Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b604b8aa30b08e6…

MALICIOUS

PDF

43.3 KB Created: 2018-12-02 20:21:17 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: f3a3097baaf8fbd3db86b20d61d416f5 SHA-1: 5c1317b65804f92d73f8ce9137d4fe5773c12748 SHA-256: 3b604b8aa30b08e6f0fe603f2e221d93788292f40453d0cfc8d2422cba9693e0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute content from a single domain, likely as a lure or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/markets-with-transaction-costs-mathematical-theory-springer-finance.pdf
    • http://www.gorillawalker.com/pretty-princess-party-hidden-picture-puzzles-seek-it-out.pdf
    • http://www.gorillawalker.com/voices-from-silence-guatemalan-literature-of-resistance-ohio-ris-latin.pdf
    • http://www.gorillawalker.com/sealing-with-the-spirit-kindle-edition.pdf
    • http://www.gorillawalker.com/titanic-and-other-ships.pdf
    • http://www.gorillawalker.com/everyone-s-guide-to-franchising-in-south-africa.pdf
    • http://www.gorillawalker.com/my-enemy-s-enemy-essays-on-globalization-fascism-and-the.pdf
    • http://www.gorillawalker.com/build-a-winning-property-tax-appeal-build-a-winning-property.pdf
    • http://www.gorillawalker.com/rockspider-the-danger-of-paedophiles-untold-stories.pdf
    • http://www.gorillawalker.com/blood-pressure-all-you-need-to-know.pdf
    • http://www.gorillawalker.com/cook-eat-live-spring-and-summer.pdf
    • http://www.gorillawalker.com/the-collected-writings-of-wallace-thurman-a-harlem-renaissance-reader.pdf
    • http://www.gorillawalker.com/bobke-ii-paperback.pdf
    • http://www.gorillawalker.com/a-midsummer-night-s-dream-for-kids-shakespeare-can-be.pdf
    • http://www.gorillawalker.com/articles-on-physical-limnology-and-sedimentation-in-a-glacial-lake.pdf
    • http://www.gorillawalker.com/intercultural-challenge-of-raimon-panikkar-faith-meets-faith.pdf
    • http://www.gorillawalker.com/crochet-a-zoo-fun-toys-for-baby-and-you-kindle.pdf
    • http://www.gorillawalker.com/i-have-a-dream-writings-and-speeches-that-changed-the.pdf
    • http://www.gorillawalker.com/machine-consciousness-journal-of-consciousness-studies.pdf
    • http://www.gorillawalker.com/en-espa-ol-california-eedition-cd-rom-add-on-purchase.pdf
    • http://www.gorillawalker.com/50-body-questions-a-book-that-spills-its-guts-50.pdf
    • http://www.gorillawalker.com/the-boy-who-harnessed-the-wind-creating-currents-of-electricity.pdf
    • http://www.gorillawalker.com/astronomy-quickstudy-academic.pdf
    • http://www.gorillawalker.com/the-hill-barbers.pdf
    • http://www.gorillawalker.com/killer-cockroaches-neri-p-j-hawaii-chillers-6.pdf
    • http://www.gorillawalker.com/dirofilariasis.pdf
    • http://www.gorillawalker.com/wicca-grimoire-your-ultimate-beginner-s-guide-to-wicca-everything.pdf
    • http://www.gorillawalker.com/concert-fun-bassoon.pdf
    • http://www.gorillawalker.com/the-perils-of-panacea-a-sydney-brennan-novel-volume-2.pdf
    • http://www.gorillawalker.com/quick-studies-b-c-joshua-151-esther-highlights-of-the.pdf
    • http://www.gorillawalker.com/war-and-our-world-the-reith-lectures-1998.pdf
    • http://www.gorillawalker.com/auditor-a-del-sistema-de-appcc-1-spanish-edition.pdf
    • http://www.gorillawalker.com/horned-lizards-corrie-herring-hooks-series.pdf
    • http://www.gorillawalker.com/regimental-flags-and-history-of-the-new-jersey-volunteers-during.pdf
    • http://www.gorillawalker.com/the-heritage-of-persia-bibliotheca-iranica-reprint-series-no-1.pdf
    • http://www.gorillawalker.com/collection-of-the-nelson-atkins-museum.pdf
    • http://www.gorillawalker.com/the-spirit-of-regeneration-andean-culture-confronting-western-notions-of.pdf
    • http://www.gorillawalker.com/strand-an-odyssey-of-pacific-ocean-debris.pdf
    • http://www.gorillawalker.com/david-busch-s-guide-to-canon-flash-photography-david-busch.pdf
    • http://www.gorillawalker.com/brazil-an-interpretation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.