Malicious PDF — malware analysis report

Static analysis result for SHA-256 62ab493e8583ea8c…

MALICIOUS

PDF

44.9 KB Created: 2018-12-15 08:11:12 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: ccd6c1ea81eea69194a77e8e94a7fc5d SHA-1: b3d95abfd1c3ea9d7fe65c718ebe0fffc41219cd SHA-256: 62ab493e8583ea8c49a716a7d5a8dc5d1e543093a7eefa824602d36589476adf
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. While no scripts were explicitly extracted, the nature of the link farm suggests a malicious intent, possibly to drive traffic or distribute further malware. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pre-raphaelite-body-fear-and-desire-in-painting-poetry.pdf
    • http://www.gorillawalker.com/the-big-band-drummer-a-complete-workbook-for-improving-big.pdf
    • http://www.gorillawalker.com/ancient-greek-influence-on-the-united-states-supreme-court-building.pdf
    • http://www.gorillawalker.com/because-of-utopia.pdf
    • http://www.gorillawalker.com/ukulele-solo-album-that-can-be-used-in-concert-2007.pdf
    • http://www.gorillawalker.com/easy-grammar-workbook-56-level-1-easy-grammar-systems.pdf
    • http://www.gorillawalker.com/brought-to-book-a-simon-bognor-mystery-simon-bognor-mysteries.pdf
    • http://www.gorillawalker.com/bunny-yeager-s-pin-up-girls-of-the-1950s.pdf
    • http://www.gorillawalker.com/constitutional-dilemmas-conflicts-of-fundamental-legal-rights-in-europe-and.pdf
    • http://www.gorillawalker.com/t-halbert-s-e-ingulli-s-6th-sixth-edition-law.pdf
    • http://www.gorillawalker.com/complete-guide-to-minecraft-redstone-game-cheats-and-guide-tips.pdf
    • http://www.gorillawalker.com/power-plant-equipment-operation-and-maintenance-guide.pdf
    • http://www.gorillawalker.com/the-mental-health-of-refugees-ecological-approaches-to-healing-and.pdf
    • http://www.gorillawalker.com/the-distribution-of-income-in-california.pdf
    • http://www.gorillawalker.com/275-acting-games-connected-a-comprehensive-workbook-of-theatre-games.pdf
    • http://www.gorillawalker.com/cases-and-materials-on-admiralty-supplement-statutes-conventions-and-forms.pdf
    • http://www.gorillawalker.com/introduction-to-optimal-control-theory-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/the-end-of-commitment-intellectuals-revolutionaries-and-political-morality-in.pdf
    • http://www.gorillawalker.com/loyalty-demands-dissent.pdf
    • http://www.gorillawalker.com/all-the-russias-travels-and-studies-in-contemporary-european-russia.pdf
    • http://www.gorillawalker.com/david-smith-the-forgings.pdf
    • http://www.gorillawalker.com/the-sequel-of-appomattox-a-chronicle-of-the-reunion-of.pdf
    • http://www.gorillawalker.com/logistics-engineering-management-6th-edition-by-blanchard-benjamin-s-prentice.pdf
    • http://www.gorillawalker.com/unit-operations-handbook.pdf
    • http://www.gorillawalker.com/fine-prints-of-the-year-an-annual-review-of-contemporary.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-chicken-poultry-18-chicken.pdf
    • http://www.gorillawalker.com/girl-s-guide-to-money-christian-girl-s-guide-to.pdf
    • http://www.gorillawalker.com/decision-for-disaster-betrayal-at-the-bay-of-pigs.pdf
    • http://www.gorillawalker.com/telecoms-and-data-cable-in-japan-download-pdf-digital.pdf
    • http://www.gorillawalker.com/placer-mining-for-gold-in-california.pdf
    • http://www.gorillawalker.com/homedesigns-for-energy-efficient-living.pdf
    • http://www.gorillawalker.com/frommer-s-florida-with-your-family-from-theme-park-fun.pdf
    • http://www.gorillawalker.com/barron-s-toefl-ibt-superpack-by-pamela-sharpe-published-by.pdf
    • http://www.gorillawalker.com/pspice-for-basic-circuit-analysis-with-cd.pdf
    • http://www.gorillawalker.com/cyber-scare-deadtime-stories.pdf
    • http://www.gorillawalker.com/langston-hughes-life-makes-poems-african-american-biography-library.pdf
    • http://www.gorillawalker.com/alfred-s-background-accompaniment-midi-disc-level-1a-alfred-s.pdf
    • http://www.gorillawalker.com/the-erotic-lords-boxed-set-books-1-to-3.pdf
    • http://www.gorillawalker.com/heterogeneous-networks-operation-deployment-and-management-ieee-press-series-on.pdf
    • http://www.gorillawalker.com/walt-disney-uncle-scrooge-and-donald-duck-2-volume-set.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.