Malicious PDF — malware analysis report

Static analysis result for SHA-256 d97918a634a641fc…

MALICIOUS

PDF

40.1 KB Created: 2019-03-17 12:30:51 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: da552afc34b3e328d6829a644135fa4b SHA-1: b79f50bf55077c1361a6571338ca8ebc9aee9d76 SHA-256: d97918a634a641fc70ed594eb9edab3be6d0bc524c9d85d4cdd4fdcca3f3757e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO poisoning or link farm attack. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or lure users to a specific site. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-one-year-devotions-for-couples.pdf
    • http://www.gorillawalker.com/rurouni-kenshin-volume-27-the-answer-rurouni-kenshin-prebound.pdf
    • http://www.gorillawalker.com/therapeutic-modalities-the-art-and-science.pdf
    • http://www.gorillawalker.com/steller-s-history-of-kamchatka-collected-information-concerning-the-history.pdf
    • http://www.gorillawalker.com/pedodontics-an-outline-of-a-postgraduate-course-in-children-s.pdf
    • http://www.gorillawalker.com/build-your-own-telescope-complete-plans-for-five-telescopes-you.pdf
    • http://www.gorillawalker.com/ti-84-plus-graphing-calculator-for-dummies.pdf
    • http://www.gorillawalker.com/scientists-and-science-great-lives-from-history.pdf
    • http://www.gorillawalker.com/go-with-microsoft-powerpoint-2013-comprehensive.pdf
    • http://www.gorillawalker.com/a-i-and-genius-machines-kindle-edition.pdf
    • http://www.gorillawalker.com/led-zeppelin-mothership-authentic-guitar-tab-edition.pdf
    • http://www.gorillawalker.com/20-recipes-for-programming-phonegap-cross-platform-mobile-development-for.pdf
    • http://www.gorillawalker.com/gedichte.pdf
    • http://www.gorillawalker.com/wind-energy-bibliography-with-abstracts-and-keywords.pdf
    • http://www.gorillawalker.com/the-key-book-iii-the-engelsfors-trilogy.pdf
    • http://www.gorillawalker.com/his-darling-sin.pdf
    • http://www.gorillawalker.com/pakistan-2015-map-english-french-and-german-edition.pdf
    • http://www.gorillawalker.com/review-of-rheumatology.pdf
    • http://www.gorillawalker.com/sustainability-handbook.pdf
    • http://www.gorillawalker.com/successful-sign-design-number-2.pdf
    • http://www.gorillawalker.com/big-data-over-networks.pdf
    • http://www.gorillawalker.com/cardio-training-get-fit.pdf
    • http://www.gorillawalker.com/women-the-book-and-the-godly-selected-proceedings-of-the.pdf
    • http://www.gorillawalker.com/reef-fish-baja-california-sea-of-cortez-pacific-coast-mexico.pdf
    • http://www.gorillawalker.com/rabindranath-tagore-his-life-and-work.pdf
    • http://www.gorillawalker.com/1982-structural-welding-code-steel.pdf
    • http://www.gorillawalker.com/explaining-eu-internal-security-cooperation-the-problem-s-of-producing.pdf
    • http://www.gorillawalker.com/shopping-your-way-across-kentucky-101-must-places-to-shop.pdf
    • http://www.gorillawalker.com/ir-part-66-module-15-gas-turbine-engine-v-1.pdf
    • http://www.gorillawalker.com/a-child-s-treasury-of-nursery-rhymes.pdf
    • http://www.gorillawalker.com/culture-and-the-question-of-rights-forests-coasts-and-seas.pdf
    • http://www.gorillawalker.com/make-christ-king-a-selection-of-high-class-gospel-music.pdf
    • http://www.gorillawalker.com/the-fappening-celebrity-voyeur-erotica.pdf
    • http://www.gorillawalker.com/galatians-living-in-freedom-and-love-bringing-the-bible-to.pdf
    • http://www.gorillawalker.com/sofia-the-first-the-secret-library-disney-picture-book-ebook.pdf
    • http://www.gorillawalker.com/the-second-great-depression.pdf
    • http://www.gorillawalker.com/vassouras-a-brazilian-coffee-county-1850-1900.pdf
    • http://www.gorillawalker.com/a-murder-on-babay-point-psychic-investigator-rene-blue-danube.pdf
    • http://www.gorillawalker.com/easy-steps-to-chinese-for-kids-3b-workbook-english-and.pdf
    • http://www.gorillawalker.com/the-surfer-s-guide-to-baja.pdf
    • http://www.gorillawalker.com/build-your-own-telescope-complete-plans-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.