Malicious PDF — malware analysis report

Static analysis result for SHA-256 84543cfc84240a29…

MALICIOUS

PDF

44.2 KB Created: 2019-03-17 12:11:44 +03:00 Authoring application: BookVirtual Digital Works (via BookVirtual Corp. Patents Pending.)
MD5: e43332c0592a70bff97d89b497fa3d73 SHA-1: 77498b3d175e6c2a048acbf95bfc5b8e27314052 SHA-256: 84543cfc84240a2913b582f98168d92dbe78c467ee720828589d21ce7f9f470a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were explicitly extracted, the embedded URLs suggest a potential for distributing further malicious content or engaging in SEO manipulation. The document body is heavily obfuscated and unreadable, but the presence of numerous links points to a link-farming or content distribution attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/100-stand-alone-bible-studies-to-grow-healthy-homegroups.pdf
    • http://www.gorillawalker.com/dear-john-i-love-jane-women-write-about-leaving-men.pdf
    • http://www.gorillawalker.com/hal-leonard-rubank-methods-for-trumpet-or-cornet-four-books.pdf
    • http://www.gorillawalker.com/transferred-loss-claiming-third-party-loss-in-contract-law.pdf
    • http://www.gorillawalker.com/the-bible-and-the-poetry-of-christina-rossetti-a-concordance.pdf
    • http://www.gorillawalker.com/socrates-in-love-novel-paperback.pdf
    • http://www.gorillawalker.com/sports-illustrated-swimsuit-2016-mini-calendar.pdf
    • http://www.gorillawalker.com/the-adventures-of-duc-of-noyo-harbor.pdf
    • http://www.gorillawalker.com/a-century-of-the-universal-school-the-kappa-delta-pi.pdf
    • http://www.gorillawalker.com/management-of-respiratory-tract-infections.pdf
    • http://www.gorillawalker.com/skateboarder-s-start-up-a-beginner-s-guide-to-skateboarding.pdf
    • http://www.gorillawalker.com/the-sentences-book-4-on-the-doctrine-of-signs-mediaeval.pdf
    • http://www.gorillawalker.com/on-the-line-readings-in-the-short-fiction-of-clark.pdf
    • http://www.gorillawalker.com/progressive-business-plan-for-a-medical-spa-a-comprehensive-targeted.pdf
    • http://www.gorillawalker.com/maisy-s-train-a-maisy-shaped-board-book.pdf
    • http://www.gorillawalker.com/beaches-bush-roads-bull-ants.pdf
    • http://www.gorillawalker.com/como-motivar-a-los-ninos-a-leer-lecto-juegos-y.pdf
    • http://www.gorillawalker.com/spanish-clep-test-study-guide-pass-your-class-part-2.pdf
    • http://www.gorillawalker.com/guide-to-kansas-architecture.pdf
    • http://www.gorillawalker.com/soldaderas-in-the-mexican-military-myth-and-history.pdf
    • http://www.gorillawalker.com/only-in-santa-fe.pdf
    • http://www.gorillawalker.com/weil-conjectures-perverse-sheaves-and-l-adic-fourier-transform-ergebnisse.pdf
    • http://www.gorillawalker.com/walt-disney-s-mickey-mouse-collector-s-box-set-vol.pdf
    • http://www.gorillawalker.com/the-developing-person-through-childhood.pdf
    • http://www.gorillawalker.com/in-darwin-s-wake-revisiting-beagle-s-south-american-anchorages.pdf
    • http://www.gorillawalker.com/focus-on-solutions-a-health-professional-s-guide.pdf
    • http://www.gorillawalker.com/triathlon-da-mediocre-ad-incredibile-una-guida-completa-per-ottenere.pdf
    • http://www.gorillawalker.com/hbr-20-minute-manager-boxed-set-10-books-hbr-20.pdf
    • http://www.gorillawalker.com/petit-robert-de-la-langue-fran-aise-collection-dictionnaires-le.pdf
    • http://www.gorillawalker.com/zambia-and-victoria-falls-travel-pack-globetrotter-travel-packs.pdf
    • http://www.gorillawalker.com/el-evangelio-para-cada-semana-ciclo-b-ministeria-spanish-edition.pdf
    • http://www.gorillawalker.com/foods-that-harm-and-foods-that-heal-the-best-and.pdf
    • http://www.gorillawalker.com/general-chemistry-rsc.pdf
    • http://www.gorillawalker.com/doctors-said-the-disease-male-menopause-syndrome-people-s-health.pdf
    • http://www.gorillawalker.com/modern-semiconductor-devices-for-integrated-circuits.pdf
    • http://www.gorillawalker.com/industrial-eden-a-chinese-capitalist-vision.pdf
    • http://www.gorillawalker.com/classifying-spaces-and-classifying-topoi-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/design-and-analysis-of-lean-production-systems.pdf
    • http://www.gorillawalker.com/crystal-keepers-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/narrative-of-services-in-the-liberation-of-chili-peru-and.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.