Malicious PDF — malware analysis report

Static analysis result for SHA-256 01b3d9e88d1ca754…

MALICIOUS

PDF

45.4 KB Created: 2018-11-30 20:34:04 +03:00 Authoring application: dvips(k) 5.95a Copyright 2005 Radical Eye Software (via GPL Ghostscript 8.61)
MD5: 21d052c2818cd4933bea132fa30d6252 SHA-1: 3ecac6947d91b2e2ded1216e03d0c6131a6fcc55 SHA-256: 01b3d9e88d1ca754481925f0b9c6a7cbb320be1d1fed45b388e99866b6faa937
152 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or content distribution tactic. The ML classifier and ClamAV detection further support its malicious nature, classifying it as Pdf.Dropper.Agent-7147054-0.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7147054-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7147054-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/punishment-on-trial-a-resource-guide-to-child-discipline.pdf
    • http://www.gorillawalker.com/ode-to-joy-from-symphony-no-9-piano-solo-sheets.pdf
    • http://www.gorillawalker.com/the-application-of-wind-energy-systems-to-desalination.pdf
    • http://www.gorillawalker.com/stowaway.pdf
    • http://www.gorillawalker.com/basic-concepts-for-managing-telecommunications-networks-copper-to-sand-to.pdf
    • http://www.gorillawalker.com/shell-stability-handbook.pdf
    • http://www.gorillawalker.com/inspire-maths-year-5-teacher-s-pack.pdf
    • http://www.gorillawalker.com/in-the-hollow-of-his-hand-the-story-of-artist.pdf
    • http://www.gorillawalker.com/a-sociology-of-black-clergy-in-the-state-of-illinois.pdf
    • http://www.gorillawalker.com/the-phalanx-dragon.pdf
    • http://www.gorillawalker.com/sourav-ganguly-the-fire-within.pdf
    • http://www.gorillawalker.com/dictionary-of-phrase-and-fable-claremont-pocket-reference-library.pdf
    • http://www.gorillawalker.com/house-dust-mites-a-threat-to-human-health-kindle-edition.pdf
    • http://www.gorillawalker.com/geschichte-der-psychologie-str-mungen-schulen-entwicklungen-grundriss-der-psychologie.pdf
    • http://www.gorillawalker.com/college-typewriting-with-personal-problems.pdf
    • http://www.gorillawalker.com/amending-the-endangered-species-act-of-1973-hearings-before-the.pdf
    • http://www.gorillawalker.com/the-lesbians-teach-the-older-woman-how-to-be-a.pdf
    • http://www.gorillawalker.com/essential-biological-psychology.pdf
    • http://www.gorillawalker.com/iso-26000-2010-guidance-on-social-responsibility.pdf
    • http://www.gorillawalker.com/bioenerg-a-revelada-spanish-edition.pdf
    • http://www.gorillawalker.com/grand-trees-of-america-our-state-and-champion-trees.pdf
    • http://www.gorillawalker.com/cucina-of-le-marche-a-chef-s-treasury-of-recipes.pdf
    • http://www.gorillawalker.com/a-new-owner-s-guide-to-lovebirds.pdf
    • http://www.gorillawalker.com/socrates-meets-kierkegaard-the-father-of-philosophy-meets-the-father.pdf
    • http://www.gorillawalker.com/azulejo-study-guide-for-the-ap-spanish-literature-course-spanish.pdf
    • http://www.gorillawalker.com/salsas-mexicana-larousse-100-mexico-spanish-edition.pdf
    • http://www.gorillawalker.com/sermon-outlines-for-busy-pastors-holiday-box-set-easter-sermons.pdf
    • http://www.gorillawalker.com/analysis-of-fractional-stochastic-processes-advances-and-applications-proceedings-of.pdf
    • http://www.gorillawalker.com/crowns-for-kings.pdf
    • http://www.gorillawalker.com/th-r-se-and-isabelle.pdf
    • http://www.gorillawalker.com/butterfly-fun-activity-book-dover-little-activity-books.pdf
    • http://www.gorillawalker.com/zero-coupons-how-to-make-a-fortune.pdf
    • http://www.gorillawalker.com/the-portland-edge-challenges-and-successes-in-growing-communities.pdf
    • http://www.gorillawalker.com/see-more-readers-incredible-sharks-level-1.pdf
    • http://www.gorillawalker.com/broken-bones-new-true-noir-essays-from-the-emergency-room.pdf
    • http://www.gorillawalker.com/study-strategies-for-lifelong-learning-psychology-in-the-classroom.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-wind.pdf
    • http://www.gorillawalker.com/forces-and-motion-from-high-speed-jets-to-wind-up.pdf
    • http://www.gorillawalker.com/art-of-polish-cooking-hardback-common.pdf
    • http://www.gorillawalker.com/spanish-monsters-learn-spanish-numbers-and-colors.pdf
    • http://ns.adobe.com/xap/1.0/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.