Malicious PDF — malware analysis report

Static analysis result for SHA-256 54aa10956704c5ce…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 08:52:42 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 2bad4262849d86adea0f1d9433401c10 SHA-1: 82000092fecea4fc86e12bf42b6ac9955fd3623d SHA-256: 54aa10956704c5ce6be0165685f77a9a28d827a46590037cafbe3af6700134a8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by an ML classifier and contains a large number of external links, indicating a potential SEO spam or link distribution attack. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to manipulate search results or distribute content. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-empty-mirror-experiences-in-a-japanese-zen-monastery.pdf
    • http://www.gorillawalker.com/os-caminos-da-lua-cuentos-mitos-y-libros-regalo-galician.pdf
    • http://www.gorillawalker.com/6-romances-op-6-none-but-the-lonely-heart-no.pdf
    • http://www.gorillawalker.com/jenseits-von-gut-und-bose-primary-source-edition-german-edition.pdf
    • http://www.gorillawalker.com/monopoly-rules-how-to-find-capture-and-control-the-most.pdf
    • http://www.gorillawalker.com/danceland-the-1-000-prize-collectijn-of-dance-music.pdf
    • http://www.gorillawalker.com/the-dialogic-nation-of-cape-verde-slavery-language-and-ideology.pdf
    • http://www.gorillawalker.com/bundle-family-law-the-essentials-2nd-paralegal-online-courses-family.pdf
    • http://www.gorillawalker.com/occupy-occupied-media-pamphlet-series.pdf
    • http://www.gorillawalker.com/basic-chemical-thermodynamics-6th-edition.pdf
    • http://www.gorillawalker.com/hierocles-the-stoic-elements-of-ethics-fragments-and-excerpts-society.pdf
    • http://www.gorillawalker.com/getting-started-with-pics-volume-2-a-collection-of-2007.pdf
    • http://www.gorillawalker.com/yes-and-how-improvisation-reverses-no-but-thinking-and-improves.pdf
    • http://www.gorillawalker.com/men-of-iron-historical-fiction-for-teens-illustrated-edition-kindle.pdf
    • http://www.gorillawalker.com/miscellanies.pdf
    • http://www.gorillawalker.com/space-trilogy-out-of-the-silent-planet-perelandra-that-hideous.pdf
    • http://www.gorillawalker.com/big-george-and-the-seventh-knight.pdf
    • http://www.gorillawalker.com/understanding-analysis-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/no-justice-michael-sykora-novels-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/massage-for-total-well-being-massage-and-meditation-for-the.pdf
    • http://www.gorillawalker.com/core-language-skills-set-2.pdf
    • http://www.gorillawalker.com/applied-bayesian-hierarchical-methods.pdf
    • http://www.gorillawalker.com/du-a-for-beginners.pdf
    • http://www.gorillawalker.com/an-investigation-of-the-behaviour-in-wind-of-the-proposed.pdf
    • http://www.gorillawalker.com/the-compact-blues-guitar-chord-reference-compact-music-guides-for.pdf
    • http://www.gorillawalker.com/full-upright-and-locked-position-not-so-comfortable-truths-about.pdf
    • http://www.gorillawalker.com/the-39-clues-the-black-book-of-buried-secrets-library.pdf
    • http://www.gorillawalker.com/risk-reward-why-intelligent-leaps-and-daring-choices-are-the.pdf
    • http://www.gorillawalker.com/alien-gang-a-sci-fi-fertile-erotic-story.pdf
    • http://www.gorillawalker.com/a-rule-against-murder-a-chief-inspector-gamache-novel.pdf
    • http://www.gorillawalker.com/call-me-royal-the-call-center-book-1-the-call.pdf
    • http://www.gorillawalker.com/vector-analysis.pdf
    • http://www.gorillawalker.com/200-modelos-de-curriculum-spanish-edition.pdf
    • http://www.gorillawalker.com/ged-mathematics-exercise-book-steck-vaughn-ged-1st-first-edition.pdf
    • http://www.gorillawalker.com/operation-valuable-fiend-the-cia-s-first-paramilitary-strike-against.pdf
    • http://www.gorillawalker.com/voodoo-fetish-the-vodou-trilogy-book-2.pdf
    • http://www.gorillawalker.com/the-united-states-army-u-s-military-forces.pdf
    • http://www.gorillawalker.com/relating-to-a-spiritual-teacher-building-a-healthy-relationship.pdf
    • http://www.gorillawalker.com/creative-prayer-classic-reprint.pdf
    • http://www.gorillawalker.com/other-people-s-lives-reflections-on-medicine-ethics-and-euthanasia.pdf
    • http://www.gorillawalker.com/the-dialogic-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.