Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3b2257c88834ee8…

MALICIOUS

PDF

44.1 KB Created: 2019-04-04 15:11:36 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: 27a5932509680f24f93b8ba9df6c55e3 SHA-1: 7c7fe149409e626855951ed6feb3d7d1ca827004 SHA-256: a3b2257c88834ee855a6b46ca147658b991dfc8b2b1b263ee445be3e91259822
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be the creation of a link farm, likely to manipulate search engine results or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/democratization-in-the-middle-east-experiences-struggles-challenges-the-changing.pdf
    • http://www.gorillawalker.com/engineering-of-polymers-and-chemical-complexity-two-volume-set-engineering.pdf
    • http://www.gorillawalker.com/pig-s-foot.pdf
    • http://www.gorillawalker.com/the-temporomandibular-joint-a-biological-basis-for-clinical-practice-4e.pdf
    • http://www.gorillawalker.com/handbook-for-ems-medical-directors.pdf
    • http://www.gorillawalker.com/cognitive-ergonomics-contributions-from-experimental-psychology.pdf
    • http://www.gorillawalker.com/cambridge-igcse-physics-teacher-s-resource-cd-rom-cambridge-international.pdf
    • http://www.gorillawalker.com/mestizo-master-of-the-wild-volume-2.pdf
    • http://www.gorillawalker.com/holocaust-historiography-in-context-emergence-challenges-polemics-and-achievements.pdf
    • http://www.gorillawalker.com/a-roman-gladiator-working-life.pdf
    • http://www.gorillawalker.com/marine-life-of-the-pacific-and-indian-oceans.pdf
    • http://www.gorillawalker.com/heat-bearings-and-lubrication-engineering-analysis-of-thermally-coupled-shear.pdf
    • http://www.gorillawalker.com/three-holes-and-a-dungeon-fantasy-monster-erotica.pdf
    • http://www.gorillawalker.com/love-shrinks-a-memoir-of-a-marriage-counselor-s-divorce.pdf
    • http://www.gorillawalker.com/poker-expertise-through-probability.pdf
    • http://www.gorillawalker.com/machinery-matters-john-henry-on-packaging-machinery-troubleshooting.pdf
    • http://www.gorillawalker.com/barrier-breakers-ignite-your-faith-stir-your-spirit-destroy-the.pdf
    • http://www.gorillawalker.com/when-words-collide.pdf
    • http://www.gorillawalker.com/psychology-themes-and-variations-briefer-study-guide-7th-edition.pdf
    • http://www.gorillawalker.com/greek-english-new-testament.pdf
    • http://www.gorillawalker.com/visual-literacy-a-conceptual-approach-to-graphic-problem-solving.pdf
    • http://www.gorillawalker.com/capturing-the-essence-techniques-for-bird-artists-by-cooper-william.pdf
    • http://www.gorillawalker.com/cutaneous-flaps-in-head-and-neck-reconstruction-from-anatomy-to.pdf
    • http://www.gorillawalker.com/madrigal-eb-alto-saxophone-ii-with-piano-by-thomas-morley.pdf
    • http://www.gorillawalker.com/dark-hollow-a-charlie-parker-thriller.pdf
    • http://www.gorillawalker.com/spalding-s-official-football-guide-for-1904.pdf
    • http://www.gorillawalker.com/saber-toothed-cat-prehistoric-animals.pdf
    • http://www.gorillawalker.com/psychological-testing-and-american-society-1890-1930.pdf
    • http://www.gorillawalker.com/organizational-development-theory-and-practice-a-guide-book-for-managers.pdf
    • http://www.gorillawalker.com/beating-cellulite-kindle-edition.pdf
    • http://www.gorillawalker.com/gente-hoy-2-libro-del-alumno-cd-spanish-edition.pdf
    • http://www.gorillawalker.com/superior-donuts-acting-edition.pdf
    • http://www.gorillawalker.com/menorca-tour-and-trail-map-2002-tour-trail-maps.pdf
    • http://www.gorillawalker.com/preaching-the-new-lectionary-year-b.pdf
    • http://www.gorillawalker.com/the-renaissance-recorder-ed-rosenberg-for-treble-alto-recorder.pdf
    • http://www.gorillawalker.com/100-best-ranch-vacations-in-north-america-the-top-guest.pdf
    • http://www.gorillawalker.com/himnos-de-la-vida-cristiana-words-only-una-coleccion-de.pdf
    • http://www.gorillawalker.com/flexible-praise-descant-in-bb-clarinet-trumpet.pdf
    • http://www.gorillawalker.com/the-inmates-of-willard-1870-to-1900-a-genealogy-resource.pdf
    • http://www.gorillawalker.com/bolder-flights-essays-on-the-canadian-long-poem-reappraisals-canadian.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.