Malicious PDF — malware analysis report

Static analysis result for SHA-256 54cc15a03657c420…

MALICIOUS

PDF

44.8 KB Created: 2018-12-15 20:03:52 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 6d5a5c5bf87a7e9ee218100fa87aab7e SHA-1: dcefd46975e3abe5ca063b0623915423669fdc79 SHA-256: 54cc15a03657c420213452113499b0346f6005f74f5d032c7c8c67fec8a91e14
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-fourth-gospel-in-four-dimensions-judaism-and-jesus-the.pdf
    • http://www.gorillawalker.com/2015-national-fee-analyzer.pdf
    • http://www.gorillawalker.com/star-wars-dark-empire.pdf
    • http://www.gorillawalker.com/guest-blogging-goldmine-how-i-got-more-than-100-000.pdf
    • http://www.gorillawalker.com/thunder-and-lightning-weather-watchers.pdf
    • http://www.gorillawalker.com/gre-vocabulary-flashcard-book-gre-test-preparation.pdf
    • http://www.gorillawalker.com/class-formations-and-inequality-structures-in-contemporary-african-migration-evidence.pdf
    • http://www.gorillawalker.com/teach-your-child-homophones-vocabulary-builder-volumes-1-to-5.pdf
    • http://www.gorillawalker.com/life-and-adventures-of-a-quaker-among-the-indians.pdf
    • http://www.gorillawalker.com/human-diseases.pdf
    • http://www.gorillawalker.com/atlas-of-regional-and-free-flaps-for-head-and-neck.pdf
    • http://www.gorillawalker.com/vegan-fusion-friends-recipes-all-vegan-all-gluten-free-volume.pdf
    • http://www.gorillawalker.com/how-to-dye-your-own-fabric-kindle-edition.pdf
    • http://www.gorillawalker.com/madrid-insolita-y-secreta-spanish-edition.pdf
    • http://www.gorillawalker.com/the-lost-senses-deafness-and-blindness.pdf
    • http://www.gorillawalker.com/essentials-of-comparative-politics-3rd-edition.pdf
    • http://www.gorillawalker.com/berlitz-copenhagen-pocket-guide-berlitz-pocket-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/i-walked-with-giants-the-autobiography-of-jimmy-heath.pdf
    • http://www.gorillawalker.com/moon-first-step-nonfiction.pdf
    • http://www.gorillawalker.com/marriage-as-affected-by-the-proposed-change-in-the-marriage.pdf
    • http://www.gorillawalker.com/amache-the-story-of-japanese-internment-in-colorado-during-world.pdf
    • http://www.gorillawalker.com/diasporas-and-diplomacy-cosmopolitan-contact-zones-at-the-bbc-world.pdf
    • http://www.gorillawalker.com/banjo-for-dummies-book-online-video-and-audio-instruction.pdf
    • http://www.gorillawalker.com/performance-of-financial-institutions-efficiency-innovation-regulation.pdf
    • http://www.gorillawalker.com/my-octopus-arms.pdf
    • http://www.gorillawalker.com/elementary-number-theory-and-its-applications-4th-edition.pdf
    • http://www.gorillawalker.com/faust-2.pdf
    • http://www.gorillawalker.com/learning-curve.pdf
    • http://www.gorillawalker.com/rhythm-guitar-the-complete-guide-book-cd-edition-mi-press.pdf
    • http://www.gorillawalker.com/improvised-radio-detonation-techniques.pdf
    • http://www.gorillawalker.com/big-alphabet-express.pdf
    • http://www.gorillawalker.com/sacred-songs-and-solos-bk-2.pdf
    • http://www.gorillawalker.com/peak-performance-success-in-college-and-beyond.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-pies-pastry-45-blum.pdf
    • http://www.gorillawalker.com/the-execution-game-counterstrike-part-4-a-novel-in-four.pdf
    • http://www.gorillawalker.com/30-days-in-sydney-a-wildly-distorted-account-writer-and.pdf
    • http://www.gorillawalker.com/2014-zen-gardens-calendar.pdf
    • http://www.gorillawalker.com/the-urban-astronomer-a-practical-guide-for-observers-in-cities.pdf
    • http://www.gorillawalker.com/the-philippine-islands-1493-1898-1493-1898-volume-xvii-1609.pdf
    • http://www.gorillawalker.com/a-budget-of-letters-from-japan-reminiscences-of-work-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.