Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc78d1beaf608561…

MALICIOUS

PDF

45.0 KB Created: 2018-12-03 17:08:31 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: 3b1e2f8b5f57f360693918d722bcd746 SHA-1: e4a3a04681f008755b63fac08b1af2f3333a228f SHA-256: fc78d1beaf60856185ac577065798e83d1456cb53bd9d243ca275f28f2948801
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/comic-science-fiction-olympic-games-1-paperback-chinese-edition.pdf
    • http://www.gorillawalker.com/prometheus-atlas-de-anatomia-anatomy-flash-cards-anatomy-on-the.pdf
    • http://www.gorillawalker.com/komet-im-mumintal-german-edition.pdf
    • http://www.gorillawalker.com/did-you-say-something-susan-how-any-woman-can-gain.pdf
    • http://www.gorillawalker.com/bedouins-mary-garden-debussy-chopin-or-the-circus-botticelli-poe.pdf
    • http://www.gorillawalker.com/muck-and-magic-with-seeds-start-your-own-green-garden.pdf
    • http://www.gorillawalker.com/yearbook-of-morphology-1999-volume-9.pdf
    • http://www.gorillawalker.com/life-in-a-shell-a-physiologist-s-view-of-a.pdf
    • http://www.gorillawalker.com/encyclopedia-of-indo-european-culture.pdf
    • http://www.gorillawalker.com/growth-and-development-across-the-lifespan-a-health-promotion-focus.pdf
    • http://www.gorillawalker.com/eloy-the-elk-and-his-desert-friends.pdf
    • http://www.gorillawalker.com/rensal-the-redbit-a-psychoanalytic-fairy-tale-karnac-library-series.pdf
    • http://www.gorillawalker.com/drug-therapy-and-obsessive-compulsive-disorders-psychiatric-disorders-drugs-psychology.pdf
    • http://www.gorillawalker.com/forever-odd.pdf
    • http://www.gorillawalker.com/110-irish-fiddle-tunes-volume-2-with-guitar-chords.pdf
    • http://www.gorillawalker.com/top-100-rock-n-roll-album-of-a.pdf
    • http://www.gorillawalker.com/economics-and-land-use-planning.pdf
    • http://www.gorillawalker.com/homemade-shampoo-30-diy-shampoo-and-conditioner-recipes-for-beautiful.pdf
    • http://www.gorillawalker.com/wanderings-of-an-elephant-hunter.pdf
    • http://www.gorillawalker.com/the-redefined-dimensions-of-baloch-nationalist-movement.pdf
    • http://www.gorillawalker.com/the-fragmentation-of-u-s-health-care-causes-and-solutions.pdf
    • http://www.gorillawalker.com/longman-dictionary-of-english-language-and-culture.pdf
    • http://www.gorillawalker.com/passive-cooling-solar-heat-technologies.pdf
    • http://www.gorillawalker.com/harbin-chi-light-industry-food-industry-12-chinese-edition.pdf
    • http://www.gorillawalker.com/effect-of-temperature-and-nitrogen-on-cotton-cotton-management.pdf
    • http://www.gorillawalker.com/instructor-s-manual-with-transparency-masters-to-accompany-principles-of.pdf
    • http://www.gorillawalker.com/daily-language-review-common-core-edition-grade-7.pdf
    • http://www.gorillawalker.com/the-holiday-nanny-love-inspired-larger-print.pdf
    • http://www.gorillawalker.com/mathematische-statistik-eine-einfuhrung-fur-naturwissenschaftler-statistiker-und-biometriker-german.pdf
    • http://www.gorillawalker.com/secrets-of-buying-packaging-machinery-how-to-win-in-a.pdf
    • http://www.gorillawalker.com/ecology-and-conservation-of-amphibian-and-reptile-species-endangered-in.pdf
    • http://www.gorillawalker.com/the-stored-tissue-issue-biomedical-research-ethics-and-law-in.pdf
    • http://www.gorillawalker.com/text-book-on-highway-engineering-kindle-edition.pdf
    • http://www.gorillawalker.com/the-alamo-would-you-join-the-fight-what-would-you.pdf
    • http://www.gorillawalker.com/riding-with-a-pirate-wild-seas-pirate-erotica-the-pirates.pdf
    • http://www.gorillawalker.com/what-to-do-when-your-brother-or-sister-is-a.pdf
    • http://www.gorillawalker.com/manos-arriba-hands-up-el-proceso-de-ensenanza-aprendizaje-the.pdf
    • http://www.gorillawalker.com/woman-at-the-window-biblical-tales-of-oppression-and-escape.pdf
    • http://www.gorillawalker.com/yeki-ye-poole-khorus-persian-edition.pdf
    • http://www.gorillawalker.com/cosmophilia.pdf
    • http://www.gorillawalker.com/bedouins-mary-garde
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.