-disgusting-sneakers.pdf
    • http://www.gorillawalker.com/chemical-theatre.pdf
    • http://www.gorillawalker.com/tales-of-time-and-space.pdf
    • http://www.gorillawalker.com/ace-your-medical-school-interview-includes-multiple-mini-interviews-mmi.pdf
    • http://www.gorillawalker.com/adoramus-te-five-settings-for-two-trumpets-and-two-trombones.pdf
    • http://www.gorillawalker.com/landscape-photographer-of-year-4-landscape-photographer-of-the-year.pdf
    • http://www.gorillawalker.com/hockey-girl.pdf
    • http://www.gorillawalker.com/swahili-exercises.pdf
    • http://www.gorillawalker.com/understanding-the-cultural-landscape.pdf
    • http://www.gorillawalker.com/15-1-quiz-book.pdf
    • http://www.gorillawalker.com/how-to-start-a-home-based-dj-business-home-based.pdf
    • http://www.gorillawalker.com/vampire-roadtrip-raina-kindle-edition.pdf
    • http://www.gorillawalker.com/vegetarian-cooking-vegetarian-sichuan-dan-dan-noodles-vegetarian-cooking-vege.pdf
    • http://www.gorillawalker.com/in-their-own-way-discovering-and-encouraging-your-child-s.pdf
    • http://www.gorillawalker.com/ocular-angiogenesis-diseases-mechanisms-and-therapeutics-ophthalmology-research.pdf
    • http://www.gorillawalker.com/fractal-aggregate-random-media-analysis-and-applications-paperback.pdf
    • http://www.gorillawalker.com/the-watched-trilogy-kindle-edition.pdf
    • http://www.gorillawalker.com/gift-horse-phantom-stallion-no-9.pdf
    • http://www.gorillawalker.com/days-of-valor-an-inside-account-of-the-bloodiest-six.pdf
    • http://www.gorillawalker.com/language-context-and-text-aspects-of-language-in-a-social.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.