Malicious PDF — malware analysis report

Static analysis result for SHA-256 6bba4d230b0bb03b…

MALICIOUS

PDF

42.9 KB Created: 2018-12-07 18:29:52 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: 41cabe88a3ff65b0739a5f38bb2aa31f SHA-1: 6c5d71b753ccb64733d5bfd2c564cc61c1066ca2 SHA-256: 6bba4d230b0bb03b474f12f2377b6cec202a88dc2ce78d5c4c22b58257ae4087
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with a high probability of being malicious. The embedded URLs suggest an attempt to direct users to a large collection of documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/out-of-love.pdf
    • http://www.gorillawalker.com/applied-microsoft-business-intelligence.pdf
    • http://www.gorillawalker.com/distant-deep-haunting-of-grey-hills.pdf
    • http://www.gorillawalker.com/economics-of-advanced-manufacturing-systems.pdf
    • http://www.gorillawalker.com/islam-world-faiths.pdf
    • http://www.gorillawalker.com/living-a-real-life-with-real-food-how-to-get.pdf
    • http://www.gorillawalker.com/the-black-studies-reader.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-22-foreign-relations-pt-300.pdf
    • http://www.gorillawalker.com/one-river-explorations-and-discoveries-in-the-amazon-rain-forest.pdf
    • http://www.gorillawalker.com/gasolina-y-la-dama-vestal-de-brattle-gasoline-vestal-lady.pdf
    • http://www.gorillawalker.com/from-this-day-forward-a-jet-city-billionaire-serial-romance.pdf
    • http://www.gorillawalker.com/more-easy-classical-themes.pdf
    • http://www.gorillawalker.com/help-fire-escaping-with-my-life-children-of-courge.pdf
    • http://www.gorillawalker.com/us.pdf
    • http://www.gorillawalker.com/on-the-origin-of-stories-evolution-cognition-and-fiction.pdf
    • http://www.gorillawalker.com/play-duke-clarinet-cd-pkg-11-ellington-jazz-classics.pdf
    • http://www.gorillawalker.com/jesus-his-triumph-over-death-study-guide-discover-life-bible.pdf
    • http://www.gorillawalker.com/hell-razor-honeys-the-cartel-publications-presents.pdf
    • http://www.gorillawalker.com/the-asperger-parent-how-to-raise-a-child-with-asperger.pdf
    • http://www.gorillawalker.com/around-trona-and-searles-valley-images-of-america.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-prehistoric-life.pdf
    • http://www.gorillawalker.com/craps-101-2nd-edition-with-dice-control-chapter-fundamentals-and.pdf
    • http://www.gorillawalker.com/time-ages-in-a-hurry.pdf
    • http://www.gorillawalker.com/sor-juana-ines-de-la-cruz-hispanic-heritage.pdf
    • http://www.gorillawalker.com/amuse-yourself-a-compilation-of-poetry-inspired-by-my-struggles.pdf
    • http://www.gorillawalker.com/pinter-in-the-theatre.pdf
    • http://www.gorillawalker.com/iec-60297-3-104-ed-1-0-b-2006-mechanical.pdf
    • http://www.gorillawalker.com/virginia-birds-a-folding-pocket-guide-to-familiar-species-pocket.pdf
    • http://www.gorillawalker.com/bert-marsh-woodturner.pdf
    • http://www.gorillawalker.com/licensing-law-theory-application.pdf
    • http://www.gorillawalker.com/the-art-of-written-forms-the-theory-and-practice-of.pdf
    • http://www.gorillawalker.com/recent-results-on-nonlinear-delay-control-systems-in-honor-of.pdf
    • http://www.gorillawalker.com/to-serve-god-and-mammon-church-state-relations-in-american.pdf
    • http://www.gorillawalker.com/by-debbie-s-robinson-essentials-of-dental-assisting-4th-fourth.pdf
    • http://www.gorillawalker.com/forbidden-disclosure-a-billionaire-in-disguise-book-1-unabridged-audible.pdf
    • http://www.gorillawalker.com/healthy-children-108-childhood-diseases-asthma-bronchitis-anemia-allergies-etc.pdf
    • http://www.gorillawalker.com/sulla-lingua-italiana-discorsi-sei-italian-edition.pdf
    • http://www.gorillawalker.com/the-bikes-that-fucked-us-dildo-bike-group-bisexual-sex.pdf
    • http://www.gorillawalker.com/america-s-secret-mig-squadron-the-red-eagles-of-project.pdf
    • http://www.gorillawalker.com/gobe-6-french-edition-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.