Malicious PDF — malware analysis report

Static analysis result for SHA-256 01d2d294bf9199f0…

MALICIOUS

PDF

39.9 KB Created: 2018-11-26 20:03:34 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: 863e42a279bf4fad71fed8f5e8d5757d SHA-1: 4af54561ef38003937b5babee41a487e5b988160 SHA-256: 01d2d294bf9199f02a024b6b2de202e77f21d5296e648086117cbb9791f0480f
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute additional malicious content. ClamAV detected this file as Pdf.Dropper.Agent-7222338-0, and an ML classifier also flagged it as malicious. The primary attack vector is likely spearphishing attachment, with the document serving as a lure to access these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7222338-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7222338-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/frequently-asked-questions-about-diabetes-faq-teen-life.pdf
    • http://www.gorillawalker.com/a-thief-in-the-house-of-memory.pdf
    • http://www.gorillawalker.com/the-male-dancer-bodies-spectacle-and-sexuality.pdf
    • http://www.gorillawalker.com/the-cruise-of-the-alabama-and-the-sumter.pdf
    • http://www.gorillawalker.com/climbing-the-financial-mountain.pdf
    • http://www.gorillawalker.com/fluir-en-el-deporte-claves-para-las-experiencias-y-actuaciones.pdf
    • http://www.gorillawalker.com/mill-the-history-and-future-of-naturally-powered-buildings.pdf
    • http://www.gorillawalker.com/modular-series-on-solid-state-devices-volume-iii-the-bipolar.pdf
    • http://www.gorillawalker.com/combat-faith-unshakable-faith-for-every-day.pdf
    • http://www.gorillawalker.com/taxation-in-asean-and-china-local-institutions-regionalism-global-systems.pdf
    • http://www.gorillawalker.com/administracion-high-school-spanish-edition.pdf
    • http://www.gorillawalker.com/federalizing-the-muse-united-states-arts-policy-and-the-national.pdf
    • http://www.gorillawalker.com/encyclopedia-of-xanth-a-crossroads-adventure-in-the-world-of.pdf
    • http://www.gorillawalker.com/uxl-american-decades-1940-49.pdf
    • http://www.gorillawalker.com/ancient-egyptian-glass-and-glazes-in-the-brooklyn-museum.pdf
    • http://www.gorillawalker.com/150-years-of-quantum-many-body-theory.pdf
    • http://www.gorillawalker.com/the-romans-in-britain-heritage.pdf
    • http://www.gorillawalker.com/wax-trash-and-vinyl-treasures-record-collecting-as-a-social.pdf
    • http://www.gorillawalker.com/the-principal-the-pleasure-club.pdf
    • http://www.gorillawalker.com/the-global-model-of-constitutional-rights.pdf
    • http://www.gorillawalker.com/statelessness-with-special-reference-to-the-united-states-a-study.pdf
    • http://www.gorillawalker.com/the-watchmen-s-cry.pdf
    • http://www.gorillawalker.com/la-donna-e-mobile-9-italian-opera-arias-arranged-for.pdf
    • http://www.gorillawalker.com/christianity-world-religions-wrestling-with-questions-people-ask-leader-s.pdf
    • http://www.gorillawalker.com/predator-nation-corporate-criminals-political-corruption-and-the-hijacking-of.pdf
    • http://www.gorillawalker.com/touching-the-mekong.pdf
    • http://www.gorillawalker.com/reproductive-system-sparkcharts.pdf
    • http://www.gorillawalker.com/1863-the-crucial-year-american-albums-from-the-collections-of.pdf
    • http://www.gorillawalker.com/a-companion-to-john-of-ruusbroec-brill-s-companions-to.pdf
    • http://www.gorillawalker.com/death-penalty.pdf
    • http://www.gorillawalker.com/solos-en-la-noche-zamudio-y-sus-asesinos-spanish-edition.pdf
    • http://www.gorillawalker.com/the-little-witch.pdf
    • http://www.gorillawalker.com/ghost-sonata-and-when-we-dead-awaken-a-dramatic-epilogue.pdf
    • http://www.gorillawalker.com/king-air-c90a-b-the-training-workbook.pdf
    • http://www.gorillawalker.com/the-book-of-knowledge-the-children-s-encyclopedia-volume-xv.pdf
    • http://www.gorillawalker.com/muscles-injury-illness-and-health-body-focus.pdf
    • http://www.gorillawalker.com/putinism-russia-and-its-future-with-the-west.pdf
    • http://www.gorillawalker.com/punk-the-whole-story.pdf
    • http://www.gorillawalker.com/bangladeshi-cuisine.pdf
    • http://www.gorillawalker.com/holt-mcdougal-custom-solutions-integrated-math-i-west-virginia-problem.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.